Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU-Virus unter Win 7 - das nächste Opfer

GVU-Virus unter Win 7 - das nächste Opfer


Log-Analyse und Auswertung: GVU-Virus unter Win 7 - das nächste Opfer

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 11.07.2012, 19:14   #1
Pedro64
 
GVU-Virus unter Win 7 - das nächste Opfer - Standard

GVU-Virus unter Win 7 - das nächste Opfer


Hallo,

erstmal schön, dass es euch gibt (und dass ich eich gefunden habe) und dass ihr hier so nett seid und anderen helft.

Zu meinem Problem: ich habe mir ebenfalls den Bundespolizei-Virus eingefangen. defogger und OTL habe ich laufen lassen.
Ich hoffe, das Anhängen der Dateien hat funktioniert.

Schon mal Danke für eure Hilfe.

Alt 11.07.2012, 20:56   #2
t'john
/// Helfer-Team
 
GVU-Virus unter Win 7 - das nächste Opfer - Standard

GVU-Virus unter Win 7 - das nächste Opfer




Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox 
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-1916146632-4209647930-2302923303-1003\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.) 
IE - HKU\S-1-5-21-1916146632-4209647930-2302923303-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-1916146632-4209647930-2302923303-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-1916146632-4209647930-2302923303-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..network.proxy.type: 0 
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.) 
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKU\S-1-5-21-1916146632-4209647930-2302923303-1003\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.) 
O4:64bit: - HKLM..\Run: [WavXMgr] ";C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" File not found 
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe () 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-430053540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{f80241bf-01e9-11e0-919d-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{f80241bf-01e9-11e0-919d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Client_Installation.exe 


:Commands
ipconfig /flushdns /c
[emptytemp]
[emptyflash]
[resethosts]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________
Alt 11.07.2012, 21:36   #3
Pedro64
 
GVU-Virus unter Win 7 - das nächste Opfer - Standard

GVU-Virus unter Win 7 - das nächste Opfer


hallo t'john

habs vermutlich vermasselt. Ich hatte vergessen den Virenscanner (Avira) zu deaktivieren bevor ich den fix gestartet habe. Nun steht OTL seit ca. 20 Minuten mit der Meldung "Resetting HOSTS File. DO NOT INTERRUPT..." und es scheint sich nichts mehr zu tun.
Sorry für meine Blödheit - bin heute etwas von der Rolle.
__________________
Alt 12.07.2012, 00:21   #4
t'john
/// Helfer-Team
 
GVU-Virus unter Win 7 - das nächste Opfer - Standard

GVU-Virus unter Win 7 - das nächste Opfer


Mach Dir keine Gedanken

Deaktiviere Avira und lasse den Fix erneut laufen.

Poste dann das Log.
__________________
Mfg, t'john
Das TB unterstützen

Alt 12.07.2012, 01:37   #5
Pedro64
 
GVU-Virus unter Win 7 - das nächste Opfer - Standard

GVU-Virus unter Win 7 - das nächste Opfer


Wow, habs ja doch noch geschafft
Nachdem ich OTL das 2. Mal gestartet habe, hab ich folgendes Log erhalten:

Code:
ATTFilter
Files\Folders moved on Reboot...
File\Folder C:\Users\Pedro\AppData\Local\Temp\{E4AE2C71-DDB6-4229-9F20-204F6CFCB774}\fpb.tmp not found!
File move failed. C:\Users\Pedro\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Windows\System32\drivers\etc\Hosts moved successfully.

PendingFileRenameOperations files...
File C:\Users\Pedro\AppData\Local\Temp\{E4AE2C71-DDB6-4229-9F20-204F6CFCB774}\fpb.tmp not found!
[2012.07.11 02:42:49 | 000,000,000 | ---- | M] () C:\Users\Pedro\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5
File C:\Windows\System32\drivers\etc\Hosts not found!

Registry entries deleted on Reboot...
Nach dem 2. Fix und reboot erhielt ich folgendes:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files (x86)\Freecorder\prxtbFre0.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1916146632-4209647930-2302923303-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files (x86)\Freecorder\prxtbFre0.dll not found.
HKEY_USERS\S-1-5-21-1916146632-4209647930-2302923303-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-1916146632-4209647930-2302923303-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1916146632-4209647930-2302923303-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files (x86)\Freecorder\prxtbFre0.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files (x86)\Freecorder\prxtbFre0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\S-1-5-21-1916146632-4209647930-2302923303-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
File C:\Program Files (x86)\Freecorder\prxtbFre0.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WavXMgr not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IMSS not found.
File C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
File move failed. C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk scheduled to be moved on reboot.
File C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-430053540000}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-430053540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-430053540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-430053540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-430053540000}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f80241bf-01e9-11e0-919d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f80241bf-01e9-11e0-919d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f80241bf-01e9-11e0-919d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f80241bf-01e9-11e0-919d-806e6f6e6963}\ not found.
File F:\Client_Installation.exe not found.
========== COMMANDS ==========
Error: Unable to interpret <ipconfig /flushdns /c> in the current context!
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Drucker
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Pedro
->Temp folder emptied: 465096 bytes
->Temporary Internet Files folder emptied: 2046194 bytes
->Flash cache emptied: 492 bytes
 
