Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bundespolizei Trojaner sperrt den PC (desktop) sobald ich ihn anmache (https://www.trojaner-board.de/121825-bundespolizei-trojaner-sperrt-pc-desktop-sobald-ihn-anmache.html)

Kanden95 11.08.2012 13:29
Bundespolizei Trojaner sperrt den PC (desktop) sobald ich ihn anmache
 
Hallo Leute, ich habe seit heute den Bundestrojaner auf meinem PC. Und ich habe wirklich null Ahnung was ich tun muss um den von meinem PC zu entfernen.

Könntet ihr mir behilflich sein? Mein PC ist gerade im abgesicherten Modus gestartet mit Netzwerk.

Freue mich auf eure Antworten.

t'john 12.08.2012 01:22
:hallo:

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Kanden95 12.08.2012 12:56
Also bevor du geschrieben hattest, habe ich gestern schon Malwarebytes laufen lassen. Nach 4,5 Stunden hatte das Programm 5 infizierte Dateien gefunden, und sie gelöscht. Seitdem kann ich wieder alles benutzen und es scheint bisher alles wieder wie normal zu laufen, mir ist nichts aufgefallen.

Anhang 40498

Die 2 Logs von OTL sind dabei, und das von Malwarebytes auch.

t'john 12.08.2012 13:16
:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-50974411-419361550-3491192382-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-50974411-419361550-3491192382-1001\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-50974411-419361550-3491192382-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-50974411-419361550-3491192382-1001\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-50974411-419361550-3491192382-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-50974411-419361550-3491192382-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-50974411-419361550-3491192382-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-50974411-419361550-3491192382-1001\..\SearchScopes\{51A4D242-B37A-4937-B32E-9557FF2176C8}: "URL" = http://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-50974411-419361550-3491192382-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-50974411-419361550-3491192382-1001\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKU\S-1-5-21-50974411-419361550-3491192382-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-50974411-419361550-3491192382-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\Arman\\AppData\\Local\\Temp\\proxtube.pac"
FF - prefs.js..network.proxy.backup.ftp: "193.73.184.201"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.socks: "193.73.184.201"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "193.73.184.201"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "77.78.3.83"
FF - prefs.js..network.proxy.ftp_port: 9090
FF - prefs.js..network.proxy.http: "23.22.95.3"
FF - prefs.js..network.proxy.http_port: 8888
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "77.78.3.83"
FF - prefs.js..network.proxy.socks_port: 9090
FF - prefs.js..network.proxy.ssl: "77.78.3.83"
FF - prefs.js..network.proxy.ssl_port: 9090
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-50974411-419361550-3491192382-1001\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files (x86)\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-50974411-419361550-3491192382-1001\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-50974411-419361550-3491192382-1001\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-50974411-419361550-3491192382-1001..\Run: [Akamai NetSession Interface] C:\Users\Arman\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-50974411-419361550-3491192382-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-50974411-419361550-3491192382-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-50974411-419361550-3491192382-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-50974411-419361550-3491192382-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-50974411-419361550-3491192382-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7492ec4f-bac3-11e1-9981-dd703940e285}\Shell - "" = AutoRun
O33 - MountPoints2\{7492ec4f-bac3-11e1-9981-dd703940e285}\Shell\AutoRun\command - "" = J:\Launcher.exe
O33 - MountPoints2\{dac13d43-f156-11de-8653-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dac13d43-f156-11de-8653-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoMenu.exe
O33 - MountPoints2\{fa9278b6-4c86-11df-9066-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fa9278b6-4c86-11df-9066-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Borderlands.exe

[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[2012.08.11 14:51:14 | 004,503,728 | ---- | M] () -- C:\ProgramData\00etadpu.pad

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:05EE1EEF
[2012.08.12 13:26:08 | 4200,595,455 | ---- | M] () -- C:\Users\Arman\Desktop\THE LAST STORY.iso
[2012.08.12 13:26:08 | 405,012,479 | ---- | C] () -- C:\Users\Arman\Desktop\The Legend of Zelda Twilight Princess.iso
[2012.08.12 12:00:36 | 000,002,022 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.08.12 12:01:09 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-50974411-419361550-3491192382-1001UA.job
[2012.08.12 12:01:25 | 405,012,479 | ---- | C] () -- C:\Users\Arman\Desktop\The Legend of Zelda Skyward Sword.iso
[2012.08.12 13:13:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.12 13:11:30 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.12 13:12:00 | 405,012,479 | ---- | M] () -- C:\Users\Arman\Desktop\SUPER MARIO GALAXY MORE.iso
[2012.08.12 13:12:00 | 405,012,479 | ---- | C] () -- C:\Users\Arman\Desktop\SUPER PAPER MARIO.iso
[2012.08.12 11:44:40 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.12 00:01:03 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-50974411-419361550-3491192382-1001Core.job
 
