Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung

Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung


Log-Analyse und Auswertung: Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 22.02.2014, 21:50   #1
phoolan
 
Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung - Standard

Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung


Hallo Matthias,

vielen Dank für deine Hilfe. Ich führe das jetzt durch. Vorher kurz eine Frage: Soll ich einen Neustart machen, wenn das Programm fertig ist oder ist das nur ein genereller Hinweis, den du gepostet hast?

Alt 22.02.2014, 22:13   #2
M-K-D-B
/// TB-Ausbilder
 
Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung - Standard

Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung


Zitat:
Zitat von phoolan Beitrag anzeigen
vielen Dank für deine Hilfe. Ich führe das jetzt durch. Vorher kurz eine Frage: Soll ich einen Neustart machen, wenn das Programm fertig ist oder ist das nur ein genereller Hinweis, den du gepostet hast?
Manchmal macht ComboFix selbst einen Neustart; wenn nicht, kannst du den auch selber vornehmen.
__________________
Alt 22.02.2014, 22:18   #3
phoolan
 
Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung - Standard

Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung


Ja, die Frage hat sich erledigt Hier die Logfile:

Code:
ATTFilter
ComboFix 14-02-20.01 - ***** 22.02.2014  21:44:26.1.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1013.388 [GMT 1:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vpnagent
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-01-22 bis 2014-02-22  ))))))))))))))))))))))))))))))
.
.
2014-02-22 21:02 . 2014-02-22 21:05	--------	d-----w-	c:\users\*****\AppData\Local\temp
2014-02-22 21:02 . 2014-02-22 21:02	--------	d-----w-	c:\users\Public\AppData\Local\temp
2014-02-22 21:02 . 2014-02-22 21:02	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2014-02-22 21:02 . 2014-02-22 21:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-02-22 21:02 . 2014-02-22 21:02	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2014-02-22 20:47 . 2014-02-22 20:47	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F06D971B-B092-4BD2-9101-33C2254F7E6E}\offreg.dll
2014-02-22 16:55 . 2014-02-22 16:59	--------	d-----w-	C:\FRST
2014-02-21 12:09 . 2014-02-06 07:08	7947048	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F06D971B-B092-4BD2-9101-33C2254F7E6E}\mpengine.dll
2014-02-13 02:05 . 2013-12-21 08:56	454656	----a-w-	c:\windows\system32\vbscript.dll
2014-02-12 22:58 . 2013-12-06 02:02	1237504	----a-w-	c:\windows\system32\msxml3.dll
2014-02-12 22:58 . 2013-12-06 02:02	2048	----a-w-	c:\windows\system32\msxml3r.dll
2014-02-12 22:57 . 2013-12-24 23:09	1987584	----a-w-	c:\windows\system32\d3d10warp.dll
2014-02-12 22:57 . 2013-11-26 08:16	3419136	----a-w-	c:\windows\system32\d2d1.dll
2014-02-12 22:57 . 2013-12-04 01:54	594944	----a-w-	c:\windows\system32\RMActivate_isv.exe
2014-02-12 22:57 . 2013-12-04 01:54	572416	----a-w-	c:\windows\system32\RMActivate.exe
2014-02-12 22:57 . 2013-12-04 01:54	508928	----a-w-	c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-12 22:57 . 2013-12-04 01:54	510976	----a-w-	c:\windows\system32\RMActivate_ssp.exe
2014-02-12 22:57 . 2013-12-04 02:03	423936	----a-w-	c:\windows\system32\secproc_isv.dll
2014-02-12 22:57 . 2013-12-04 02:03	428032	----a-w-	c:\windows\system32\secproc.dll
2014-02-12 22:57 . 2013-12-04 02:02	390144	----a-w-	c:\windows\system32\msdrm.dll
2014-02-12 22:57 . 2013-12-04 02:03	87040	----a-w-	c:\windows\system32\secproc_ssp.dll
2014-02-12 22:57 . 2013-12-04 02:03	87040	----a-w-	c:\windows\system32\secproc_ssp_isv.dll
2014-02-07 13:06 . 2014-02-07 13:06	--------	d-----w-	c:\program files\CCleaner
2014-02-05 21:11 . 2014-02-05 21:11	--------	d-----w-	c:\users\*****\AppData\Roaming\vlc
2014-01-26 10:20 . 2014-02-05 11:48	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-01-26 10:20 . 2014-02-05 11:48	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-26 09:32 . 2014-01-26 09:32	--------	d-----w-	c:\users\*****\AppData\Roaming\TuneUp Software
2014-01-26 09:29 . 2014-01-26 09:34	--------	d-----w-	c:\programdata\TuneUp Software
2014-01-26 09:29 . 2014-01-26 09:29	--------	d-sh--w-	c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-26 09:29 . 2014-01-26 09:29	--------	d--h--w-	c:\programdata\Common Files
2014-01-26 09:28 . 2014-01-26 09:28	--------	d-----w-	c:\users\*****\AppData\Roaming\OpenCandy
2014-01-24 12:34 . 2014-01-30 20:58	--------	d-----w-	c:\users\*****\BCN
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-26 10:05 . 2014-01-16 13:42	64168	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-01-26 10:05 . 2013-09-13 12:19	775952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2014-01-26 10:05 . 2013-09-13 12:19	410784	----a-w-	c:\windows\system32\drivers\aswSP.sys
2014-01-26 10:05 . 2013-09-13 12:19	67824	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-01-26 10:05 . 2013-09-13 12:19	270240	----a-w-	c:\windows\system32\aswBoot.exe
2014-01-26 10:05 . 2013-09-13 12:18	43152	----a-w-	c:\windows\avastSS.scr
2014-01-16 13:41 . 2013-09-13 12:19	180248	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-12-18 05:13 . 2010-08-25 14:33	231584	------w-	c:\windows\system32\MpSigStub.exe
2013-11-27 01:14 . 2014-01-15 10:22	258560	----a-w-	c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:13 . 2014-01-15 10:22	284672	----a-w-	c:\windows\system32\drivers\usbport.sys
2013-11-27 01:13 . 2014-01-15 10:22	76288	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:13 . 2014-01-15 10:22	43520	----a-w-	c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:13 . 2014-01-15 10:22	20480	----a-w-	c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:13 . 2014-01-15 10:22	24064	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:13 . 2014-01-15 10:22	6016	----a-w-	c:\windows\system32\drivers\usbd.sys
2013-11-26 11:11 . 2014-01-15 10:22	240576	----a-w-	c:\windows\system32\drivers\netio.sys
2013-11-26 10:10 . 2014-01-15 10:22	2349056	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-26 10:05	259464	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\*****\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41	120104	----a-w-	c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-10-07 1157640]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-09 8120864]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 703008]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-15 233472]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-26 3767096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^*****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57	959904	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-01-26 64168]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-11-23 103296]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-02-06 108032]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [2009-09-28 52656]
R3 OXUDIDRV;OXUDIDRV;c:\windows\system32\Drivers\OXUDIDRV_X32.sys [2010-05-25 24880]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-11-04 16024]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-11-04 1228504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-01-26 775952]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-01-26 410784]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 18992]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60976]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-01-26 67824]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-08-24 107016]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 727584]
S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-11-04 660184]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-09-04 54784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-18 11:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fa409dbf-202c-c585-b01e-b43f9ddda424&searchtype=hp&fr=linkury-tb&installDate=26/01/2014&type=hp1000
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fa409dbf-202c-c585-b01e-b43f9ddda424&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=26/01/2014&type=hp1000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\iyvg1asy.default-1384523830183\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fa409dbf-202c-c585-b01e-b43f9ddda424&searchtype=ds&fr=linkury-tb&installDate=26/01/2014&type=hp1000&p=
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKU-Default-Run-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-Google Update - c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2791932712-1152507361-2035205960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*»öE]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2791932712-1152507361-2035205960-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*»öE\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2791932712-1152507361-2035205960-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AA943606-91AB-AA2A-8205-17078CE841DF}*]
@Allowed: (Read) (RestrictedCode)
"iajilbkkggakhkdmok"=hex:6a,61,6f,66,61,63,6f,6d,69,6d,68,64,62,6c,68,6a,69,6e,
   69,61,00,00
"hadkbfpalgaehpkc"=hex:6a,61,6f,66,61,63,6f,6d,69,6d,68,64,62,6c,68,6a,69,6e,
   69,61,00,00
.
[HKEY_USERS\S-1-5-21-2791932712-1152507361-2035205960-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BDBB7E7E-BD6A-1FC0-DAFC-3A7B697B2AEF}*]
"dagohpja"=hex:64,62,66,6d,6c,64,66,68,69,67,6c,67,6f,63,66,70,70,68,61,68,6e,
   6b,63,69,67,6c,62,6c,6f,69,6b,6a,63,62,67,6e,66,6f,6f,6b,00,00
"iajmjhbangmobbpclo"=hex:6a,61,6e,68,63,66,6d,6a,62,69,6e,6a,70,67,6a,6b,64,65,
   6c,67,00,f8
"hahmpbcicefablhl"=hex:6a,61,65,6c,6f,6d,6e,68,68,6b,64,70,63,6f,63,6d,69,69,
   64,67,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2452)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-02-22  22:11:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-02-22 21:11
.
Vor Suchlauf: 16 Verzeichnis(se), 168.707.092.480 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 168.381.292.544 Bytes frei
.
- - End Of File - - A9C3AD45F341B3139F801F797A2D60BC
A36C5E4F47E84449FF07ED3517B43A31
__________________
Alt 22.02.2014, 22:43   #4
M-K-D-B
/// TB-Ausbilder
 
Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung - Standard

Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung


Servus,



ok, dann auf zum Angriff:





Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.






Schritt 3
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.







Schritt 4
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen können.
  • Starte die zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und sollte nicht 1:1 auf andere Computer übernommen werden.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    ATTFilter
    FFdefaults;
CHRdefaults;
iedefaults;
emptyclsid;
autoclean;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von MBAM,
  • die Logdatei von Zoek.
Geändert von M-K-D-B (22.02.2014 um 22:55 Uhr)

Alt 23.02.2014, 00:14   #5
phoolan
 
Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung - Standard

Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung


Es gibt 1 bzw. 2 probleme:

1. ich konnte das zoek.zip nicht entpacken. Ich habe es mit 7-zip versucht, aber es hat nicht geklappt. Etwas peinlich, aber ich weiß nicht ob das Programm eine zeitlich begrenzte Testversion ist.