User: Peter
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2,00 mb
 
 
[EMPTYFLASH]
 
User: Admin
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
 
User: Default User
 
User: Drucker
->Flash cache emptied: 0 bytes
 
User: Pedro
->Flash cache emptied: 0 bytes
 
User: Peter
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07122012_022506

Files\Folders moved on Reboot...
File\Folder C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk not found!
C:\Users\Pedro\AppData\Local\Temp\{F75A8FC9-D6F5-44A0-B1EF-890FD33B053D}\fpb.tmp moved successfully.
File move failed. C:\Users\Pedro\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk not found!
File C:\Users\Pedro\AppData\Local\Temp\{F75A8FC9-D6F5-44A0-B1EF-890FD33B053D}\fpb.tmp not found!
[2012.07.12 02:26:45 | 000,000,000 | ---- | M] () C:\Users\Pedro\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

Geändert von Pedro64 (12.07.2012 um 01:50 Uhr)

Alt 12.07.2012, 12:02   #6
t'john
/// Helfer-Team
 
GVU-Virus unter Win 7 - das nächste Opfer - Standard

GVU-Virus unter Win 7 - das nächste Opfer


Sehr gut!

Wie laueft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> GVU-Virus unter Win 7 - das nächste Opfer

Alt 12.07.2012, 17:32   #7
Pedro64
 
GVU-Virus unter Win 7 - das nächste Opfer - Standard

GVU-Virus unter Win 7 - das nächste Opfer


Hallo t'John

Der Rechner scheint wieder einwandfrei zu laufen.

Log von Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: PETERS_ACER [Administrator]

Schutz: Aktiviert

12.07.2012 17:47:05
mbam-log-2012-07-12 (17-47-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 441214
Laufzeit: 32 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Log von adwcleaner:
Code:
ATTFilter
# AdwCleaner v1.701 - Logfile created 07/12/2012 at 18:21:54
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Admin - PETERS_ACER
# Running from : C:\Users\Pedro\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Peter\AppData\Local\Conduit
Folder Found : C:\Users\Peter\AppData\LocalLow\Conduit
Folder Found : C:\Users\Peter\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Peter\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Admin\AppData\LocalLow\Conduit
Folder Found : C:\Users\Admin\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Admin\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Drucker\AppData\LocalLow\Conduit
Folder Found : C:\Users\Drucker\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Drucker\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Pedro\AppData\LocalLow\Conduit
Folder Found : C:\Users\Pedro\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\54kyerfz.default\Conduit
Folder Found : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\54kyerfz.default\ConduitCommon
Folder Found : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\54kyerfz.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Found : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\54kyerfz.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Found : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7s9vj2oo.default\extensions\staged
Folder Found : C:\Program Files (x86)\Conduit

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0 (de)

Profile name : default 
File : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\54kyerfz.default\prefs.js