[2012.07.06 01:20:50 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\ARMAN\APPDATA\Roaming\13001.016
[2012.07.06 01:20:41 | 000,000,051 | ---- | C] () -- C:\Users\Arman\AppData\Roaming\blckdom.res
:Files

C:\USERS\ARMAN\APPDATA\Roaming\13*
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Kanden95 12.08.2012 14:21
Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7b13ec3e-999a-4b70-b9cb-2617b8323822} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ deleted successfully.
C:\Program Files (x86)\Zynga\tbZyng.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ deleted successfully.
C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-50974411-419361550-3491192382-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-50974411-419361550-3491192382-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7b13ec3e-999a-4b70-b9cb-2617b8323822} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
File C:\Program Files (x86)\Zynga\tbZyng.dll not found.
Registry value HKEY_USERS\S-1-5-21-50974411-419361550-3491192382-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-50974411-419361550-3491192382-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll not found.
Registry value HKEY_USERS\S-1-5-21-50974411-419361550-3491192382-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
HKEY_USERS\S-1-5-21-50974411-419361550-3491192382-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-50974411-419361550-3491192382-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-50974411-419361550-3491192382-1001\Software\Microsoft\Internet Explorer\SearchScopes\{51A4D242-B37A-4937-B32E-9557FF2176C8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51A4D242-B37A-4937-B32E-9557FF2176C8}\ not found.
Registry key HKEY_USERS\S-1-5-21-50974411-419361550-3491192382-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-50974411-419361550-3491192382-1001\Software\Microsoft\Internet Explorer\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\ not found.
HKU\S-1-5-21-50974411-419361550-3491192382-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-50974411-419361550-3491192382-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: false removed from browser.search.update
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "google.de" removed from browser.startup.homepage
Prefs.js: "file:///C:\\Users\\Arman\\AppData\\Local\\Temp\\proxtube.pac" removed from network.proxy.autoconfig_url
Prefs.js: "193.73.184.201" removed from network.proxy.backup.ftp
Prefs.js: 3128 removed from network.proxy.backup.ftp_port
Prefs.js: "193.73.184.201" removed from network.proxy.backup.socks
Prefs.js: 3128 removed from network.proxy.backup.socks_port
Prefs.js: "193.73.184.201" removed from network.proxy.backup.ssl
Prefs.js: 3128 removed from network.proxy.backup.ssl_port
Prefs.js: "77.78.3.83" removed from network.proxy.ftp
Prefs.js: 9090 removed from network.proxy.ftp_port
Prefs.js: "23.22.95.3" removed from network.proxy.http
Prefs.js: 8888 removed from network.proxy.http_port
Prefs.js: "localhost, 127.0.0.1, stealthy.co" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "77.78.3.83" removed from network.proxy.socks
Prefs.js: 9090 removed from network.proxy.socks_port
Prefs.js: "77.78.3.83" removed from network.proxy.ssl
Prefs.js: 9090 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4\ deleted successfully.
C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@nexon.net/NxGame\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0\ deleted successfully.
File C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_USERS\S-1-5-21-50974411-419361550-3491192382-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7B13EC3E-999A-4B70-B9CB-2617B8323822} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822}\ not found.
File C:\Program Files (x86)\Zynga\tbZyng.dll not found.
Registry value HKEY_USERS\S-1-5-21-50974411-419361550-3491192382-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ deleted successfully.
C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-50974411-419361550-3491192382-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}\ not found.
File C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll not found.
Registry value HKEY_USERS\S-1-5-21-50974411-419361550-3491192382-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
C:\Users\Arman\AppData\Local\Akamai\netsession_win.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry value HKEY_USERS\S-1-5-21-50974411-419361550-3491192382-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-21-50974411-419361550-3491192382-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-50974411-419361550-3491192382-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-50974411-419361550-3491192382-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-50974411-419361550-3491192382-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7492ec4f-bac3-11e1-9981-dd703940e285}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7492ec4f-bac3-11e1-9981-dd703940e285}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7492ec4f-bac3-11e1-9981-dd703940e285}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7492ec4f-bac3-11e1-9981-dd703940e285}\ not found.
File J:\Launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dac13d43-f156-11de-8653-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dac13d43-f156-11de-8653-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dac13d43-f156-11de-8653-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dac13d43-f156-11de-8653-806e6f6e6963}\ not found.
File D:\AutoMenu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa9278b6-4c86-11df-9066-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa9278b6-4c86-11df-9066-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa9278b6-4c86-11df-9066-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa9278b6-4c86-11df-9066-806e6f6e6963}\ not found.
File I:\Borderlands.exe not found.
C:\Windows\SysWow64\SET7623.tmp deleted successfully.
C:\Windows\SysWow64\SET93F5.tmp deleted successfully.
C:\Windows\SysWow64\SET96B5.tmp deleted successfully.
C:\Windows\SysWow64\SETA435.tmp deleted successfully.
C:\Windows\SysWow64\tmpD6FE.tmp deleted successfully.
C:\Windows\SysWow64\tmpD6FF.tmp deleted successfully.
C:\ProgramData\00etadpu.pad moved successfully.
ADS C:\ProgramData\Temp:05EE1EEF deleted successfully.
File C:\Users\Arman\Desktop\THE LAST STORY.iso not found.
File C:\Users\Arman\Desktop\The Legend of Zelda Twilight Princess.iso not found.
C:\Users\Public\Desktop\Avira Control Center.lnk moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-50974411-419361550-3491192382-1001UA.job moved successfully.
File C:\Users\Arman\Desktop\The Legend of Zelda Skyward Sword.iso not found.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File C:\Users\Arman\Desktop\SUPER MARIO GALAXY MORE.iso not found.
File C:\Users\Arman\Desktop\SUPER PAPER MARIO.iso not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-50974411-419361550-3491192382-1001Core.job moved successfully.
C:\USERS\ARMAN\APPDATA\Roaming\13001.016\components folder moved successfully.
C:\USERS\ARMAN\APPDATA\Roaming\13001.016 folder moved successfully.
C:\Users\Arman\AppData\Roaming\blckdom.res moved successfully.
========== FILES ==========
File\Folder C:\USERS\ARMAN\APPDATA\Roaming\13* not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Arman\Desktop\cmd.bat deleted successfully.
C:\Users\Arman\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Arman
->Temp folder emptied: 6696677558 bytes
->Temporary Internet Files folder emptied: 301545021 bytes
->Java cache emptied: 44196599 bytes
->FireFox cache emptied: 826492137 bytes
->Google Chrome cache emptied: 9124207 bytes
->Apple Safari cache emptied: 16384 bytes
->Flash cache emptied: 3179562 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1671168 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 39667200 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 377788979 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 7.916,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Arman
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.57.0 log created on 08122012_150947

