| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner auf meinem Laptop - von allein wieder weg?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.07.2012, 13:19
| #1 |
 |  Trojaner auf meinem Laptop - von allein wieder weg? Hallo zusammen, ich bin sehr froh, dieses Forum gefunden zu haben und erbitte mir eure Hilfe. Vor ungefähr 2 Stunden erschien auf meinem Bildschirm das Bild der Bundespolizei mit meiner IP und der Nachricht, auf meinem Rechner seien Daten gefunden worden. Vor ungefähr einem halben Jahr hatte ich diesen Trojaner auch schon mal auf einem anderen Rechner, den ich seitdem nicht mehr benutze. Gleich nachdem das Fenster kam (oder bzw. der Bildschirm das zeigte), schaltete ich den Rechner aus und startete ihn neu - und hoffte inständig, dass das Fenster nicht noch mal kommt. Und seitdem ist mein Rechner auch (fast) wieder in Ordnung. Ich kann ins Internet, auf alle meine Daten zugreifen, nur kann ich nicht in den Task Manager. Ich wollte in den Prozessen nach jasha.exe oder wie auch immer der Trojaner heißt, schauen, aber immer, wenn ich Strg, Alt und Entf drücke, geht der Task Manager für eine Sekunde auf und dann gleich wieder zu, ich kann also nicht rein. Daher vermute ich, ist der Trojaner noch immer auf meinem Rechner. Doch wie finde ich ihn? Ich will hier nicht von allein rumdoktorn, weil ich überhaupt keine Ahnung von Computern habe, hab aber Angst, dass mir der Trojaner alle meine Daten zerstört. Avira sucht noch immer alle meine Daten durch, hat aber noch nichts gefunden. Was soll ich machen, damit der Trojaner wirklich nicht mehr da ist? Weg kann er von allein nicht sein, oder? Ich habe ja nichts gelöscht. Viele Grüße Anna |
|
24.07.2012, 13:26
| #2 |
  | Trojaner auf meinem Laptop - von allein wieder weg? Hi,
__________________OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. chris
__________________ |
|
24.07.2012, 13:33
| #3 |
| | Trojaner auf meinem Laptop - von allein wieder weg? Hallo Chris,
__________________vielen Dank für Deine Antwort! Das OTL lasse ich gerade laufen, soll ich das Malware danach gleich machen? Oder erst darauf warten, was Du sagst? Entschuldige, wenn das doofe Fragen sind, ich habe wirklich überhaupt keine Ahnung von dem ganzen. Danke, Anna OTL ist fertig, Malware läuft noch, hat aber inzwischen schon ein infiziertes.. gefunden. Oh die Textdateien sind zu groß, Kann ich sie reinkopieren? Geändert von Himmelblau (24.07.2012 um 14:30 Uhr) |
|
24.07.2012, 14:34
| #4 |
| | Trojaner auf meinem Laptop - von allein wieder weg? Hi, falls die Dateien zu groß sind, kannst du sie packen (z. B. izarc oder 7zip) und dem Post anhängen... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
24.07.2012, 18:06
| #5 |
| | Trojaner auf meinem Laptop - von allein wieder weg? Das OTL ist fertig, ich hänge beide Dateien an. Das Malware-Programm läuft noch, seit 4 Stunden.. ich hoffe, es ist bald fertig, so dass ich das auch das anhängen kann und dass ich dann weiß, wie ich den Trojaner wieder los werde. |
|
24.07.2012, 22:20
| #6 |
| | Trojaner auf meinem Laptop - von allein wieder weg? Ich hab jetzt den Quickscan durchgeführt, da das Vollscannen auch nach 8 Stunden noch nicht fertig war. Habe 2 infizierte Dateien, beim Report standen dann 4 da, die ich alle wie gefordert in Quarantäre geschoben habe. Report: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.24.12 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Katharina :: KATHARINA-PC [Administrator] Schutz: Aktiviert 24.07.2012 22:58:28 mbam-log-2012-07-24 (22-58-28).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205553 Laufzeit: 15 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Fcuco (Trojan.Agent.U) -> Daten: rundll32.exe "C:\Users\Katharina\AppData\Local\coronmPO.dll",Startup -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|7z8qaj0txd (Trojan.Agent) -> Daten: C:\Users\Katharina\7z8qaj0txd.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Katharina\AppData\Local\Temp\wpbt0.dll (Spyware.Zbot.DG) -> Löschen bei Neustart. C:\Users\Katharina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
25.07.2012, 06:50
| #7 |
| | Trojaner auf meinem Laptop - von allein wieder weg? Hi, einige Sachen die MAM gefunden hat, lass ich nochmal bereinigen... Fix für OTL:
 Code:
ATTFilter
:OTL
MOD - C:\Users\KATHAR~1\AppData\Local\Temp\wpbt0.dll ()
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [7z8qaj0txd] C:\Users\Katharina\7z8qaj0txd.exe File not found
O4 - HKCU..\Run: [Fcuco] rundll32.exe "C:\Users\Katharina\AppData\Local\coronmPO.dll",Startup File not found
[2012.07.24 11:48:24 | 000,001,722 | ---- | M] () -- C:\Users\Katharina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.24 11:48:24 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.03.20 18:31:34 | 000,002,048 | -HS- | C] () -- C:\Users\Katharina\AppData\Local\f5f300bd\@
:Commands
[emptytemp]
[Reboot]
Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
25.07.2012, 20:34
| #8 |
| | Trojaner auf meinem Laptop - von allein wieder weg? Hallo Chris, ich hab das OTL gestartet, der Bildschirmhintergrund wurde sofort hellblau. Nach 2 Min ist das Programm abgeschmiert und ich konnte nichts mehr machen. Es ging nirgends mehr zu drücken. Habe PC neu gestartet und es erschien ein Fenster, in dem das stand: Files\Folders moved on Reboot... File\Folder C:\Users\Katharina\AppData\Local\Temp\tmp-30f.xpi not found! C:\Users\Katharina\AppData\Local\Temp\~DF23F4.tmp moved successfully. C:\Users\Katharina\AppData\Local\Mozilla\Firefox\Profiles\gi3cdu5l.default\startupCache\startupCache.4.little moved successfully. File\Folder C:\Users\Katharina\AppData\Local\Mozilla\Firefox\Profiles\gi3cdu5l.default\Cache\C\19\6351Fd01 not found! File move failed. C:\Users\Katharina\AppData\Local\Mozilla\Firefox\Profiles\gi3cdu5l.default\Cache\_CACHE_001_ scheduled to be moved on reboot. PendingFileRenameOperations files... File C:\Users\Katharina\AppData\Local\Temp\tmp-30f.xpi not found! File C:\Users\Katharina\AppData\Local\Temp\~DF23F4.tmp not found! File C:\Users\Katharina\AppData\Local\Mozilla\Firefox\Profiles\gi3cdu5l.default\startupCache\startupCache.4.little not found! File C:\Users\Katharina\AppData\Local\Mozilla\Firefox\Profiles\gi3cdu5l.default\Cache\C\19\6351Fd01 not found! [2012.07.25 21:05:16 | 000,063,861 | ---- | M] () C:\Users\Katharina\AppData\Local\Mozilla\Firefox\Profiles\gi3cdu5l.default\Cache\_CACHE_001_ : Unable to obtain MD5 Registry entries deleted on Reboot... War es nun erfolgreich? Ich hab Angst, dass das nun eben, weil es total abgeschmiert war und ich neu gestartet habe, nun nicht repariert ist und deswegen mache ich erstmal mit Combofix nicht.. War das richtig? Irgendwie weiß ich auch nicht, wieso das nicht richtig ging bei mir. Ich habe OTL jetzt nun noch mal laufen lassen, es kam die Nachricht, dass ich das System neu starten solle, um die Dateien erfolgreich zu löschen (in dem Sinn). Habe es getan und das Fenster war auf dem PC: All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\7z8qaj0txd not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Fcuco not found. File C:\Users\Katharina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. File C:\ProgramData\0tbpw.pad not found. File C:\Users\Katharina\AppData\Local\f5f300bd\@ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Katharina ->Temp folder emptied: 2206010 bytes ->Temporary Internet Files folder emptied: 97857 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 65360961 bytes ->Flash cache emptied: 1198 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 961402 bytes RecycleBin emptied: 19024061 bytes Total Files Cleaned = 84,00 mb OTL by OldTimer - Version 3.2.54.1 log created on 07252012_213439 Files\Folders moved on Reboot... C:\Users\Katharina\AppData\Local\Temp\~DF6C5C.tmp moved successfully. File\Folder C:\Windows\temp\ZLT03562.TMP not found! PendingFileRenameOperations files... File C:\Users\Katharina\AppData\Local\Temp\~DF6C5C.tmp not found! File C:\Windows\temp\ZLT03562.TMP not found! Registry entries deleted on Reboot... Ich mache jetzt das mit dem Combo Fix und schreibe das dann auch hierein. |