Found : user_pref("CT1060933..clientLogIsEnabled", false);
Found : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT1060933.AppTrackingLastCheckTime", "Tue Mar 20 2012 22:06:40 GMT+0100");
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129633202291172081", true);
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129652058719725628", true);
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Found : user_pref("CT1060933.CTID", "CT1060933");
Found : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Wed Jul 11 2012 00:28:54 GMT+0200");
Found : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Found : user_pref("CT1060933.CommunityChanged", true);
Found : user_pref("CT1060933.CurrentServerDate", "10-7-2012");
Found : user_pref("CT1060933.DialogsAlignMode", "LTR");
Found : user_pref("CT1060933.DialogsGetterLastCheckTime", "Mon Jul 09 2012 00:06:52 GMT+0200");
Found : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
Found : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Wed Jul 04 2012 18:29:52 GMT+0200");
Found : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983");
Found : user_pref("CT1060933.DownloadReferralCookieData", "");
Found : user_pref("CT1060933.FirstServerDate", "9-1-2011");
Found : user_pref("CT1060933.FirstTime", true);
Found : user_pref("CT1060933.FirstTimeFF3", true);
Found : user_pref("CT1060933.FixPageNotFoundErrors", false);
Found : user_pref("CT1060933.GroupingInvalidateCache", false);
Found : user_pref("CT1060933.GroupingLastCheckTime", "0");
Found : user_pref("CT1060933.GroupingLastServerUpdateTime", "0");
Found : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Found : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT1060933.HasUserGlobalKeys", true);
Found : user_pref("CT1060933.HomePageProtectorEnabled", false);
Found : user_pref("CT1060933.Initialize", true);
Found : user_pref("CT1060933.InitializeCommonPrefs", true);
Found : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT1060933.InstalledDate", "Sun Jan 09 2011 14:22:53 GMT+0100");
Found : user_pref("CT1060933.InvalidateCache", false);
Found : user_pref("CT1060933.IsAlertDBUpdated", true);
Found : user_pref("CT1060933.IsGrouping", false);
Found : user_pref("CT1060933.IsMulticommunity", true);
Found : user_pref("CT1060933.IsOpenThankYouPage", true);
Found : user_pref("CT1060933.IsOpenUninstallPage", true);
Found : user_pref("CT1060933.LanguagePackLastCheckTime", "Tue Jul 10 2012 01:11:47 GMT+0200");
Found : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT1060933.LastLogin_3.10.0.1", "Mon Apr 23 2012 21:57:38 GMT+0200");
Found : user_pref("CT1060933.LastLogin_3.12.0.7", "Thu Apr 26 2012 20:25:06 GMT+0200");
Found : user_pref("CT1060933.LastLogin_3.12.2.3", "Thu May 31 2012 22:56:10 GMT+0200");
Found : user_pref("CT1060933.LastLogin_3.13.0.6", "Tue Jul 10 2012 21:16:41 GMT+0200");
Found : user_pref("CT1060933.LastLogin_3.2.1.3", "Sun Jan 09 2011 14:22:55 GMT+0100");
Found : user_pref("CT1060933.LastLogin_3.2.5.2", "Mon Mar 21 2011 17:53:07 GMT+0100");
Found : user_pref("CT1060933.LastLogin_3.3.2.1", "Fri Mar 25 2011 20:25:26 GMT+0100");
Found : user_pref("CT1060933.LastLogin_3.3.3.2", "Thu Aug 18 2011 10:25:45 GMT+0200");
Found : user_pref("CT1060933.LastLogin_3.6.0.10", "Sat Oct 15 2011 11:31:46 GMT+0200");
Found : user_pref("CT1060933.LastLogin_3.7.0.6", "Mon Nov 07 2011 22:17:07 GMT+0100");
Found : user_pref("CT1060933.LastLogin_3.8.0.8", "Tue Dec 06 2011 14:34:54 GMT+0100");
Found : user_pref("CT1060933.LastLogin_3.8.1.0", "Mon Jan 09 2012 23:07:46 GMT+0100");
Found : user_pref("CT1060933.LastLogin_3.9.0.3", "Thu Feb 16 2012 18:47:58 GMT+0100");
Found : user_pref("CT1060933.LatestVersion", "3.13.0.6");
Found : user_pref("CT1060933.Locale", "en-us");
Found : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Found : user_pref("CT1060933.MCDetectTooltipShow", true);
Found : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Found : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT1060933.RadioIsPodcast", false);
Found : user_pref("CT1060933.RadioLastCheckTime", "Tue Jul 10 2012 01:12:16 GMT+0200");
Found : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Found : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Found : user_pref("CT1060933.RadioMediaID", "21504193");
Found : user_pref("CT1060933.RadioMediaType", "Media Player");
Found : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT1060933_RECENT21504193");
Found : user_pref("CT1060933.RadioShrinkedFromSetup", false);
Found : user_pref("CT1060933.RadioStationName", "Blues%20HiFi");
Found : user_pref("CT1060933.RadioStationURL", "hxxp://www.radioindy.com/jamroom/play.php?mode=radio&id=463"[...]
Found : user_pref("CT1060933.SearchBoxWidth", 175);
Found : user_pref("CT1060933.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Found : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Found : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Found : user_pref("CT1060933.SearchInNewTabEnabled", true);
Found : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Tue Jul 10 2012 01:11:45 GMT+0200");
Found : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT1060933.SearchInNewTabUserEnabled", false);
Found : user_pref("CT1060933.SearchProtectorEnabled", false);
Found : user_pref("CT1060933.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT1060933.ServiceMapLastCheckTime", "Tue Jul 10 2012 01:11:46 GMT+0200");
Found : user_pref("CT1060933.SettingsLastCheckTime", "Wed Jul 11 2012 00:15:04 GMT+0200");
Found : user_pref("CT1060933.SettingsLastUpdate", "1341409951");
Found : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Wed Jul 04 2012 01:52:09 GMT+0200");
Found : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT1060933.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Found : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT1060933.UserID", "UN06768100567291402");
Found : user_pref("CT1060933.ValidationData_Search", 2);
Found : user_pref("CT1060933.ValidationData_Toolbar", 2);
Found : user_pref("CT1060933.alertChannelId", "15651");
Found : user_pref("CT1060933.approveUntrustedApps", false);
Found : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Found : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Found : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Found : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "247E70756B74757945473D3E3C3D3F3B224D4245327A342[...]
Found : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Found : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Found : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D6F6F6D71756D7471");
Found : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473757573777B737A77242F4B4947[...]