2. Ich bin unter MBAM auf Logdateien gegangen um sie hier zu posten, allerdings sind da mehrere und ich bin nicht sicher ob das alte sind. Ich dachte, ich hätte das Programm schon vor einiger Zeit deinstalliert. Jedenfalls ist es nicht doppelt installiert und ich gehe mal davon aus, dass die alten Logdateien noch auf meinem Rechner sind. Ich habe jedenfalls die mit dem heutigen Datum gepostet.

Wie soll ich weiter vorgehen? Hier schon mal die AdwCleaner- JRT- und MBAM-Logfiles:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.001 - Report created 26/08/2013 at 11:45:59
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : ***** - COOKIE
# Running from : C:\Users\*****\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Uniblue\DriverScanner
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Users\*****\AppData\Local\OpenCandy
Folder Deleted : C:\Users\*****\AppData\Local\Temp\apn
Folder Deleted : C:\Users\*****\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\*****\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Gast\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Gast\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\b2bdk1s0.default\Conduit
Folder Deleted : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\b2bdk1s0.default\ConduitCommon
Folder Deleted : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\b2bdk1s0.default\CT65619
Folder Deleted : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\b2bdk1s0.default\Extensions\{3160baf9-cf68-48ec-9076-faed7ce49467}
File Deleted : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\b2bdk1s0.default\foxydeal.sqlite
File Deleted : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\b2bdk1s0.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Uniblue\DriverScanner

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\b2bdk1s0.default\prefs.js ]