|
25.07.2012, 22:27
| #9 |
| | Trojaner auf meinem Laptop - von allein wieder weg? Das ComboFix ist jetzt auch bei mir durchgelaufen. Ich hänge es an. Öffnen kann ich es nicht mehr, da steht dann: Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde. Was heißt das? Alles, was auf dem Desktop ist (und ich hab grad probiert, überhaupt alle Dateien, egal ob Bilder, Ordner oder Doumente), kann ich jetzt nicht mehr öffnen, ich muss auf Freigabe gehen (und das dauert minutenlang, ohne dass da was passiert) und Mozilla Firefox muss ich als Administrator öffnen, das ging vorher auch ohne. Oje, was soll ich jetzt machen? Ist ja anscheinend bereinigt, aber ich bekomm nichts mehr auf! Edit: Hab in einem anderen Thread zu einem Bundespolizei-Trojaner gelesen, dass das Problem behoben wird, wenn neu gestartet wird. Hab auch neu gestartet und es geht jetzt wieder alles "wie früher" auf, ohne Probleme. Geändert von Himmelblau (25.07.2012 um 22:43 Uhr) |
|
26.07.2012, 06:41
| #10 |
| | Trojaner auf meinem Laptop - von allein wieder weg? Hi, erstellt und poste ein neues OTL-Log. AdwareCleaner (AdwCleaner) Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! Poste die Logfiles in Code-Tags Download über AdwCleaner by Xplode zum Desktop.  Starte AdwCleaner und klicke Search Nach einiger zeit öffnet ein Logfile (C:\AdwCleaner[xx].txt) poste dessen Inhalt hier ins Forum. chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
26.07.2012, 11:58
| #11 |
| | Trojaner auf meinem Laptop - von allein wieder weg? Hi, hab OTL laufen lassen und hänge es an. ADW sagt: # AdwCleaner v1.703 - Logfile created 07/26/2012 at 12:52:48 # Updated 20/07/2012 by Xplode # Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits) # User : Katharina - KATHARINA-PC # Running from : C:\Users\Katharina\Downloads\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Katharina\AppData\Local\AskToolbar Folder Found : C:\Users\Katharina\AppData\Local\OpenCandy Folder Found : C:\Users\Katharina\AppData\LocalLow\AskToolbar Folder Found : C:\Users\Katharina\AppData\LocalLow\Conduit Folder Found : C:\Users\Katharina\AppData\LocalLow\DVDVideoSoftTB Folder Found : C:\Users\Katharina\AppData\LocalLow\PriceGong Folder Found : C:\Users\Katharina\AppData\LocalLow\Search_USA Folder Found : C:\Users\Katharina\AppData\LocalLow\ZoneAlarm-Sicherheit Folder Found : C:\Users\Gast\AppData\LocalLow\AskToolbar Folder Found : C:\Users\Gast\AppData\LocalLow\Conduit Folder Found : C:\Users\Gast\AppData\LocalLow\DVDVideoSoftTB Folder Found : C:\Users\Gast\AppData\LocalLow\PriceGong Folder Found : C:\Users\Gast\AppData\LocalLow\Search_USA Folder Found : C:\Users\Gast\AppData\LocalLow\ZoneAlarm-Sicherheit Folder Found : C:\Users\Katharina\AppData\Roaming\OpenCandy Folder Found : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\gi3cdu5l.default\Conduit Folder Found : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\gi3cdu5l.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} Folder Found : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\gi3cdu5l.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} Folder Found : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\gi3cdu5l.default\extensions\toolbar@ask.com Folder Found : C:\Program Files\Ask.com Folder Found : C:\Program Files\Conduit Folder Found : C:\Program Files\DVDVideoSoftTB Folder Found : C:\Program Files\Search_USA Folder Found : C:\Program Files\ZoneAlarm-Sicherheit Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2613550 Key Found : HKCU\Software\APN Key Found : HKCU\Software\AppDataLow\AskToolbarInfo Key Found : HKCU\Software\AppDataLow\Software\AskToolbar Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\Search_USA Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Ask.com Key Found : HKCU\Software\AskToolbar Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\APN Key Found : HKLM\SOFTWARE\AskToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\DVDVideoSoftTB Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search_USA Toolbar Key Found : HKLM\SOFTWARE\ZoneAlarm-Sicherheit Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{48405D3D-2674-4CD8-B1EF-9A719443BD3F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48405D3D-2674-4CD8-B1EF-9A719443BD3F} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48405D3D-2674-4CD8-B1EF-9A719443BD3F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48405D3D-2674-4CD8-B1EF-9A719443BD3F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{48405D3D-2674-4CD8-B1EF-9A719443BD3F}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{48405D3D-2674-4CD8-B1EF-9A719443BD3F}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{48405D3D-2674-4CD8-B1EF-9A719443BD3F}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{48405D3D-2674-4CD8-B1EF-9A719443BD3F}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\gi3cdu5l.default\prefs.js Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2269050.CTID", "CT2269050"); Found : user_pref("CT2269050.CurrentServerDate", "3-10-2010"); Found : user_pref("CT2269050.DialogsAlignMode", "LTR"); Found : user_pref("CT2269050.DownloadReferralCookieData", ""); Found : user_pref("CT2269050.EMailNotifierPollDate", "Sun Oct 03 2010 10:03:38 GMT+0200"); Found : user_pref("CT2269050.FirstServerDate", "2-10-2010"); Found : user_pref("CT2269050.FirstTime", true); Found : user_pref("CT2269050.FirstTimeFF3", true); Found : user_pref("CT2269050.FirstTimeSettingsDone", true); Found : user_pref("CT2269050.FixPageNotFoundErrors", true); Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440); Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2269050.Initialize", true); Found : user_pref("CT2269050.InitializeCommonPrefs", true); Found : user_pref("CT2269050.InstallationAndCookieDataSentCount", 2); Found : user_pref("CT2269050.InstallationType", "UnknownIntegration"); Found : user_pref("CT2269050.InstalledDate", "Sat Oct 02 2010 19:13:44 GMT+0200"); Found : user_pref("CT2269050.InvalidateCache", false); Found : user_pref("CT2269050.IsGrouping", false); Found : user_pref("CT2269050.IsMulticommunity", false); Found : user_pref("CT2269050.IsOpenThankYouPage", false); Found : user_pref("CT2269050.IsOpenUninstallPage", false); Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Sat Oct 02 2010 19:13:47 GMT+0200"); Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2269050.LastLogin_2.7.2.0", "Sun Oct 03 2010 10:03:38 GMT+0200"); Found : user_pref("CT2269050.LatestVersion", "2.7.2.0"); Found : user_pref("CT2269050.Locale", "en"); Found : user_pref("CT2269050.LoginCache", 4); Found : user_pref("CT2269050.MCDetectTooltipHeight", "83"); Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2269050.MCDetectTooltipWidth", "295"); Found : user_pref("CT2269050.RadioIsPodcast", false); Found : user_pref("CT2269050.RadioLastCheckTime", "Sat Oct 02 2010 19:13:47 GMT+0200"); Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000"); Found : user_pref("CT2269050.RadioMediaID", "12473383"); Found : user_pref("CT2269050.RadioMediaType", "Media Player"); Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383"); Found : user_pref("CT2269050.RadioStationName", "Hotmix%20108"); Found : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082"); Found : user_pref("CT2269050.SavedHomepage", "hxxp://www.spiegel.de/"); Found : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true); Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...] Found : user_pref("CT2269050.SearchInNewTabEnabled", true); Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sat Oct 02 2010 19:13:47 GMT+0200"); Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2269050.SettingsCheckIntervalMin", 120); Found : user_pref("CT2269050.SettingsLastCheckTime", "Sun Oct 03 2010 10:03:38 GMT+0200"); Found : user_pref("CT2269050.SettingsLastUpdate", "1285583098"); Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sat Oct 02 2010 19:13:44 GMT+0200"); Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578"); Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Found : user_pref("CT2269050.UserID", "UN10911472609228157"); Found : user_pref("CT2269050.WeatherNetwork", ""); Found : user_pref("CT2269050.WeatherPollDate", "Sun Oct 03 2010 10:03:39 GMT+0200"); Found : user_pref("CT2269050.WeatherUnit", "C"); Found : user_pref("CT2269050.alertChannelId", "666138"); Found : user_pref("CT2269050.clientLogIsEnabled", false); Found : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Found : user_pref("CT2269050.myStuffEnabled", true); Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400); Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Found : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2613550.CTID", "ct2613550"); Found : user_pref("CT2613550.CurrentServerDate", "5-11-2010"); Found : user_pref("CT2613550.DialogsAlignMode", "LTR"); Found : user_pref("CT2613550.DownloadReferralCookieData", ""); Found : user_pref("CT2613550.EMailNotifierPollDate", "Fri Nov 05 2010 20:26:12 GMT+0100"); Found : user_pref("CT2613550.FeedPollDate129254982599602533", "Fri Nov 05 2010 20:26:43 GMT+0100"); Found : user_pref("CT2613550.FeedPollDate129254982599602539", "Fri Nov 05 2010 20:26:43 GMT+0100"); Found : user_pref("CT2613550.FeedPollDate129254982599602545", "Fri Nov 05 2010 20:26:43 GMT+0100"); Found : user_pref("CT2613550.FeedPollDate129254982599602551", "Fri Nov 05 2010 20:26:43 GMT+0100"); Found : user_pref("CT2613550.FeedPollDate129254982599602557", "Fri Nov 05 2010 20:26:43 GMT+0100"); Found : user_pref("CT2613550.FeedPollDate129254982599602563", "Fri Nov 05 2010 20:26:43 GMT+0100"); Found : user_pref("CT2613550.FeedPollDate129254982599602569", "Fri Nov 05 2010 20:26:43 GMT+0100"); Found : user_pref("CT2613550.FeedPollDate129254982599602575", "Fri Nov 05 2010 20:26:43 GMT+0100"); Found : user_pref("CT2613550.FeedPollDate129254982599602581", "Fri Nov 05 2010 20:26:43 GMT+0100"); Found : user_pref("CT2613550.FeedPollDate129254982599602587", "Fri Nov 05 2010 20:26:43 GMT+0100"); Found : user_pref("CT2613550.FeedPollDate129254982599602593", "Fri Nov 05 2010 20:26:43 GMT+0100"); Found : user_pref("CT2613550.FeedPollDate129254982599602599", "Fri Nov 05 2010 20:26:43 GMT+0100"); Found : user_pref("CT2613550.FeedPollDate129254982599602605", "Fri Nov 05 2010 20:26:43 GMT+0100"); Found : user_pref("CT2613550.FeedPollDate129254982599602611", "Fri Nov 05 2010 20:26:43 GMT+0100"); Found : user_pref("CT2613550.FeedPollDate129254982599602617", "Fri Nov 05 2010 20:26:43 GMT+0100"); Found : user_pref("CT2613550.FeedPollDate129254982599602623", "Fri Nov 05 2010 20:26:43 GMT+0100"); Found : user_pref("CT2613550.FeedPollDate129254982599602629", "Fri Nov 05 2010 20:26:43 GMT+0100"); Found : user_pref("CT2613550.FeedTTL129254982599602545", 5); Found : user_pref("CT2613550.FeedTTL129254982599602551", 5); Found : user_pref("CT2613550.FeedTTL129254982599602575", 2); Found : user_pref("CT2613550.FeedTTL129254982599602605", 5); Found : user_pref("CT2613550.FeedTTL129254982599602617", 30); Found : user_pref("CT2613550.FirstServerDate", "5-11-2010"); Found : user_pref("CT2613550.FirstTime", true); Found : user_pref("CT2613550.FirstTimeFF3", true); Found : user_pref("CT2613550.FirstTimeSettingsDone", true); Found : user_pref("CT2613550.FixPageNotFoundErrors", true); Found : user_pref("CT2613550.GroupingServerCheckInterval", 1440); Found : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2613550.Initialize", true); Found : user_pref("CT2613550.InitializeCommonPrefs", true); Found : user_pref("CT2613550.InstallationAndCookieDataSentCount", 2); Found : user_pref("CT2613550.InstallationType", "UnknownIntegration"); Found : user_pref("CT2613550.InstalledDate", "Fri Nov 05 2010 20:26:12 GMT+0100"); Found : user_pref("CT2613550.IsGrouping", false); Found : user_pref("CT2613550.IsMulticommunity", false); Found : user_pref("CT2613550.IsOpenThankYouPage", false); Found : user_pref("CT2613550.IsOpenUninstallPage", true); Found : user_pref("CT2613550.LanguagePackLastCheckTime", "Fri Nov 05 2010 20:26:45 GMT+0100"); Found : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2613550.LastLogin_2.7.2.0", "Fri Nov 05 2010 20:26:46 GMT+0100"); Found : user_pref("CT2613550.LatestVersion", "2.7.1.3"); Found : user_pref("CT2613550.Locale", "de-de"); Found : user_pref("CT2613550.LoginCache", 4); Found : user_pref("CT2613550.MCDetectTooltipHeight", "83"); Found : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2613550.MCDetectTooltipWidth", "295"); Found : user_pref("CT2613550.RadioIsPodcast", false); Found : user_pref("CT2613550.RadioMediaID", "8546"); Found : user_pref("CT2613550.RadioMediaType", "Media Player"); Found : user_pref("CT2613550.RadioMenuSelectedID", "EBRadioMenu_CT26135508546"); Found : user_pref("CT2613550.RadioStationName", "Radio%208"); Found : user_pref("CT2613550.RadioStationURL", "hxxp://stream.radio8.de:8000/live.m3u"); Found : user_pref("CT2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Found : user_pref("CT2613550.SearchFromAddressBarIsInit", true); Found : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...] Found : user_pref("CT2613550.SearchInNewTabEnabled", true); Found : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2613550.SettingsCheckIntervalMin", 120); Found : user_pref("CT2613550.SettingsLastCheckTime", "Fri Nov 05 2010 20:26:08 GMT+0100"); Found : user_pref("CT2613550.SettingsLastUpdate", "1285580322"); Found : user_pref("CT2613550.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Fri Nov 05 2010 20:26:08 GMT+0100"); Found : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255348257"); Found : user_pref("CT2613550.