Files\Folders moved on Reboot...
C:\Users\Arman\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\SysNative\SET21DD.tmp not found!

PendingFileRenameOperations files...
File C:\Users\Arman\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Windows\SysNative\SET21DD.tmp not found!

Registry entries deleted on Reboot...

t'john 12.08.2012 14:45
Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Kanden95 12.08.2012 17:22
Okay, das mach ich dann morgen, hab heute keine Zeit mehr.

t'john 12.08.2012 18:38
Ok, mit dem PC aber nicht surfen in der Zwischenzeit.

Kanden95 13.08.2012 00:35
So hier der Log von Malwarebytes

Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Arman :: ARMAN-PC [Administrator]

Schutz: Deaktiviert

12.08.2012 20:57:29
mbam-log-2012-08-12 (20-57-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 644032
Laufzeit: 4 Stunde(n), 34 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Der Log von ADW Cleaner

Code:
# AdwCleaner v1.800 - Logfile created 08/13/2012 at 01:34:11
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Arman - ARMAN-PC
# Running from : C:\Users\Arman\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Arman\AppData\Local\Conduit
Folder Found : C:\Users\Arman\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Folder Found : C:\Users\Arman\AppData\Local\OpenCandy
Folder Found : C:\Users\Arman\AppData\LocalLow\Conduit
Folder Found : C:\Users\Arman\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Arman\AppData\LocalLow\uTorrentBar_DE
Folder Found : C:\Users\Arman\AppData\LocalLow\Zynga
Folder Found : C:\Users\Arman\AppData\LocalLow\Zynga
Folder Found : C:\Users\Arman\AppData\Roaming\OpenCandy
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Found : C:\Program Files (x86)\uTorrentBar_DE
Folder Found : C:\Program Files (x86)\Zynga
Folder Found : C:\Program Files (x86)\Zynga