Found : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Found : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Found : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cji5c;m\"mbe", "247E61393F236B256F77767A2A212C6E414F444[...]
Found : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Found : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Found : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Found : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Found : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Found : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Found : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Found : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Found : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Found : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Found : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Found : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Found : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Found : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Found : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Found : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Found : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Found : user_pref("CT1060933.backendstorage./9b-0?3g>d", "6E6E3D6F3F4370407A727872772075784E4C254F217D4F2A56[...]
Found : user_pref("CT1060933.backendstorage./9b-0?3g@6:5;", "");
Found : user_pref("CT1060933.backendstorage./9b-0?3gfa7ef", "393F352F3E");
Found : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Found : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Found : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484778213F3E484F4E4D464[...]
Found : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "686A3C3E6E3E43717A6F7479757579784B4F4B7C7C");
Found : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6F6D71756D7474767578");
Found : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A");
Found : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E");
Found : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443");
Found : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Found : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D");
Found : user_pref("CT1060933.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Found : user_pref("CT1060933.backendstorage.autocompletepro_enable", "31");
Found : user_pref("CT1060933.backendstorage.autocompletepro_enable_auto", "30");
Found : user_pref("CT1060933.backendstorage.cb_firstuse0100", "31");
Found : user_pref("CT1060933.backendstorage.cbfirsttime", "5475652044656320313320323031312030313A31383A35382[...]
Found : user_pref("CT1060933.backendstorage.shoppingapp.gk.exipres", "53756E2044656320323520323031312031373A[...]
Found : user_pref("CT1060933.backendstorage.shoppingapp.gk.geolocation", "61757374726961");
Found : user_pref("CT1060933.backendstorage.url_history", "687474703A2F2F7777772E766F6C2E61742F67656F7267652[...]
Found : user_pref("CT1060933.backendstorage.url_history_time", "31333234343130313339393232");
Found : user_pref("CT1060933.components.129032145384800518", true);
Found : user_pref("CT1060933.components.129032148247613461", true);
Found : user_pref("CT1060933.components.129032152822456983", true);
Found : user_pref("CT1060933.components.129032154330894193", true);
Found : user_pref("CT1060933.components.129032155426050046", true);
Found : user_pref("CT1060933.components.129032157011675027", true);
Found : user_pref("CT1060933.components.129032162642925076", true);
Found : user_pref("CT1060933.components.129078058382649592", false);
Found : user_pref("CT1060933.components.129272674122038321", false);
Found : user_pref("CT1060933.components.129652058719725628", false);
Found : user_pref("CT1060933.components.129677514212584059", false);
Found : user_pref("CT1060933.components.129681785283868963", false);
Found : user_pref("CT1060933.components.129686665230467549", false);
Found : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Mon Jul 02 2012 17:38:10 GMT+0200");
Found : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Found : user_pref("CT1060933.initDone", true);
Found : user_pref("CT1060933.isAppTrackingManagerOn", true);
Found : user_pref("CT1060933.isFirstRadioInstallation", false);
Found : user_pref("CT1060933.myStuffEnabled", true);
Found : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Found : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT1060933.oldAppsList", "200,128346981843587669,128280995260143876,111,129272674122038321[...]
Found : user_pref("CT1060933.revertSettingsEnabled", true);
Found : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Found : user_pref("CT1060933.testingCtid", "");
Found : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Tue Jul 10 2012 01:11:47 GMT+0200");
Found : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Tue Jul 10 2012 19:23:58 GMT+0200");
Found : user_pref("CT1060933.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/AT", "\"0\"");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AT", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1060933&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Found : user_pref("CommunityToolbar.EngineOwner", "");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "freecorder");
Found : user_pref("CommunityToolbar.IsEngineShown", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Peter\\AppData\\Roaming\\Mozilla\\F[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Found : user_pref("CommunityToolbar.MiniIPageGadgetPosition. hxxp://storage.conduit.com/gadgets/LiveTV.html?[...]
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize. hxxp://storage.conduit.com/gadgets/LiveTV.html?sour[...]
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1060933");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "freecorder");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Mar 21 2011 19:29:14 GMT+01[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Aug 18 2011 13:34:45 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Aug 18 2011 10:25:44 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "353bf4d3-995a-4c38-977f-e294a69ce9fd");
Found : user_pref("CommunityToolbar.globalUserId", "62592e02-0add-4d09-aff7-04cb0c002aa2");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.killedEngine", true);
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jul 08 2012 16:12:0[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Jul 10 2012 01:11:54 GMT+020[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Jul 10 2012 01:11:46 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "e812edda-3ce8-4ba3-9330-e6be0c15f554");
Found : user_pref("CommunityToolbar.undefined", "");