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Found : user_pref("CT2613550.UserID", "UN25473148721948179"); Found : user_pref("CT2613550.ValidationData_Toolbar", 1); Found : user_pref("CT2613550.WeatherNetwork", ""); Found : user_pref("CT2613550.WeatherPollDate", "Fri Nov 05 2010 20:26:47 GMT+0100"); Found : user_pref("CT2613550.WeatherUnit", "C"); Found : user_pref("CT2613550.alertChannelId", "1006347"); Found : user_pref("CT2613550.clientLogIsEnabled", true); Found : user_pref("CT2613550.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Found : user_pref("CT2613550.components.1000082", true); Found : user_pref("CT2613550.components.1000234", true); Found : user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR"); Found : user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 359); Found : user_pref("CT2613550.ct2613550.FirstTimeSettingsDone", true); Found : user_pref("CT2613550.ct2613550.InvalidateCache", false); Found : user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Fri Nov 05 2010 20:26:46 GMT+0100"); Found : user_pref("CT2613550.ct2613550.Locale", "de-de"); Found : user_pref("CT2613550.ct2613550.RadioLastCheckTime", "Fri Nov 05 2010 20:26:45 GMT+0100"); Found : user_pref("CT2613550.ct2613550.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2613550.ct2613550.RadioLastUpdateServer", "0"); Found : user_pref("CT2613550.ct2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...] Found : user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Fri Nov 05 2010 20:26:46 GMT+0100"); Found : user_pref("CT2613550.ct2613550.SettingsCheckIntervalMin", 120); Found : user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Fri Nov 05 2010 20:26:43 GMT+0100"); Found : user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1285580322"); Found : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Fri Nov 05 2010 20:26:43 GMT+0100"); Found : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1255348257"); Found : user_pref("CT2613550.myStuffEnabled", true); Found : user_pref("CT2613550.myStuffPublihserMinWidth", 400); Found : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2613550.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2613550.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.finduny.com?client=mozilla-fi[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,CT2613550"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050,CT2613550"); Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Nov 05 2010 20:26:13 GMT+0100"); Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2613550"); Found : user_pref("browser.search.defaultengine", "Ask.com"); Found : user_pref("browser.search.defaultthis.engineName", "ZoneAlarm-Sicherheit Customized Web Search"); Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&Sea[...] Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\"); Found : user_pref("extensions.asktb.abar-war-timeout", "4000"); Found : user_pref("extensions.asktb.autofill-competitor-query-enabled", true); Found : user_pref("extensions.asktb.autofill-text-highlight-enabled", true); Found : user_pref("extensions.asktb.cbid", "U9"); Found : user_pref("extensions.asktb.config-updated", false); Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...] Found : user_pref("extensions.asktb.displaybehavior", ""); Found : user_pref("extensions.asktb.displaytext", ""); Found : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true); Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.finduny.com?client=mozilla-firefox[...] Found : user_pref("extensions.asktb.first-launch-url", "hxxp://forward.immobilienscout24.de/9004EXPXXUA/main[...] Found : user_pref("extensions.asktb.first-restart-after-config-update", true); Found : user_pref("extensions.asktb.guid", "27D3DA23-5C9A-4FA2-BD3B-4EFDA44A41DC"); Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...] Found : user_pref("extensions.asktb.if", "su"); Found : user_pref("extensions.asktb.l", "dis"); Found : user_pref("extensions.asktb.last-config-req", "1334994929010"); Found : user_pref("extensions.asktb.last-v", "3.14.1.100010"); Found : user_pref("extensions.asktb.locale", "de_DE"); Found : user_pref("extensions.asktb.lstation", ""); Found : user_pref("extensions.asktb.news-native-on", true); Found : user_pref("extensions.asktb.o", "15012"); Found : user_pref("extensions.asktb.options-lang", "de"); Found : user_pref("extensions.asktb.options-locale", "DE"); Found : user_pref("extensions.asktb.pstate", ""); Found : user_pref("extensions.asktb.qsrc", "2871"); Found : user_pref("extensions.asktb.sa", "YES"); Found : user_pref("extensions.asktb.saguid", "378B6506-12BF-48D3-A89A-53C9068FB8E1"); Found : user_pref("extensions.asktb.save-searches", false); Found : user_pref("extensions.asktb.search-suggestions-enabled", true); Found : user_pref("extensions.asktb.show-labels", false); Found : user_pref("extensions.asktb.silent-upgrade", true); Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true); Found : user_pref("extensions.asktb.socialmini-first", true); Found : user_pref("extensions.asktb.socialmini-interval", "1200000"); Found : user_pref("extensions.asktb.socialmini-max-char-ticker", "33"); Found : user_pref("extensions.asktb.socialmini-max-items", "30"); Found : user_pref("extensions.asktb.socialmini-native-on", true); Found : user_pref("extensions.asktb.socialmini-speed", "5000"); Found : user_pref("extensions.asktb.socialmini-transition-first-open", false); Found : user_pref("extensions.asktb.themeid", ""); Found : user_pref("extensions.asktb.timeinstalled", "26.02.2012 14:07:32"); Profile name : default File : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\a21hrbsg.default\prefs.js Found : user_pref("browser.search.defaultengine", "Ask.com"); Found : user_pref("browser.search.defaultenginename", "Ask.com"); Found : user_pref("browser.search.order.1", "Ask.com"); Found : user_pref("browser.search.selectedEngine", "Ask.com"); Found : user_pref("extensions.asktb.ff-original-keyword-url", ""); Found : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale[...] ************************* AdwCleaner[R1].txt - [27606 octets] - [26/07/2012 12:52:48] ########## EOF - C:\AdwCleaner[R1].txt - [27735 octets] ########## |
|
26.07.2012, 12:48
| #12 |
| | Trojaner auf meinem Laptop - von allein wieder weg? Hi, Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Users\KATHAR~1\AppData\Local\Temp\RtkBtMnt.exe
Fix für OTL:
Code:
ATTFilter
:OTL
[2010.02.23 17:00:13 | 000,004,958 | ---- | C] () -- C:\ProgramData\ievrqwtz.wda
:Commands
[emptytemp]
[Reboot]
AdwareCleaner Schliesse alle offenstehende Fenster und starte AdwCleaner (Win7/Vista: Als Administrator ausführen)
Dein Rechner wird neu gestartet und es öffnet sich ein Logfile (C:\AdwCleaner[xx].txt), poste dessen Inhalt hier ins Forum. Combofix deinstallieren: Klicke auf Start (Windows 7 Start Button) und tippe dann in das Suchfeld combofix /uninstall, wie im Piktogram unter diesem Text mit dem blauen Pfeil. Bitte sicherstellen, dass ein Leerzeichen zwischen Combofix und /uninstall ist. Combofix deinstallieren  Wie verhält sich der Rechner? chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
26.07.2012, 19:47
| #13 |