Line Deleted : user_pref("CT65619..clientLogIsEnabled", false);
Line Deleted : user_pref("CT65619..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT65619..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT65619.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT65619.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT65619.AppTrackingLastCheckTime", "Sun Nov 25 2012 16:11:42 GMT+0100");
Line Deleted : user_pref("CT65619.BrowserCompStateIsOpen_1367156971000", true);
Line Deleted : user_pref("CT65619.CTID", "CT65619");
Line Deleted : user_pref("CT65619.CommunitiesChangesLastCheckTime", "0");
Line Deleted : user_pref("CT65619.CurrentServerDate", "26-8-2013");
Line Deleted : user_pref("CT65619.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT65619.DialogsGetterLastCheckTime", "Fri Aug 23 2013 12:31:50 GMT+0200");
Line Deleted : user_pref("CT65619.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"BannerCulture\":\"\",\"DownloadTime\":\"9/11/2010 7:34:53 PM\",\"SourceId\":0,\"OriginSource\":0,\"Referra[...]
Line Deleted : user_pref("CT65619.FirstServerDate", "11-9-2010");
Line Deleted : user_pref("CT65619.FirstTime", true);
Line Deleted : user_pref("CT65619.FirstTimeFF3", true);
Line Deleted : user_pref("CT65619.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT65619.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT65619.GroupingInvalidateCache", false);
Line Deleted : user_pref("CT65619.GroupingLastCheckTime", "0");
Line Deleted : user_pref("CT65619.GroupingLastServerUpdateTime", "0");
Line Deleted : user_pref("CT65619.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT65619.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT65619.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT65619.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT65619.Initialize", true);
Line Deleted : user_pref("CT65619.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT65619.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT65619.InstalledDate", "Sat Sep 11 2010 19:36:09 GMT+0200");
Line Deleted : user_pref("CT65619.InvalidateCache", false);
Line Deleted : user_pref("CT65619.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT65619.IsGrouping", false);
Line Deleted : user_pref("CT65619.IsMulticommunity", false);
Line Deleted : user_pref("CT65619.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT65619.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT65619.LanguagePackLastCheckTime", "Sun Aug 25 2013 12:52:44 GMT+0200");
Line Deleted : user_pref("CT65619.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT65619.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT65619.LastLogin_2.7.2.0", "Sat Apr 16 2011 14:31:03 GMT+0200");
Line Deleted : user_pref("CT65619.LastLogin_3.10.0.1", "Sun Apr 29 2012 01:01:10 GMT+0200");
Line Deleted : user_pref("CT65619.LastLogin_3.11.0.3", "Sun May 06 2012 23:25:16 GMT+0200");
Line Deleted : user_pref("CT65619.LastLogin_3.12.2.3", "Tue May 22 2012 09:14:06 GMT+0200");
Line Deleted : user_pref("CT65619.LastLogin_3.13.0.6", "Mon Jul 09 2012 01:02:52 GMT+0200");
Line Deleted : user_pref("CT65619.LastLogin_3.14.1.0", "Fri Sep 07 2012 16:26:54 GMT+0200");
Line Deleted : user_pref("CT65619.LastLogin_3.15.1.0", "Mon Nov 12 2012 11:29:20 GMT+0100");
Line Deleted : user_pref("CT65619.LastLogin_3.16.0.3", "Thu Feb 14 2013 18:32:31 GMT+0100");
Line Deleted : user_pref("CT65619.LastLogin_3.18.0.7", "Fri Jul 19 2013 15:24:56 GMT+0300");
Line Deleted : user_pref("CT65619.LastLogin_3.19.0.3", "Mon Aug 26 2013 10:05:59 GMT+0200");
Line Deleted : user_pref("CT65619.LastLogin_3.2.3.3", "Fri Nov 26 2010 13:17:49 GMT+0100");
Line Deleted : user_pref("CT65619.LastLogin_3.3.3.2", "Mon Jun 27 2011 21:04:56 GMT+0200");
Line Deleted : user_pref("CT65619.LastLogin_3.5.0.12", "Mon Aug 01 2011 16:55:14 GMT+0200");
Line Deleted : user_pref("CT65619.LastLogin_3.6.0.10", "Sun Oct 02 2011 19:50:42 GMT+0300");
Line Deleted : user_pref("CT65619.LastLogin_3.7.0.6", "Mon Oct 10 2011 23:08:32 GMT+0200");
Line Deleted : user_pref("CT65619.LastLogin_3.8.0.8", "Thu Dec 01 2011 10:28:05 GMT+0100");
Line Deleted : user_pref("CT65619.LastLogin_3.8.1.0", "Mon Jan 30 2012 22:38:46 GMT+0100");
Line Deleted : user_pref("CT65619.LastLogin_3.9.0.3", "Mon Feb 13 2012 14:27:07 GMT+0100");
Line Deleted : user_pref("CT65619.LatestVersion", "3.19.0.3");
Line Deleted : user_pref("CT65619.Locale", "en-US");
Line Deleted : user_pref("CT65619.LoginCache", 4);
Line Deleted : user_pref("CT65619.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT65619.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT65619.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT65619.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT65619.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT65619.RadioLastCheckTime", "0");
Line Deleted : user_pref("CT65619.RadioLastUpdateIPServer", "0");
Line Deleted : user_pref("CT65619.RadioLastUpdateServer", "0");
Line Deleted : user_pref("CT65619.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT65619.SearchBoxWidth", 205);
Line Deleted : user_pref("CT65619.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT65619&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT65619.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CT65619.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT65619.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT65619&q=");
Line Deleted : user_pref("CT65619.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT65619.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT65619.SearchInNewTabLastCheckTime", "Sun Aug 25 2013 12:52:38 GMT+0200");
Line Deleted : user_pref("CT65619.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT65619.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT65619.SearchInNewTabUserEnabled", false);
Line Deleted : user_pref("CT65619.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT65619.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT65619.ServiceMapLastCheckTime", "Sun Aug 25 2013 12:52:44 GMT+0200");
Line Deleted : user_pref("CT65619.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT65619.SettingsLastCheckTime", "Mon Aug 26 2013 10:05:56 GMT+0200");
Line Deleted : user_pref("CT65619.SettingsLastUpdate", "1377501733");
Line Deleted : user_pref("CT65619.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT65619.ThirdPartyComponentsLastCheck", "Fri Aug 23 2013 12:31:30 GMT+0200");
Line Deleted : user_pref("CT65619.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT65619.TrusteLinkUrl", "hxxp://trust.conduit.com/CT65619");
Line Deleted : user_pref("CT65619.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityTo[...]