Profile name : default 
File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7s9vj2oo.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [27780 octets] - [12/07/2012 18:21:54]

########## EOF - \AdwCleaner[R1].txt - [27909 octets] ##########
Soweit ich das interpretieren kann, scheint wieder alles sauber zu sein

Alt 12.07.2012, 19:12   #8
t'john
/// Helfer-Team
 
GVU-Virus unter Win 7 - das nächste Opfer - Standard

GVU-Virus unter Win 7 - das nächste Opfer


Sehr gut!

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.


danach:


Aktualisiere die DATENBANK
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
__________________
Mfg, t'john
Das TB unterstützen

Alt 12.07.2012, 20:28   #9
Pedro64
 
GVU-Virus unter Win 7 - das nächste Opfer - Standard

GVU-Virus unter Win 7 - das nächste Opfer


ok, folgende Ergebnisse:

AdwCleaner:
Code:
ATTFilter
# AdwCleaner v1.701 - Logfile created 07/12/2012 at 20:35:27
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Admin - PETERS_ACER
# Running from : C:\Users\Pedro\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Peter\AppData\Local\Conduit
Folder Deleted : C:\Users\Peter\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Peter\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Peter\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Admin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Admin\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Admin\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Drucker\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Drucker\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Drucker\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Pedro\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Pedro\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\54kyerfz.default\Conduit
Folder Deleted : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\54kyerfz.default\ConduitCommon
Folder Deleted : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\54kyerfz.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7s9vj2oo.default\extensions\staged
Folder Deleted : C:\Program Files (x86)\Conduit

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0 (de)

Profile name : default 
File : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\54kyerfz.default\prefs.js