| | Trojaner auf meinem Laptop - von allein wieder weg? Hi Chris, Virtustotal sagt: SHA256: 1e70efae86aba0b89fa3772a11cd3e42d830c830021fcf0317ff61fbb08581a0 SHA1: 62712d7f62d2a64c3876c7184688af95bd60b7ba MD5: b2994ec6452dbd04e57828eefedfb93c File size: 200.0 KB ( 204800 bytes ) File name: RtkBtMnt.exe File type: Win32 EXE Detection ratio: 0 / 41 Analysis date: 2012-07-26 18:43:34 UTC ( 1 Minute ago ) 0 0 More details Antivirus Result Update AhnLab-V3 - 20120726 AntiVir - 20120726 Antiy-AVL - 20120726 Avast - 20120726 AVG - 20120726 BitDefender - 20120726 ByteHero - 20120723 CAT-QuickHeal - 20120724 ClamAV - 20120726 Commtouch - 20120726 Comodo - 20120726 DrWeb - 20120726 Emsisoft - 20120726 eSafe - 20120726 ESET-NOD32 - 20120726 F-Prot - 20120726 F-Secure - 20120726 Fortinet - 20120726 GData - 20120726 Ikarus - 20120726 Jiangmin - 20120726 K7AntiVirus - 20120726 Kaspersky - 20120726 McAfee - 20120726 McAfee-GW-Edition - 20120726 Microsoft - 20120726 Norman - 20120726 nProtect - 20120726 Panda - 20120726 Rising - 20120726 Sophos - 20120726 SUPERAntiSpyware - 20120726 Symantec - 20120726 TheHacker - 20120726 TotalDefense - 20120724 TrendMicro - 20120726 TrendMicro-HouseCall - 20120726 VBA32 - 20120726 VIPRE - 20120726 ViRobot - 20120726 VirusBuster - 20120725 Comments Votes Additional information ssdeep 3072:MP+fea6s2EsnbwxCvsSyV0Tla4ePjGbVyumqgzZ1wr73M2e/5C9VT1y:MPja6sGbwxCvsxV0Tw/ybKPrE9W TrID Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%) ExifTool UninitializedDataSize....: 0 InitializedDataSize......: 61440 ImageVersion.............: 0.0 ProductName..............: Realtek HD Audio Data Rerouter FileVersionNumber........: 1.0.0.10 LanguageCode.............: English (U.S.) FileFlagsMask............: 0x003f FileDescription..........: Realtek HD Audio Data Rerouter CharacterSet.............: Windows, Latin1 LinkerVersion............: 8.0 FileOS...................: Win32 MIMEType.................: application/octet-stream Subsystem................: Windows GUI FileVersion..............: 1, 0, 0, 10 TimeStamp................: 2008:02:01 12:21:22+01:00 FileType.................: Win32 EXE PEType...................: PE32 InternalName.............: RtkBtMnt ProductVersion...........: 1, 0, 0, 10 SubsystemVersion.........: 4.0 OSVersion................: 4.0 OriginalFilename.........: RtkBtMnt.exe LegalCopyright...........: 2006 (c) Realtek Semiconductor. All rights reserved. MachineType..............: Intel 386 or later, and compatibles CompanyName..............: Realtek Semiconductor Corp. CodeSize.................: 139264 FileSubtype..............: 0 ProductVersionNumber.....: 1.0.0.10 EntryPoint...............: 0x10ddb ObjectFileType...........: Executable application Sigcheck publisher................: Realtek Semiconductor Corp. product..................: Realtek HD Audio Data Rerouter internal name............: RtkBtMnt copyright................: 2006 (c) Realtek Semiconductor. All rights reserved. original name............: RtkBtMnt.exe file version.............: 1, 0, 0, 10 description..............: Realtek HD Audio Data Rerouter Portable Executable structural information Compilation timedatestamp.....: 2008-02-01 11:21:22 Target machine................: 0x14C (Intel 386 or later processors and compatible processors) Entry point address...........: 0x00010DDB PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 4096 138549 139264 6.62 58054b52ff8e60d88b260ae90a9e3c04 .rdata 143360 31768 32768 4.93 46a72ed716321ecce539f421566f1bca .data 176128 23896 8192 3.73 9cbab83648da897a3178d3b856db1fc4 .rsrc 200704 20220 20480 3.58 ce7f063762df2d2a2abba0bd5ede3fec PE Imports....................: [[SHLWAPI.dll]] PathFindExtensionW, PathFindFileNameW [[OLEAUT32.dll]] -, -, - [[GDI32.dll]] Escape, SelectObject, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, DeleteDC, DeleteObject, GetStockObject, RestoreDC, RectVisible, SaveDC, PtVisible, ExtTextOutW, SetBkColor, SetTextColor, GetClipBox, CreateBitmap, GetDeviceCaps, SetMapMode, TextOutW [[KERNEL32.dll]] GlobalFlags, GetModuleHandleA, ReadFile, WriteFile, SetFilePointer, FlushFileBuffers, SetErrorMode, HeapFree, HeapAlloc, GetProcessHeap, TlsFree, HeapReAlloc, RtlUnwind, RaiseException, ExitProcess, HeapSize, SetUnhandledExceptionFilter, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, LCMapStringA, LCMapStringW, TerminateProcess, UnhandledExceptionFilter, IsDebuggerPresent, VirtualAlloc, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetConsoleCP, GetConsoleMode, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, InterlockedIncrement, GetThreadLocale, WritePrivateProfileStringW, GetCurrentProcessId, GetCurrentThread, ConvertDefaultLocale, GetVersion, EnumResourceLanguagesW, GetLocaleInfoW, InterlockedExchange, GlobalAddAtomW, GlobalFindAtomW, GlobalDeleteAtom, LoadLibraryA, lstrcmpW, GetVersionExA, InterlockedDecrement, GetModuleFileNameW, GetModuleHandleW, GetCurrentThreadId, SetLastError, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageW, WideCharToMultiByte, CreateMutexW, lstrlenW, GetProcAddress, LoadLibraryW, GetExitCodeThread, Sleep, GetCurrentProcess, SetPriorityClass, OutputDebugStringW, FreeLibrary, WaitForSingleObject, SetEvent, CreateThread, CreateEventW, WaitForMultipleObjects, CloseHandle, DeviceIoControl, CreateFileW, GetLastError, MultiByteToWideChar, LocalFree, LocalAlloc, FindResourceW, LoadResource, LockResource, SizeofResource, GetStartupInfoW [[WINSPOOL.DRV]] ClosePrinter, OpenPrinterW, DocumentPropertiesW [[ADVAPI32.dll]] RegOpenKeyExW, RegCreateKeyExW, RegQueryValueW, RegEnumKeyW, RegDeleteKeyW, RegCreateKeyW, RegOpenKeyW, RegSetValueExW, RegCloseKey, RegQueryValueExW [[DSOUND.dll]] -, -, -, - [[ole32.dll]] CoInitializeEx, StringFromGUID2, CoUninitialize, CoCreateInstance [[SETUPAPI.dll]] SetupDiGetDeviceInterfaceDetailW, SetupDiEnumDeviceInterfaces, SetupDiGetDeviceRegistryPropertyW, SetupDiGetDeviceInstanceIdW, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiDestroyDeviceInfoList [[USER32.dll]] DestroyMenu, ClientToScreen, UnregisterClassW, LoadCursorW, GetDC, ReleaseDC, GetSysColorBrush, GetWindowThreadProcessId, SetCursor, IsWindowEnabled, ShowWindow, SetWindowTextW, RegisterWindowMessageW, WinHelpW, GetCapture, GetClassLongW, GetClassNameW, SetPropW, GetPropW, RemovePropW, IsWindow, GetForegroundWindow, GetLastActivePopup, GetDlgItem, GetTopWindow, GetMessageTime, GetMessagePos, MapWindowPoints, SetForegroundWindow, GetClientRect, GetMenu, MessageBoxW, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, GetSysColor, AdjustWindowRectEx, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcW, CallWindowProcW, GetWindowLongW, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, GetSystemMetrics, GetWindow, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapW, GetFocus, GetParent, ModifyMenuW, EnableMenuItem, CheckMenuItem, UnhookWindowsHookEx, SetWindowsHookExW, CallNextHookEx, GetMessageW, TranslateMessage, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, DestroyWindow, DispatchMessageW, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageW, GetCursorPos, ValidateRect, GetMenuState, GetMenuItemID, GetMenuItemCount, GetSubMenu, GetWindowTextW, FindWindowExW, LoadIconW, SendMessageW, PostQuitMessage, EnableWindow, PostMessageW, SetWindowLongW, UnregisterClassA [[COMCTL32.dll]] InitCommonControlsEx Symantec Reputation Suspicious.Insight First seen by VirusTotal 2009-02-11 21:27:57 UTC ( 3 Jahre, 5 Monate ago ) Last seen by VirusTotal 2012-07-26 18:43:34 UTC ( 2 Minuten ago ) File