Line Deleted : user_pref("CT65619.UserID", "UN78602090773883565");
Line Deleted : user_pref("CT65619.ValidationData_Search", 2);
Line Deleted : user_pref("CT65619.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT65619.WeatherNetwork", "");
Line Deleted : user_pref("CT65619.WeatherPollDate", "Mon Aug 26 2013 11:39:05 GMT+0200");
Line Deleted : user_pref("CT65619.WeatherUnit", "C");
Line Deleted : user_pref("CT65619.alertChannelId", "45127");
Line Deleted : user_pref("CT65619.approveUntrustedApps", false);
Line Deleted : user_pref("CT65619.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B637D737B6E55217578654E67555[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D7367506[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E202520362D3842474A58515A5C585D505F593964595C49324B393A3F395047525C4173686B6965677B796F6D7B6E55217578592676685[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e.:2z527", "247E70716B71773C37276F2979757475772F26312323234F484B4C552E53493D263F302B30352F453C4739383C3D64605C5B5F716571704974696C4D7A675C455E4F4A4F4E4D645B66585[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F685[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B277[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e06cg5el8:", "6E6D6A6B6E7471727671");
Line Deleted : user_pref("CT65619.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737071747A77787C77242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("CT65619.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B6673237[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747A7[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675E6[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cj0j@l@ka$nn", "247E61393F236B25707879742A212C6E414F444D327A343C564C584C574D305A5A3F364124615651595457514A334C2B2B4F465134717462563F58485A515C3F6B6C75614A635[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cj69c=mk:h?db(rr", "247E61393F236B25767175757A2B222D6F4250454E337B354346504A5A5847554C514F355F5F443B46296669574B344D3F3A5047525F636A563F5E596977765D465F66714[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cj7;:d@hk?%peh", "247E61393F236B2575717674782B222D6F4250454E337B35444847514D55584C325D52554239442764675549324B3D3D4E4550335F6069553E5748475A515C6E6D717D6D217[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cj7;chgjd$nn", "247E61393F236B25717277732A212C6E414F444D327A3443474F54535650305A5A3F364124615651595457514A334C2B2B4F465134717462563F584A4A5B525D406C6D76624B6[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6E414F444D327A344352574757532F5A4F515C4C594F3762575A473E492C58545E6A4F38513C534A553864656E5A435C4B5E556[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cj8fj85\"ll", "247E61393F236B2576737174732B222D6F4250454E337B3545535745422F59593E3540236055505853565049324B272D4E4550335F6069553E5748475A515C696D746049686373[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cj96=bm\"ll", "247E61393F236B25757773717B2B222D6F4250454E337B3546434A4F5A2F59593E3540236055505853565049324B2A2A4E4550626165716174645841605B3E6B7A6E6B79212064[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cj;y=?bfbl%oo", "247E61393F236B256F7679742A212C6E414F444D327A344726494B4E524E58315B5B403742256257525A5558524B344D2C2C504752357275635740594B445C535E416D6E7763[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cja>hk!lad", "247E61393F236B257572777A2A212C6E414F444D327A344D4A54572D584D503D343F225F6250442D46383849404B2E5A5B645039524342554C5769686C78687B6B5F48676277257[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cjagglb@#mm", "247E61393F236B257577727A742B222D6F4250454E337B354E5454594F4D305A5A3F364124615651595457514A334C2B2B4F46513460616A563F5849485B525D6A6E75614A6964[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cjbfc:i\"ll", "247E61393F236B25757473777B2B222D6F4250454E337B354F535047562F59593E3540236055505853565049324B2A2A4E4550626165716174645841605B707D6B7D79614A6964[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cjc<=fbj#cf", "247E61393F236B25757674722A212C6E414F444D327A344F4849524E562F4F523E3540234F4B5561462F483A4A414C2F6B616E73706568666B7365757C7878727E676049625356[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cjc<=fbj#mm", "247E61393F236B257576737A2A212C6E414F444D327A344F4849524E562F59593E3540236055505853565049324B2A2A4E4550335F5B6571563F58435A515C3F7B717E24217578[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cjeik4!kk", "247E61393F236B25767177722A212C6E414F444D327A34515557402D57573C333E215E534E5651544E47304928284C434E315D5E67533C554645584F5A6A7E72767276614A696472[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cjh6gjfj>$nn", "247E61393F236B25717370752A212C6E414F444D327A345442535652564A305A5A3F364124615651595457514A334C2B2B4F46513460616A563F5849485B525D6A6E75614A696[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cjh<=b;\"ibclhp)til", "247E61393F236B25766F7571792B222D6F4250454E337B3555494A4F482F564F5059555D36615659463D482B5758614D364F403F524954666569756578685C45645F74[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cjh<=bb@afma'qq", "247E61393F236B256F7672742A212C6E414F444D327A345448494E4E4C4D52594D335D5D423944276459545C575A544D364F2E2E5249543774776559425B4D4D5E5560436F[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cji5c;m\"mbe", "247E61393F236B256F77767A2A212C6E414F444D327A3455414F47592E594E513E3540236055505853565049324B272D4E455033707361553E57484B5A515C3F6B6C75614A635[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cji>k3?a#mm", "247E61393F236B257377287E2A6C3F4D424B3078325348553D494B2D57573C333E215E534E5651544E47304928284C434E315D5E67533C5544574E59666A715D4665604371206D[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cji?ckmmo$odg", "247E61393F236B257373287E2A6C3F4D424B30783253494D555757592E594E513E3540236055505853565049324B787B4E4550335F6069553E574659505B686C735F48676272[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cjig=ki\"mbe", "247E61393F236B2574717829202B6D404E434C31793354524856542D584D503D343F225F6250442D46383649404B2E5A5B645039524342554C5764686F5B44635E6E7C7B624B6[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e31;cjii=8:\"mbe", "247E61393F236B2576717373792B222D6F4250454E337B3556564A45472F5A4F523F36414E5259452E6D4E495967664D364F566F6B6F726B6863657B777B69794326215669445[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A6352555752685[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797C5[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C247373772[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797B2[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F5C455E4E4D4B51635A6579247A2[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F625964792776722[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F74252[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D6657525[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F685[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37504C4757514B4F47345F5457442D4637343A3A4B424D665E705B646571634A756A6D5A435C4D4A504F6158637C717920752[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B6621257[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797C6[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575A5[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267A7[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4445494B49485450585952535F513863585B48314A3C3B363D4F46516F6B6E6D63776D687666507B707360496254534E54675E6[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("CT65619.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E67525[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F685[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C655756685[...]