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2438727[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com.tmp
Key Found : HKCU\Software\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zynga Toolbar
Key Found : HKLM\SOFTWARE\uTorrentBar_DE
Key Found : HKLM\SOFTWARE\Zynga
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKCU\Software\Ask.com.tmp
[x64] Key Found : HKCU\Software\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
[x64] Key Found : HKCU\Software\Softonic

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D78086D5-D1FA-4B27-AF1F-165B0B6D7946}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C88B21E-9949-44BE-A276-607DDDC179A3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0A4DE2A-2D2E-4F30-9A2F-83407F070DE4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D78086D5-D1FA-4B27-AF1F-165B0B6D7946}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B13EC3E-999A-4B70-B9CB-2617B8323822}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Arman\AppData\Roaming\Mozilla\Firefox\Profiles\9w3gxgv3.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Arman\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found :                  "default_title": "uTorrentBar_DE Community Toolbar",
Found :                "name": "uTorrentBar_DE",
Found :                "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT285164[...]
Found :          "path": "C:\\Users\\Arman\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll",

*************************

AdwCleaner[R1].txt - [7502 octets] - [13/08/2012 01:34:11]

########## EOF - C:\AdwCleaner[R1].txt - [7630 octets] ##########

t'john 13.08.2012 14:25
Sehr gut! :daumenhoc


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Kanden95 13.08.2012 16:40
Hier erstmal der Log von ADW Cleaner

Code:
# AdwCleaner v1.800 - Logfile created 08/13/2012 at 17:32:03
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Arman - ARMAN-PC
# Running from : C:\Users\Arman\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Arman\AppData\Local\Conduit
Folder Deleted : C:\Users\Arman\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Folder Deleted : C:\Users\Arman\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Arman\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Arman\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Arman\AppData\LocalLow\uTorrentBar_DE
Folder Deleted : C:\Users\Arman\AppData\LocalLow\Zynga
Folder Deleted : C:\Users\Arman\AppData\Roaming\OpenCandy
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Deleted : C:\Program Files (x86)\uTorrentBar_DE
Folder Deleted : C:\Program Files (x86)\Zynga

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar_DE Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zynga Toolbar
Key Deleted : HKLM\SOFTWARE\uTorrentBar_DE
Key Deleted : HKLM\SOFTWARE\Zynga

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D78086D5-D1FA-4B27-AF1F-165B0B6D7946}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C88B21E-9949-44BE-A276-607DDDC179A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0A4DE2A-2D2E-4F30-9A2F-83407F070DE4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D78086D5-D1FA-4B27-AF1F-165B0B6D7946}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2E61BEA4-D5C3-443E-92B7-672B0E36D5FE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Arman\AppData\Roaming\Mozilla\Firefox\Profiles\9w3gxgv3.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Arman\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :                  "default_title": "uTorrentBar_DE Community Toolbar",
Deleted :                "name": "uTorrentBar_DE",
Deleted :                "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT285164[...]
Deleted :          "path": "C:\\Users\\Arman\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll",

*************************

AdwCleaner[R1].txt - [7591 octets] - [13/08/2012 01:34:11]
AdwCleaner[R2].txt - [7651 octets] - [13/08/2012 01:37:21]
AdwCleaner[R3].txt - [6803 octets] - [13/08/2012 17:31:53]
AdwCleaner[S1].txt - [5499 octets] - [13/08/2012 17:32:03]

########## EOF - C:\AdwCleaner[S1].txt - [5627 octets] ##########

t'john 13.08.2012 16:59
Emsisoft Log?

Kanden95 13.08.2012 17:35
Nein der von ADW Cleaner, den man nach dem Neustart bekommt, nach dem löschen. :)

t'john 13.08.2012 21:08
Ne, ich warte auf das Emsisoft Log ;)

Kanden95 13.08.2012 23:58
Hier der Log. Sollen die Funde in Quarantäne?