names (max. 25) avz00004.dta avz00003.dta 20 file-132213_exe RTKBTMNT.EXE._62712D7F62D2A64C3876C7184688AF95BD60B7BA /home/support/SAMPLES/RTKBTMNT.EXE._62712D7F62D2A64C3876C7184688AF95BD60B7BA C:\Users\user_nor\AppData\Local\Temp\RtkBtMnt.exe RtkBtMnt.exe RtkBtMnt.bak b2994ec6452dbd04e57828eefedfb93c n.exe RtkBtMnt file-3029258_exe RTKBTMNT.EXE RtkBtMnt.ex_ rtkbtmnt.ex~ 1e70efae86aba0b89fa3772a11cd3e42d smona_1e70efae86aba0b89fa3772a11cd3e42d830c830021fcf0317ff61fbb08581a0.bin nach OTL: All processes killed ========== OTL ========== C:\ProgramData\ievrqwtz.wda moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Katharina ->Temp folder emptied: 2501706 bytes ->Temporary Internet Files folder emptied: 461227 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 547964493 bytes ->Flash cache emptied: 456 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2391548 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 528,00 mb OTL by OldTimer - Version 3.2.54.1 log created on 07262012_204909 Files\Folders moved on Reboot... C:\Users\Katharina\AppData\Local\Temp\~DFE518.tmp moved successfully. C:\Users\Katharina\AppData\Local\Mozilla\Firefox\Profiles\gi3cdu5l.default\startupCache\startupCache.4.little moved successfully. C:\Users\Katharina\AppData\Local\Mozilla\Firefox\Profiles\gi3cdu5l.default\Cache\_CACHE_001_ moved successfully. C:\Users\Katharina\AppData\Local\Mozilla\Firefox\Profiles\gi3cdu5l.default\Cache\_CACHE_002_ moved successfully. C:\Users\Katharina\AppData\Local\Mozilla\Firefox\Profiles\gi3cdu5l.default\Cache\_CACHE_003_ moved successfully. C:\Users\Katharina\AppData\Local\Mozilla\Firefox\Profiles\gi3cdu5l.default\Cache\_CACHE_MAP_ moved successfully. C:\Users\Katharina\AppData\Local\Mozilla\Firefox\Profiles\gi3cdu5l.default\urlclassifier3.sqlite moved successfully. C:\Windows\temp\WFV2655.tmp moved successfully. File\Folder C:\Windows\temp\ZLT044de.TMP not found! PendingFileRenameOperations files... File C:\Users\Katharina\AppData\Local\Temp\~DFE518.tmp not found! File C:\Users\Katharina\AppData\Local\Mozilla\Firefox\Profiles\gi3cdu5l.default\startupCache\startupCache.4.little not found! File C:\Users\Katharina\AppData\Local\Mozilla\Firefox\Profiles\gi3cdu5l.default\Cache\_CACHE_001_ not found! File C:\Users\Katharina\AppData\Local\Mozilla\Firefox\Profiles\gi3cdu5l.default\Cache\_CACHE_002_ not found! File C:\Users\Katharina\AppData\Local\Mozilla\Firefox\Profiles\gi3cdu5l.default\Cache\_CACHE_003_ not found! File C:\Users\Katharina\AppData\Local\Mozilla\Firefox\Profiles\gi3cdu5l.default\Cache\_CACHE_MAP_ not found! File C:\Users\Katharina\AppData\Local\Mozilla\Firefox\Profiles\gi3cdu5l.default\urlclassifier3.sqlite not found! File C:\Windows\temp\WFV2655.tmp not found! File C:\Windows\temp\ZLT044de.TMP not found! Registry entries deleted on Reboot... ADW: # AdwCleaner v1.703 - Logfile created 07/26/2012 at 21:19:00 # Updated 20/07/2012 by Xplode # Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits) # User : Katharina - KATHARINA-PC # Running from : C:\Users\Katharina\Downloads\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Katharina\AppData\Local\AskToolbar Folder Deleted : C:\Users\Katharina\AppData\Local\OpenCandy Folder Deleted : C:\Users\Katharina\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Katharina\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Katharina\AppData\LocalLow\DVDVideoSoftTB Folder Deleted : C:\Users\Katharina\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Katharina\AppData\LocalLow\Search_USA Folder Deleted : C:\Users\Katharina\AppData\LocalLow\ZoneAlarm-Sicherheit Folder Deleted : C:\Users\Gast\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Gast\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Gast\AppData\LocalLow\DVDVideoSoftTB Folder Deleted : C:\Users\Gast\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Gast\AppData\LocalLow\Search_USA Folder Deleted : C:\Users\Gast\AppData\LocalLow\ZoneAlarm-Sicherheit Folder Deleted : C:\Users\Katharina\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\gi3cdu5l.default\Conduit Folder Deleted : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\gi3cdu5l.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} Folder Deleted : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\gi3cdu5l.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} Folder Deleted : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\gi3cdu5l.default\extensions\toolbar@ask.com Folder Deleted : C:\Program Files\Ask.com Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\DVDVideoSoftTB Folder Deleted : C:\Program Files\Search_USA Folder Deleted : C:\Program Files\ZoneAlarm-Sicherheit Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2613550 Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\Search_USA Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\AskToolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\APN Key Deleted : HKLM\SOFTWARE\AskToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\DVDVideoSoftTB Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search_USA Toolbar Key Deleted : HKLM\SOFTWARE\ZoneAlarm-Sicherheit Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{48405D3D-2674-4CD8-B1EF-9A719443BD3F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48405D3D-2674-4CD8-B1EF-9A719443BD3F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48405D3D-2674-4CD8-B1EF-9A719443BD3F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48405D3D-2674-4CD8-B1EF-9A719443BD3F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{48405D3D-2674-4CD8-B1EF-9A719443BD3F}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{48405D3D-2674-4CD8-B1EF-9A719443BD3F}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{48405D3D-2674-4CD8-B1EF-9A719443BD3F}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{48405D3D-2674-4CD8-B1EF-9A719443BD3F}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 --> hxxp://www.google.com -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\gi3cdu5l.default\prefs.js C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\gi3cdu5l.default\user.js ... Deleted ! Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2269050.CTID", "CT2269050"); Deleted : user_pref("CT2269050.CurrentServerDate", "3-10-2010"); Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2269050.DownloadReferralCookieData", ""); Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Sun Oct 03 2010 10:03:38 GMT+0200"); Deleted : user_pref("CT2269050.FirstServerDate", "2-10-2010"); Deleted : user_pref("CT2269050.FirstTime", true); Deleted : user_pref("CT2269050.FirstTimeFF3", true); Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true); Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true); Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2269050.Initialize", true); Deleted : user_pref("CT2269050.InitializeCommonPrefs", true); Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 2); Deleted : user_pref("CT2269050.InstallationType", "UnknownIntegration"); Deleted : user_pref("CT2269050.InstalledDate", "Sat Oct 02 2010 19:13:44 GMT+0200"); Deleted : user_pref("CT2269050.InvalidateCache", false); Deleted : user_pref("CT2269050.IsGrouping", false); Deleted : user_pref("CT2269050.IsMulticommunity", false); Deleted : user_pref("CT2269050.IsOpenThankYouPage", false); Deleted : user_pref("CT2269050.IsOpenUninstallPage", false); Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Sat Oct 02 2010 19:13:47 GMT+0200"); Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2269050.LastLogin_2.7.2.0", "Sun Oct 03 2010 10:03:38 GMT+0200"); Deleted : user_pref("CT2269050.LatestVersion", "2.7.2.0"); Deleted : user_pref("CT2269050.Locale", "en"); Deleted : user_pref("CT2269050.LoginCache", 4); Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2269050.RadioIsPodcast", false); Deleted : user_pref("CT2269050.RadioLastCheckTime", "Sat Oct 02 2010 19:13:47 GMT+0200"); Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000"); Deleted : user_pref("CT2269050.RadioMediaID", "12473383"); Deleted : user_pref("CT2269050.RadioMediaType", "Media Player"); Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383"); Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108"); Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082"); Deleted : user_pref("CT2269050.SavedHomepage", "hxxp://www.spiegel.de/"); Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...] Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true); Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sat Oct 02 2010 19:13:47 GMT+0200"); Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120); Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Sun Oct 03 2010 10:03:38 GMT+0200"); Deleted : user_pref("CT2269050.SettingsLastUpdate", "1285583098"); Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sat Oct 02 2010 19:13:44 GMT+0200"); Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578"); Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Deleted : user_pref("CT2269050.UserID", "UN10911472609228157"); Deleted : user_pref("CT2269050.WeatherNetwork", ""); Deleted : user_pref("CT2269050.WeatherPollDate", "Sun Oct 03 2010 10:03:39 GMT+0200"); Deleted : user_pref("CT2269050.WeatherUnit", "C"); Deleted : user_pref("CT2269050.alertChannelId", "666138"); Deleted : user_pref("CT2269050.clientLogIsEnabled", false); Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Deleted : user_pref("CT2269050.myStuffEnabled", true); Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Deleted : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2613550.CTID", "ct2613550"); Deleted : user_pref("CT2613550.CurrentServerDate", "5-11-2010"); Deleted : user_pref("CT2613550.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2613550.DownloadReferralCookieData", ""); Deleted : user_pref("CT2613550.EMailNotifierPollDate", "Fri Nov 05 2010 20:26:12 GMT+0100"); Deleted : user_pref("CT2613550.FeedPollDate129254982599602533", "Fri Nov 05 2010 20:26:43 GMT+0100"); Deleted : user_pref("CT2613550.FeedPollDate129254982599602539", "Fri Nov 05 2010 20:26:43 GMT+0100"); Deleted : user_pref("CT2613550.FeedPollDate129254982599602545", "Fri Nov 05 2010 20:26:43 GMT+0100"); Deleted : user_pref("CT2613550.FeedPollDate129254982599602551", "Fri Nov 05 2010 20:26:43 GMT+0100"); Deleted : user_pref("CT2613550.FeedPollDate129254982599602557", "Fri Nov 05 2010 20:26:43 GMT+0100"); Deleted : user_pref("CT2613550.FeedPollDate129254982599602563", "Fri Nov 05 2010 20:26:43 GMT+0100"); Deleted : user_pref("CT2613550.FeedPollDate129254982599602569", "Fri Nov 05 2010 20:26:43 GMT+0100"); Deleted : user_pref("CT2613550.FeedPollDate129254982599602575", "Fri Nov 05 2010 20:26:43 GMT+0100"); Deleted : user_pref("CT2613550.FeedPollDate129254982599602581", "Fri Nov 05 2010 20:26:43 GMT+0100"); Deleted : user_pref("CT2613550.FeedPollDate129254982599602587", "Fri Nov 05 2010 20:26:43 GMT+0100"); Deleted : user_pref("CT2613550.FeedPollDate129254982599602593", "Fri Nov 05 2010 20:26:43 GMT+0100"); Deleted : user_pref("CT2613550.FeedPollDate129254982599602599", "Fri Nov 05 2010 20:26:43 GMT+0100"); Deleted : user_pref("CT2613550.FeedPollDate129254982599602605", "Fri Nov 05 2010 20:26:43 GMT+0100"); Deleted : user_pref("CT2613550.FeedPollDate129254982599602611", "Fri Nov 05 2010 20:26:43 GMT+0100"); Deleted : user_pref("CT2613550.FeedPollDate129254982599602617", "Fri Nov 05 2010 20:26:43 GMT+0100"); Deleted : user_pref("CT2613550.FeedPollDate129254982599602623", "Fri Nov 05 2010 20:26:43 GMT+0100"); Deleted : user_pref("CT2613550.FeedPollDate129254982599602629", "Fri Nov 05 2010 20:26:43 GMT+0100"); Deleted : user_pref("CT2613550.FeedTTL129254982599602545", 5); Deleted : user_pref("CT2613550.FeedTTL129254982599602551", 5); Deleted : user_pref("CT2613550.FeedTTL129254982599602575", 2); Deleted : user_pref("CT2613550.FeedTTL129254982599602605", 5); Deleted : user_pref("CT2613550.FeedTTL129254982599602617", 30); Deleted : user_pref("CT2613550.FirstServerDate", "5-11-2010"); Deleted : user_pref("CT2613550.FirstTime", true); Deleted : user_pref("CT2613550.FirstTimeFF3", true); Deleted : user_pref("CT2613550.FirstTimeSettingsDone", true); Deleted : user_pref("CT2613550.FixPageNotFoundErrors", true); Deleted : user_pref("CT2613550.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2613550.Initialize", true); Deleted : user_pref("CT2613550.InitializeCommonPrefs", true); Deleted : user_pref("CT2613550.InstallationAndCookieDataSentCount", 2); Deleted : user_pref("CT2613550.InstallationType", "UnknownIntegration"); Deleted : user_pref("CT2613550.InstalledDate", "Fri Nov 05 2010 20:26:12 GMT+0100"); Deleted : user_pref("CT2613550.IsGrouping", false); Deleted : user_pref("CT2613550.IsMulticommunity", false); Deleted : user_pref("CT2613550.IsOpenThankYouPage", false); Deleted : user_pref("CT2613550.IsOpenUninstallPage", true); Deleted : user_pref("CT2613550.LanguagePackLastCheckTime", "Fri Nov 05 2010 20:26:45 GMT+0100"); Deleted : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2613550.LastLogin_2.7.2.0", "Fri Nov 05 2010 20:26:46 GMT+0100"); Deleted : user_pref("CT2613550.LatestVersion", "2.7.1.3"); Deleted : user_pref("CT2613550.Locale", "de-de"); Deleted : user_pref("CT2613550.LoginCache", 4); Deleted : user_pref("CT2613550.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2613550.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2613550.RadioIsPodcast", false); Deleted : user_pref("CT2613550.RadioMediaID", "8546"); Deleted : user_pref("CT2613550.RadioMediaType", "Media Player"); Deleted : user_pref("CT2613550.RadioMenuSelectedID", "EBRadioMenu_CT26135508546"); Deleted : user_pref("CT2613550.RadioStationName", "Radio%208"); Deleted : user_pref("CT2613550.RadioStationURL", "hxxp://stream.radio8.de:8000/live.m3u"); Deleted : user_pref("CT2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Deleted : user_pref("CT2613550.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...] Deleted : user_pref("CT2613550.SearchInNewTabEnabled", true); Deleted : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2613550.SettingsCheckIntervalMin", 120); Deleted : user_pref("CT2613550.SettingsLastCheckTime", "Fri Nov 05 2010 20:26:08 GMT+0100"); Deleted : user_pref("CT2613550.SettingsLastUpdate", "1285580322"); Deleted : user_pref("CT2613550.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Fri Nov 05 2010 20:26:08 GMT+0100"); Deleted : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255348257"); Deleted : user_pref("CT2613550.