Deleted : user_pref("CT1060933..clientLogIsEnabled", false);
Deleted : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1060933.AppTrackingLastCheckTime", "Tue Mar 20 2012 22:06:40 GMT+0100");
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129633202291172081", true);
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129652058719725628", true);
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Deleted : user_pref("CT1060933.CTID", "CT1060933");
Deleted : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Wed Jul 11 2012 00:28:54 GMT+0200");
Deleted : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Deleted : user_pref("CT1060933.CommunityChanged", true);
Deleted : user_pref("CT1060933.CurrentServerDate", "10-7-2012");
Deleted : user_pref("CT1060933.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1060933.DialogsGetterLastCheckTime", "Mon Jul 09 2012 00:06:52 GMT+0200");
Deleted : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
Deleted : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Wed Jul 04 2012 18:29:52 GMT+0200");
Deleted : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983");
Deleted : user_pref("CT1060933.DownloadReferralCookieData", "");
Deleted : user_pref("CT1060933.FirstServerDate", "9-1-2011");
Deleted : user_pref("CT1060933.FirstTime", true);
Deleted : user_pref("CT1060933.FirstTimeFF3", true);
Deleted : user_pref("CT1060933.FixPageNotFoundErrors", false);
Deleted : user_pref("CT1060933.GroupingInvalidateCache", false);
Deleted : user_pref("CT1060933.GroupingLastCheckTime", "0");
Deleted : user_pref("CT1060933.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1060933.HasUserGlobalKeys", true);
Deleted : user_pref("CT1060933.HomePageProtectorEnabled", false);
Deleted : user_pref("CT1060933.Initialize", true);
Deleted : user_pref("CT1060933.InitializeCommonPrefs", true);
Deleted : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT1060933.InstalledDate", "Sun Jan 09 2011 14:22:53 GMT+0100");
Deleted : user_pref("CT1060933.InvalidateCache", false);
Deleted : user_pref("CT1060933.IsAlertDBUpdated", true);
Deleted : user_pref("CT1060933.IsGrouping", false);
Deleted : user_pref("CT1060933.IsMulticommunity", true);
Deleted : user_pref("CT1060933.IsOpenThankYouPage", true);
Deleted : user_pref("CT1060933.IsOpenUninstallPage", true);
Deleted : user_pref("CT1060933.LanguagePackLastCheckTime", "Tue Jul 10 2012 01:11:47 GMT+0200");
Deleted : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1060933.LastLogin_3.10.0.1", "Mon Apr 23 2012 21:57:38 GMT+0200");
Deleted : user_pref("CT1060933.LastLogin_3.12.0.7", "Thu Apr 26 2012 20:25:06 GMT+0200");
Deleted : user_pref("CT1060933.LastLogin_3.12.2.3", "Thu May 31 2012 22:56:10 GMT+0200");
Deleted : user_pref("CT1060933.LastLogin_3.13.0.6", "Tue Jul 10 2012 21:16:41 GMT+0200");
Deleted : user_pref("CT1060933.LastLogin_3.2.1.3", "Sun Jan 09 2011 14:22:55 GMT+0100");
Deleted : user_pref("CT1060933.LastLogin_3.2.5.2", "Mon Mar 21 2011 17:53:07 GMT+0100");
Deleted : user_pref("CT1060933.LastLogin_3.3.2.1", "Fri Mar 25 2011 20:25:26 GMT+0100");
Deleted : user_pref("CT1060933.LastLogin_3.3.3.2", "Thu Aug 18 2011 10:25:45 GMT+0200");
Deleted : user_pref("CT1060933.LastLogin_3.6.0.10", "Sat Oct 15 2011 11:31:46 GMT+0200");
Deleted : user_pref("CT1060933.LastLogin_3.7.0.6", "Mon Nov 07 2011 22:17:07 GMT+0100");
Deleted : user_pref("CT1060933.LastLogin_3.8.0.8", "Tue Dec 06 2011 14:34:54 GMT+0100");
Deleted : user_pref("CT1060933.LastLogin_3.8.1.0", "Mon Jan 09 2012 23:07:46 GMT+0100");
Deleted : user_pref("CT1060933.LastLogin_3.9.0.3", "Thu Feb 16 2012 18:47:58 GMT+0100");
Deleted : user_pref("CT1060933.LatestVersion", "3.13.0.6");
Deleted : user_pref("CT1060933.Locale", "en-us");
Deleted : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1060933.MCDetectTooltipShow", true);
Deleted : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT1060933.RadioIsPodcast", false);
Deleted : user_pref("CT1060933.RadioLastCheckTime", "Tue Jul 10 2012 01:12:16 GMT+0200");
Deleted : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Deleted : user_pref("CT1060933.RadioMediaID", "21504193");
Deleted : user_pref("CT1060933.RadioMediaType", "Media Player");
Deleted : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT1060933_RECENT21504193");
Deleted : user_pref("CT1060933.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT1060933.RadioStationName", "Blues%20HiFi");
Deleted : user_pref("CT1060933.RadioStationURL", "hxxp://www.radioindy.com/jamroom/play.php?mode=radio&id=463"[...]
Deleted : user_pref("CT1060933.SearchBoxWidth", 175);
Deleted : user_pref("CT1060933.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Deleted : user_pref("CT1060933.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Tue Jul 10 2012 01:11:45 GMT+0200");
Deleted : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT1060933.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT1060933.SearchProtectorEnabled", false);
Deleted : user_pref("CT1060933.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT1060933.ServiceMapLastCheckTime", "Tue Jul 10 2012 01:11:46 GMT+0200");
Deleted : user_pref("CT1060933.SettingsLastCheckTime", "Wed Jul 11 2012 00:15:04 GMT+0200");
Deleted : user_pref("CT1060933.SettingsLastUpdate", "1341409951");
Deleted : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Wed Jul 04 2012 01:52:09 GMT+0200");
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT1060933.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Deleted : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT1060933.UserID", "UN06768100567291402");