Line Deleted : user_pref("CT65619.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D696F527D7275624B64525353516[...]
Line Deleted : user_pref("CT65619.backendstorage./9b-0?3g>d", "6E68716C3D416D6F7A4348757A207C754A4B254C4E50532A512625552B585A2D5E2F5E2D");
Line Deleted : user_pref("CT65619.backendstorage./9b-0?3g@6:5;", "");
Line Deleted : user_pref("CT65619.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Line Deleted : user_pref("CT65619.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
Line Deleted : user_pref("CT65619.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Line Deleted : user_pref("CT65619.backendstorage./9b3=>@44i48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Deleted : user_pref("CT65619.backendstorage./9b5ba==9cjag", "663F693E416F40407A47787948497B77494D217B4D");
Line Deleted : user_pref("CT65619.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6A6B6E7471727670727574");
Line Deleted : user_pref("CT65619.backendstorage./9b9643g3/9e", "6A");
Line Deleted : user_pref("CT65619.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Line Deleted : user_pref("CT65619.backendstorage./9b<:222h64<", "393F352F3E");
Line Deleted : user_pref("CT65619.backendstorage./9b<:222h64<l8daj", "6D70706F76747179756F2A797872787E75217B");
Line Deleted : user_pref("CT65619.backendstorage./9b=+03eh8h8j?:", "4443");
Line Deleted : user_pref("CT65619.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("CT65619.backendstorage./9b?b0d:8aj62<h", "6D");
Line Deleted : user_pref("CT65619.backendstorage./9ba@0<0bi6a7gn:6@l?", "6C");
Line Deleted : user_pref("CT65619.backendstorage.acp_personal.appstate", "656E61626C65");
Line Deleted : user_pref("CT65619.backendstorage.cb_experience_000", "343033");
Line Deleted : user_pref("CT65619.backendstorage.cb_firstuse0100", "31");
Line Deleted : user_pref("CT65619.backendstorage.cb_user_id_000", "43423234303736313331353236325F313336373235313834353632355F46697265666F78");
Line Deleted : user_pref("CT65619.backendstorage.cbfirsttime", "4D6F6E2041707220323920323031332031383A31303A343520474D542B30323030");
Line Deleted : user_pref("CT65619.backendstorage.last_client_stats_submit_2", "31333736353630353830");
Line Deleted : user_pref("CT65619.backendstorage.local_cookie_stats_last_submit_6", "31333737343238323932");
Line Deleted : user_pref("CT65619.backendstorage.local_cookie_stats_stats_site_irrelevant", "32");
Line Deleted : user_pref("CT65619.backendstorage.local_cookie_stats_stats_site_new", "30");
Line Deleted : user_pref("CT65619.backendstorage.local_cookie_stats_stats_site_not_supported", "30");
Line Deleted : user_pref("CT65619.backendstorage.local_cookie_stats_stats_site_supported", "3137");
Line Deleted : user_pref("CT65619.backendstorage.local_cookie_stats_stats_use_history", "30");
Line Deleted : user_pref("CT65619.backendstorage.local_cookie_stats_stats_use_pop", "30");
Line Deleted : user_pref("CT65619.backendstorage.local_cookie_stats_stats_use_related", "30");
Line Deleted : user_pref("CT65619.backendstorage.local_cookie_stats_stats_use_typed", "30");
Line Deleted : user_pref("CT65619.backendstorage.local_cookie_throttle_baseadd_stats|0|local_cookie_stats_stats_site_irrelevant", "31333737353034383437");
Line Deleted : user_pref("CT65619.backendstorage.local_cookie_throttle_baseadd_stats|0|local_cookie_stats_stats_site_supported", "31333737353130303535");
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476F6E67222C2275726C223A22687474703A2F2F7072696365676F6E672E636F6E64756974617070732E636F6D2F4D414D2F76312[...]
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_appstate_easytobook", "6F6E");
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6E");
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_appstate_windowshopper", "6F6E");
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_appstatereporttime", "31333737353034333637323030");
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_calledsetupservice", "31");
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A225069636C69636B56322D576562536561726368222C22637269746572696173223A5B7B2263726974657269614964[...]
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_currentversion", "312E31302E322E35");
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_eventscache", "7B2239613339613034332D666533632D343464322D613565322D313666353836666135353233223A7B22746F706963223A2273656E645573616765222C2264617461223A7B226361[...]
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_existingusersrecoverydone", "31");
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_first_time", "31");
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_gadgetopen", "30");
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_lastlogintime", "31333737353034333633353733");
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22436F6E74656E742D52696368746C696E6965227D2C226761646765744465736372697074696F6E5[...]
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_mamenabled", "66616C7365");
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_settings1.10.2.5", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2233355F30222C22697354657374223A7[...]
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_settings1.4.4.6", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2236315F2D31222C22697354657374223A[...]
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_settings1.6.0.1", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2236315F2D31222C22697354657374223A[...]
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_settings1.8.0.4", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2234365F30222C22697354657374223A74[...]
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_settings1.9.0.4", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2234365F30222C22697354657374223A74[...]