Code:
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 13.08.2012 17:47:40

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:        13.08.2012 17:49:59

c:\program files (x86)\gamespy arcade        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\addins        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\cstrike        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\cstrike\frontline        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\halflife        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\halflife\action        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\halflife\cstrike        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\halflife\firearms        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\aq2        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\battle        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\halflife\frontline        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\halflife\gearbox        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\halflife\tfc        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\chaosdm        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\duel        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\freeze        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\gloom        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\gxmod        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\holywars        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\jail        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\kots        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\lfiredm        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\lithium2        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\lmctf        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\pball        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\q2comp        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\qpong        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\ra2        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\requiem        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\sconfig        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\wf        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\wod        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\tourney        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\alliance        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\beryllium        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\excessive        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\instagib        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\jailbreak        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\matchmod        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\osp        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\q3comp        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\q3f        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\q3ut2        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\requiem        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\rocketarena3        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\wfa        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\arena        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\ch        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\ctf        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\ctfb        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\ctfplus        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\dd        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\dm        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\duel        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\fr        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\mt        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\open cal        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\rpg        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\tac        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\ut        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\ut\excessive        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\ut\rocketarena        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\ut\swat        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\images        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\images\icons        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\images\portraits        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\profiles        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\profiles\(default)        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_common        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_demospy        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_fplanet        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_gnews        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_gspyder        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_news        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_support        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\skins        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\sounds        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\sounds\(default)        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\sounds\classic        gefunden: Trace.File.gamespy arcade!E1
c:\users\arman\appdata\roaming\microsoft\windows\start menu\programs\gamespy arcade        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\dat.bmp        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\4dca9208.dat        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\def_banner.gif        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\arcres.dll        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\def_banner.html        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\def_bannerbg.jpg        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\def_loading.gif        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\def_logo.jpg        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\def_news.html        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\gamespy arcade - debug.lnk        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\gamespy arcade help.url        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\gamespy arcade website.url        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\aphex.exe        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\fpupdate.exe        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\gamespy arcade.lnk        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\gamespy.com gaming's homepage.url        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\gslan.dll        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\install.log        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\gsws.dll        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\gsapak.exe        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\pw32.dll        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\readme.html        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\register gamespy arcade.url        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\rptcrash.exe        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_news\rsrc.dir        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_news\service_tab.psd        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_news\service_tab+.tga        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_support\rsrc.dir        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_support\service_tab.psd        gefunden: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\ws_default.html        gefunden: Trace.File.gamespy arcade!E1
Value: hkey_current_user\software\gamespy\gamespy arcade --> instdir        gefunden: Trace.Registry.gamespy arcade!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\gamespy arcade --> displayname        gefunden: Trace.Registry.gamespy arcade!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\gamespy arcade --> uninstallstring        gefunden: Trace.Registry.gamespy arcade!E1
Value: hkey_current_user\software\bitlord\bitcomet\appwindow --> favsite        gefunden: Trace.Registry.bitlord 1.1!E1
Value: hkey_current_user\software\bitlord\bitcomet\appwindow --> maximized        gefunden: Trace.Registry.bitlord 1.1!E1
Value: hkey_current_user\software\bitlord\bitcomet\appwindow --> statusbar        gefunden: Trace.Registry.bitlord 1.1!E1
Value: hkey_current_user\software\bitlord\bitcomet\appwindow --> toolbar        gefunden: Trace.Registry.bitlord 1.1!E1
Value: hkey_current_user\software\infinite interactive\puzzle quest --> music        gefunden: Trace.Registry.puzzle quest!E1
Value: hkey_current_user\software\infinite interactive\puzzle quest --> sfx        gefunden: Trace.Registry.puzzle quest!E1
Key: hkey_local_machine\software\trymedia systems        gefunden: Trace.Registry.trymedia!E1
Key: hkey_local_machine\software\trymedia systems\activemark software        gefunden: Trace.Registry.trymedia!E1
C:\Users\Arman\Documents\Old Game Optimizations\FOV\viceFOV.exe        gefunden: Win32.SuspectCrc!E2
C:\Users\Arman\Documents\Old Game Optimizations\FOV\gta3FOV.exe        gefunden: Win32.SuspectCrc!E2
C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\SKIDROW.exe        gefunden: Riskware.Hacktool.Skidrow!E2
C:\Program Files (x86)\Su-Bi Loader\leecher.exe        gefunden: Virus.Win32.Heur!E2
C:\Program Files (x86)\Origin Games\Die Sims 3 Einfach tierisch Erstelle ein Tier-Demo\__Installer\Sims3CAPSetup.exe        gefunden: Virus.Win32.Sality!E2

Gescannt        895773
Gefunden        131

Scan Ende:        14.08.2012 00:57:43
Scan Zeit:        7:07:44


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:53 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131