Deleted : user_pref("CT1060933.ValidationData_Search", 2);
Deleted : user_pref("CT1060933.ValidationData_Toolbar", 2);
Deleted : user_pref("CT1060933.alertChannelId", "15651");
Deleted : user_pref("CT1060933.approveUntrustedApps", false);
Deleted : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "247E70756B74757945473D3E3C3D3F3B224D4245327A342[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D6F6F6D71756D7471");
Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473757573777B737A77242F4B4947[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cji5c;m\"mbe", "247E61393F236B256F77767A2A212C6E414F444[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Deleted : user_pref("CT1060933.backendstorage./9b-0?3g>d", "6E6E3D6F3F4370407A727872772075784E4C254F217D4F2A56[...]
Deleted : user_pref("CT1060933.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT1060933.backendstorage./9b-0?3gfa7ef", "393F352F3E");
Deleted : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Deleted : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Deleted : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484778213F3E484F4E4D464[...]
Deleted : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "686A3C3E6E3E43717A6F7479757579784B4F4B7C7C");
Deleted : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6F6D71756D7474767578");
Deleted : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT1060933.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT1060933.backendstorage.autocompletepro_enable", "31");
Deleted : user_pref("CT1060933.backendstorage.autocompletepro_enable_auto", "30");
Deleted : user_pref("CT1060933.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT1060933.backendstorage.cbfirsttime", "5475652044656320313320323031312030313A31383A35382[...]
Deleted : user_pref("CT1060933.backendstorage.shoppingapp.gk.exipres", "53756E2044656320323520323031312031373A[...]
Deleted : user_pref("CT1060933.backendstorage.shoppingapp.gk.geolocation", "61757374726961");
Deleted : user_pref("CT1060933.backendstorage.url_history", "687474703A2F2F7777772E766F6C2E61742F67656F7267652[...]
Deleted : user_pref("CT1060933.backendstorage.url_history_time", "31333234343130313339393232");
Deleted : user_pref("CT1060933.components.129032145384800518", true);
Deleted : user_pref("CT1060933.components.129032148247613461", true);
Deleted : user_pref("CT1060933.components.129032152822456983", true);
Deleted : user_pref("CT1060933.components.129032154330894193", true);
Deleted : user_pref("CT1060933.components.129032155426050046", true);
Deleted : user_pref("CT1060933.components.129032157011675027", true);
Deleted : user_pref("CT1060933.components.129032162642925076", true);
Deleted : user_pref("CT1060933.components.129078058382649592", false);
Deleted : user_pref("CT1060933.components.129272674122038321", false);
Deleted : user_pref("CT1060933.components.129652058719725628", false);
Deleted : user_pref("CT1060933.components.129677514212584059", false);
Deleted : user_pref("CT1060933.components.129681785283868963", false);
Deleted : user_pref("CT1060933.components.129686665230467549", false);
Deleted : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Mon Jul 02 2012 17:38:10 GMT+0200");
Deleted : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT1060933.initDone", true);
Deleted : user_pref("CT1060933.isAppTrackingManagerOn", true);
Deleted : user_pref("CT1060933.isFirstRadioInstallation", false);
Deleted : user_pref("CT1060933.myStuffEnabled", true);
Deleted : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1060933.oldAppsList", "200,128346981843587669,128280995260143876,111,129272674122038321[...]
Deleted : user_pref("CT1060933.revertSettingsEnabled", true);
Deleted : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT1060933.testingCtid", "");
Deleted : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Tue Jul 10 2012 01:11:47 GMT+0200");
Deleted : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Tue Jul 10 2012 19:23:58 GMT+0200");
Deleted : user_pref("CT1060933.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/AT", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AT", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1060933&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "freecorder");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Peter\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition. hxxp://storage.conduit.com/gadgets/LiveTV.html?[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize. hxxp://storage.conduit.com/gadgets/LiveTV.html?sour[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1060933");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "freecorder");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Mar 21 2011 19:29:14 GMT+01[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Aug 18 2011 13:34:45 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Aug 18 2011 10:25:44 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "353bf4d3-995a-4c38-977f-e294a69ce9fd");
Deleted : user_pref("CommunityToolbar.globalUserId", "62592e02-0add-4d09-aff7-04cb0c002aa2");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jul 08 2012 16:12:0[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Jul 10 2012 01:11:54 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Jul 10 2012 01:11:46 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "e812edda-3ce8-4ba3-9330-e6be0c15f554");
Deleted : user_pref("CommunityToolbar.undefined", "");