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_showclosebutton", "74727565");
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_user_approval_interacted", "31");
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_userid", "36336265343832662D396336612D343736622D623838622D653663373661336462373266");
Line Deleted : user_pref("CT65619.backendstorage.mam_gk_welcomedialogmode", "31");
Line Deleted : user_pref("CT65619.backendstorage.pg_enable", "74727565");
Line Deleted : user_pref("CT65619.backendstorage.sf_just_installed", "46414C5345");
Line Deleted : user_pref("CT65619.backendstorage.sf_status", "454E41424C4544");
Line Deleted : user_pref("CT65619.backendstorage.sf_user_id", "6369645F3239343230313331353530313338353134373733");
Line Deleted : user_pref("CT65619.backendstorage.url_history0001", "687474703A2F2F66696C65706F6E792E64652F646F776E6C6F61642D6D616C7761726562797465735F616E74695F6D616C776172652F6765742D6D6972726F722D7365727665722E687[...]
Line Deleted : user_pref("CT65619.clientLogIsEnabled", false);
Line Deleted : user_pref("CT65619.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT65619.components.1000034", false);
Line Deleted : user_pref("CT65619.components.1000082", false);
Line Deleted : user_pref("CT65619.components.1000234", true);
Line Deleted : user_pref("CT65619.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdownlo[...]
Line Deleted : user_pref("CT65619.globalFirstTimeInfoLastCheckTime", "Sun Aug 25 2013 12:52:44 GMT+0200");
Line Deleted : user_pref("CT65619.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT65619.initDone", true);
Line Deleted : user_pref("CT65619.isAppTrackingManagerOn", false);
Line Deleted : user_pref("CT65619.myStuffEnabled", true);
Line Deleted : user_pref("CT65619.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT65619.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT65619.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT65619.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT65619.oldAppsList", "128299243212250987,127759438892500272,111,127861388111562721,128055585236813047,1000034,1000080,1000082,1000234,1000515,1000,1001,1002,1003,1004,1005,1006,1007,1008,1[...]
Line Deleted : user_pref("CT65619.revertSettingsEnabled", true);
Line Deleted : user_pref("CT65619.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT65619.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT65619.testingCtid", "");
Line Deleted : user_pref("CT65619.toolbarAppMetaDataLastCheckTime", "Sun Aug 25 2013 12:52:44 GMT+0200");
Line Deleted : user_pref("CT65619.toolbarContextMenuLastCheckTime", "Tue Aug 13 2013 13:07:36 GMT+0200");
Line Deleted : user_pref("CT65619.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT65619.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT65619/CT65619", "\"4375e2c3f0b68dbf60f4af3bd255a0743\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/DEFAULT", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/45127/44604/DE", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DEFAULT", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1288731025\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT65619", "\"1367218526\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-US", "G9mW7heT/8xIX1frcduu0A==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-US&ctid=CT65619", "b5I8zzzMgsg0XG/fawLlFw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-US", "2E1/v7EfCEDbv3VaBQMELg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-US&ctid=CT65619", "9uXRY86McHhmOreOHsv6MA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-US", "UgzXjW7BIkfdx+x39Ruv3w==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-US&ctid=CT65619", "I1tfz7EBg4DmNytL9x55lQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-US", "4BgM4MhF/sOgPsDNmIs3Yw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-US&ctid=CT65619", "ZI41WLbm1fFgx4gn0bs99Q==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"ea2cd4d5b586ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"807dc126dd28cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.11.0.3", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"2a1a0d7b586ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"8028f138140cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"0ee90707f77cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"80ee9485875dcc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"80ee9485875dcc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT65619", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634250095346670000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=CT2786678", "\"1290629275\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT65619&octid=CT65619", "\"1321973086\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT65619/CT65619", "\"1310989086\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"ad9cd3b32c68906c8c16d35d5ffc7f70\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634168576518470000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-US", "\"ac6547200eccf72d3c751805a83c1597\"");
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{3160baf9-cf68-48ec-9076-faed7ce49467}");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "dict.cc");
Line Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\*****\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\b2bdk1s0.default\\conduitCommon\\modules\\3.19.0.3");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.19.0.3");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT65619");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT65619");
Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Apr 17 2011 13:35:39 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jun 18 2011 23:00:00 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jun 27 2011 21:04:54 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "{a339caa7-fa23-45c1-9056-f95baf85b516}");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Nov 26 2010 13:17:49 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "aee73cd1-4df1-428e-b848-66e391fc2e36");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.killedEngine", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Aug 13 2013 13:07:39 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Aug 25 2013 12:52:47 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Aug 25 2013 12:52:39 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "44027f3d-7690-4f94-9d3e-b53442e82ebf");
Line Deleted : user_pref("CommunityToolbar.undefined", "");
Line Deleted : user_pref("extensions.enabledItems", "{3160baf9-cf68-48ec-9076-faed7ce49467}:3.3.3.2,{73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,engine@conduit.com:3.3[...]

[ File : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vmpia8wi.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [43287 octets] - [26/08/2013 11:42:42]
AdwCleaner[S0].txt - [43969 octets] - [26/08/2013 11:45:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [44030 octets] ##########
--- --- ---
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.019 - Bericht erstellt am 22/02/2014 um 22:54:59
# Aktualisiert 17/02/2014 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzername : ***** - COOKIE
# Gestartet von : C:\Users\*****\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\uniblue
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\OpenCandy
Datei Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vmpia8wi.default\searchplugins\Web Search.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKLM\Software\caphyon
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\iyvg1asy.default-1384523830183\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fa409dbf-202c-c585-b01e-b43f9ddda424&searchtype=ds&fr=linkury-tb&installDate=26/01/2014&type=hp1000&p="[...]

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\vmpia8wi.default\prefs.js ]

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fa409dbf-202c-c585-b01e-b43f9ddda424&searchtype=hp&fr=linkury-tb&installDate=26/01/2014&ty[...]
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fa409dbf-202c-c585-b01e-b43f9ddda424&searchtype=ds&fr=linkury-tb&installDate=26/01/2014&type=hp1000&p="[...]
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=fa409dbf-202c-c585-b01e-b43f9ddda424&searchtype=nt&fr=linkury-tb&installDate=26/01/2014&type=hp1[...]