Profile name : default 
File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7s9vj2oo.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [27676 octets] - [12/07/2012 20:35:27]
AdwCleaner[R1].txt - [27895 octets] - [12/07/2012 18:21:54]

########## EOF - \AdwCleaner[S1].txt - [27866 octets] ##########
Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Pedro :: PETERS_ACER [limited]

Protection: Enabled

12.07.2012 20:45:11
mbam-log-2012-07-12 (20-45-11).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 339034
Time elapsed: 38 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Alt 13.07.2012, 11:33   #10
t'john
/// Helfer-Team
 
GVU-Virus unter Win 7 - das nächste Opfer - Standard

GVU-Virus unter Win 7 - das nächste Opfer


Sehr gut!

Mache bitte noch einen Scan mit Superantispyware: http://www.trojaner-board.de/51871-a...tispyware.html

danach:

Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.
__________________
Mfg, t'john
Das TB unterstützen

Alt 13.07.2012, 18:42   #11
Pedro64
 
GVU-Virus unter Win 7 - das nächste Opfer - Standard

GVU-Virus unter Win 7 - das nächste Opfer


Ich habe ja ganz am Anfang mit defogger irgendwelche Treiber deaktiviert. Muss ich diese wieder aktivieren, bevor ich mit OTL die Tools entferne?

Alt 13.07.2012, 19:22   #12
t'john
/// Helfer-Team
 
GVU-Virus unter Win 7 - das nächste Opfer - Standard

GVU-Virus unter Win 7 - das nächste Opfer


Die Reihenfolge spielt hier keine Rolle
__________________
Mfg, t'john
Das TB unterstützen

Alt 13.07.2012, 22:23   #13
Pedro64
 
GVU-Virus unter Win 7 - das nächste Opfer - Standard

GVU-Virus unter Win 7 - das nächste Opfer


ok, SUPERAntiSpyWare inst durch, folgendes Log:

SUPERAntiSpyware Scann-Protokoll
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generiert 07/13/2012 bei 09:34 PM

Version der Applikation : 5.5.1006

Version der Kern-Datenbank : 8895
Version der Spur-Datenbank : 6707

Scan Art : kompletter Scann
Totale Scann-Zeit : 01:42:49

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Limited User

Gescannte Speicherelemente : 633
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 70643
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 174087
Erfasste Datei-Elemente : 0

OTL mit clean-up ist ebenfals durch.

Alt 14.07.2012, 10:58   #15
Pedro64
 
GVU-Virus unter Win 7 - das nächste Opfer - Standard

GVU-Virus unter Win 7 - das nächste Opfer


Hallo t'john

tausend Dank für deine Hilfe!

Pedro

Antwort

Themen zu GVU-Virus unter Win 7 - das nächste Opfer
andere, anhängen, bundespolizei-virus, cftmon.lnk, defogger, ebenfalls, gefunde, go_0molg.pad, gvu trojaner, gvu trojaner entfernen, gvu trojaner mit webcam, gvu-virus, hänge, hängen, laufen, opfer, schön, webcam gvu trojaner, webcamfenster, win


« GVU-Trojaner mit Wasser Aufnahme ähnlich 2.04 | MyStart Incredibar entfernen »


Ähnliche Themen: GVU-Virus unter Win 7 - das nächste Opfer


  1. Der nächste Noob mit einem GVU:-(
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (35)
  2. Der nächste mit dem GVU-Trojaner...
    Log-Analyse und Auswertung - 11.09.2012 (9)
  3. Virus: Live Security Platinum - Der nächste Fall
    Log-Analyse und Auswertung - 06.09.2012 (3)
  4. Suisa die nächste
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (3)
  5. AKM-Virus hat noch ein Opfer...
    Log-Analyse und Auswertung - 11.06.2012 (19)
  6. Verschlüsselungstrojaner der nächste Betroffene
    Log-Analyse und Auswertung - 14.05.2012 (5)
  7. Sparkassen Trojaner die nächste...
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (2)
  8. Der nächste mit Virus Microsoft zahlen Sie 50 Euro
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (12)
  9. Und der nächste mit dem Bundestrojaner
    Log-Analyse und Auswertung - 17.08.2011 (2)
  10. ILoveYou - Nächste Runde ?
    Diskussionsforum - 27.06.2011 (1)
  11. Der nächste mit dem Metropolitan Police
    Plagegeister aller Art und deren Bekämpfung - 22.06.2011 (24)
  12. Nächste Mail die im Umlauf ist
    Überwachung, Datenschutz und Spam - 14.04.2007 (5)
  13. CoolWebSearch, die nächste
    Log-Analyse und Auswertung - 10.06.2005 (17)
  14. about blank, der nächste
    Plagegeister aller Art und deren Bekämpfung - 21.01.2005 (13)
  15. Der nächste, bitte ...
    Log-Analyse und Auswertung - 18.09.2004 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU-Virus unter Win 7 - das nächste Opfer - Hallo, erstmal schön, dass es euch gibt (und dass ich eich gefunden habe) und dass ihr hier so nett seid und anderen helft. Zu meinem Problem: ich habe mir ebenfalls - GVU-Virus unter Win 7 - das nächste Opfer...
Archiv
Du betrachtest: GVU-Virus unter Win 7 - das nächste Opfer auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131