*************************

AdwCleaner[R0].txt - [48117 octets] - [26/08/2013 10:42:42]
AdwCleaner[S0].txt - [47934 octets] - [26/08/2013 10:45:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [47995 octets] ##########
--- --- ---


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Starter x86
Ran by ***** on 22.02.2014 at 23:03:54,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\iyvg1asy.default-1384523830183\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.02.2014 at 23:13:28,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.22.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
***** :: COOKIE [Administrator]

22.02.2014 23:24:25
mbam-log-2014-02-22 (23-24-25).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 255268
Laufzeit: 18 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Alt 23.02.2014, 11:21   #6
M-K-D-B
/// TB-Ausbilder
 
Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung - Standard

Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung


Servus,


lade dir die Zoek.exe herunter, die gibt es auf der gleichen Seite wie die zoek.zip, dann sollte das auch klappen.

Antwort

Themen zu Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung
4d36e972-e325-11ce-bfc1-08002be10318, administrator, adobe, antivirus, avast, browser, defender, error, excel, explorer, firefox, flash player, homepage, hängen, launch, mozilla, newtab, ntdll.dll, realtek, registry, rundll, scan, secunia psi, security, services.exe, software, svchost.exe, temp, windows, winlogon.exe, wlansvc


« Awesomehp als Startseite löschen | Virus/ Trojaner TR/Patched.Ren.Gen »


Ähnliche Themen: Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung


  1. Hohe Arbeitsspeicherauslastung trotz keiner offenen Programme
    Plagegeister aller Art und deren Bekämpfung - 04.11.2015 (11)
  2. Windows Vista: svchost.exe verursacht sehr hohe CPU-Auslastung
    Log-Analyse und Auswertung - 22.09.2015 (15)
  3. Windows 8.1, 64 Bit : Firefox plötzlich sehr langsam geworden
    Plagegeister aller Art und deren Bekämpfung - 02.06.2015 (15)
  4. [Windows 8.1] Sehr hohe Netzwerkauslastung + Steam, Facebook und web.de-Fremdzugriff aus Venezuela
    Log-Analyse und Auswertung - 06.05.2015 (10)
  5. Windows 8.1 Hohe CPU- und Arbeitsspeicherauslastung
    Log-Analyse und Auswertung - 21.04.2015 (16)
  6. Ntoskrnl verursachen sehr hohe HDD-Auslastung | Windows 8.1, McAfee hat ARTEMIS entdeckt
    Log-Analyse und Auswertung - 29.06.2014 (13)
  7. System / Ntoskrnl verursachen sehr hohe HDD-Auslastung | Windows 8.1
    Plagegeister aller Art und deren Bekämpfung - 15.02.2014 (3)
  8. Malwarebytes scant 45 Funde; hohe Arbeitsspeicherauslastung
    Plagegeister aller Art und deren Bekämpfung - 03.02.2014 (15)
  9. Windows 8: Internet plötzlich sehr langsam!
    Log-Analyse und Auswertung - 10.01.2014 (13)
  10. Windows 7 läuft plötzlich sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 23.06.2013 (25)
  11. Hohe Arbeitsspeicherauslastung des Windows Installer (msiexec.exe) unter Win 8
    Log-Analyse und Auswertung - 18.11.2012 (1)
  12. svchost.exe hat hohe Arbeitsspeicherauslastung
    Log-Analyse und Auswertung - 26.02.2012 (9)
  13. PC plötzlich sehr, sehr langsam - evtl. neues update Adobe Flashplayer? kein Virus gefunden...
    Log-Analyse und Auswertung - 05.10.2011 (15)
  14. Hohe Arbeitsspeicherauslastung trotz weniger Prozesse
    Log-Analyse und Auswertung - 25.07.2010 (10)
  15. plötzlich hohe cpu auslastung
    Log-Analyse und Auswertung - 30.04.2010 (0)
  16. Windows 7 RC Rechner u. Internet plötzlich sehr langsam
    Log-Analyse und Auswertung - 23.11.2009 (4)
  17. pc plötzlich langsam, hohe auslastung!
    Log-Analyse und Auswertung - 21.06.2009 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung - Hallo Matthias, vielen Dank für deine Hilfe. Ich führe das jetzt durch. Vorher kurz eine Frage: Soll ich einen Neustart machen, wenn das Programm fertig ist oder ist das nur - Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung...
Archiv
Du betrachtest: Windows 7: Plötzlich sehr hohe Arbeitsspeicherauslastung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131