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Deleted : user_pref("CT2613550.UserID", "UN25473148721948179"); Deleted : user_pref("CT2613550.ValidationData_Toolbar", 1); Deleted : user_pref("CT2613550.WeatherNetwork", ""); Deleted : user_pref("CT2613550.WeatherPollDate", "Fri Nov 05 2010 20:26:47 GMT+0100"); Deleted : user_pref("CT2613550.WeatherUnit", "C"); Deleted : user_pref("CT2613550.alertChannelId", "1006347"); Deleted : user_pref("CT2613550.clientLogIsEnabled", true); Deleted : user_pref("CT2613550.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Deleted : user_pref("CT2613550.components.1000082", true); Deleted : user_pref("CT2613550.components.1000234", true); Deleted : user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 359); Deleted : user_pref("CT2613550.ct2613550.FirstTimeSettingsDone", true); Deleted : user_pref("CT2613550.ct2613550.InvalidateCache", false); Deleted : user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Fri Nov 05 2010 20:26:46 GMT+0100"); Deleted : user_pref("CT2613550.ct2613550.Locale", "de-de"); Deleted : user_pref("CT2613550.ct2613550.RadioLastCheckTime", "Fri Nov 05 2010 20:26:45 GMT+0100"); Deleted : user_pref("CT2613550.ct2613550.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2613550.ct2613550.RadioLastUpdateServer", "0"); Deleted : user_pref("CT2613550.ct2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...] Deleted : user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Fri Nov 05 2010 20:26:46 GMT+0100"); Deleted : user_pref("CT2613550.ct2613550.SettingsCheckIntervalMin", 120); Deleted : user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Fri Nov 05 2010 20:26:43 GMT+0100"); Deleted : user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1285580322"); Deleted : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Fri Nov 05 2010 20:26:43 GMT+0100"); Deleted : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1255348257"); Deleted : user_pref("CT2613550.myStuffEnabled", true); Deleted : user_pref("CT2613550.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2613550.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2613550.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.finduny.com?client=mozilla-fi[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,CT2613550"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050,CT2613550"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Nov 05 2010 20:26:13 GMT+0100"); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2613550"); Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Deleted : user_pref("browser.search.defaultthis.engineName", "ZoneAlarm-Sicherheit Customized Web Search"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&Sea[...] Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\"); Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000"); Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true); Deleted : user_pref("extensions.asktb.autofill-text-highlight-enabled", true); Deleted : user_pref("extensions.asktb.cbid", "U9"); Deleted : user_pref("extensions.asktb.config-updated", false); Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...] Deleted : user_pref("extensions.asktb.displaybehavior", ""); Deleted : user_pref("extensions.asktb.displaytext", ""); Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true); Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.finduny.com?client=mozilla-firefox[...] Deleted : user_pref("extensions.asktb.first-launch-url", "hxxp://forward.immobilienscout24.de/9004EXPXXUA/main[...] Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true); Deleted : user_pref("extensions.asktb.guid", "27D3DA23-5C9A-4FA2-BD3B-4EFDA44A41DC"); Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...] Deleted : user_pref("extensions.asktb.if", "su"); Deleted : user_pref("extensions.asktb.l", "dis"); Deleted : user_pref("extensions.asktb.last-config-req", "1334994929010"); Deleted : user_pref("extensions.asktb.last-v", "3.14.1.100010"); Deleted : user_pref("extensions.asktb.locale", "de_DE"); Deleted : user_pref("extensions.asktb.lstation", ""); Deleted : user_pref("extensions.asktb.news-native-on", true); Deleted : user_pref("extensions.asktb.o", "15012"); Deleted : user_pref("extensions.asktb.options-lang", "de"); Deleted : user_pref("extensions.asktb.options-locale", "DE"); Deleted : user_pref("extensions.asktb.pstate", ""); Deleted : user_pref("extensions.asktb.qsrc", "2871"); Deleted : user_pref("extensions.asktb.sa", "YES"); Deleted : user_pref("extensions.asktb.saguid", "378B6506-12BF-48D3-A89A-53C9068FB8E1"); Deleted : user_pref("extensions.asktb.save-searches", false); Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true); Deleted : user_pref("extensions.asktb.show-labels", false); Deleted : user_pref("extensions.asktb.silent-upgrade", true); Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true); Deleted : user_pref("extensions.asktb.socialmini-first", true); Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000"); Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33"); Deleted : user_pref("extensions.asktb.socialmini-max-items", "30"); Deleted : user_pref("extensions.asktb.socialmini-native-on", true); Deleted : user_pref("extensions.asktb.socialmini-speed", "5000"); Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false); Deleted : user_pref("extensions.asktb.themeid", ""); Deleted : user_pref("extensions.asktb.timeinstalled", "26.02.2012 14:07:32"); Profile name : default File : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\a21hrbsg.default\prefs.js Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Deleted : user_pref("browser.search.defaultenginename", "Ask.com"); Deleted : user_pref("browser.search.order.1", "Ask.com"); Deleted : user_pref("browser.search.selectedEngine", "Ask.com"); Deleted : user_pref("extensions.asktb.ff-original-keyword-url", ""); Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale[...] ************************* AdwCleaner[R1].txt - [27737 octets] - [26/07/2012 12:52:48] AdwCleaner[S1].txt - [289 octets] - [26/07/2012 21:18:02] AdwCleaner[S2].txt - [28417 octets] - [26/07/2012 21:19:00] ########## EOF - C:\AdwCleaner[S2].txt - [28546 octets] ########## |
|
26.07.2012, 20:40
| #14 |
| | Trojaner auf meinem Laptop - von allein wieder weg? Hi, wie verhält sich der Rechner? Wieder normal ...? chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
26.07.2012, 20:44
| #15 |
| | Trojaner auf meinem Laptop - von allein wieder weg? Hi Chris, ich wollte das Combofix deinstallieren, aber wenn ich combofix /uninstall eingebe, erscheint bei mir: Es wurden keine Suchergebnisse gefunden. Was soll ich jetzt tun? Ich hab Windows Vista, da suche ich nach Start bei dem Feld, das dann erscheint.. aber ich finde es nicht, hab auf das Leerzeichen geachtet. Also ich finde, der Rechner verhält sich normal (so wie ich das als Laie sagen kann). Ich finde es nur seltsam, dass ich jetzt überall, wo ich raufgehe mit der Maus, ein weißes Fenster mit einem weißen Rand erhalte, wenn ich raufklicke, erscheint darüber ein Häkchen und dann öffnet es sich. Als ich vorhin die versteckten Dateien usw deaktiviert habe (und die beiden anderen Sachen, die Du mir sagtest), erschien ein Hinweis, dass der PC dadurch evtl nicht mehr richtig läuft (Windows glaube ich). Soll ich das wieder wie vorher setzen? |
|
| Themen zu Trojaner auf meinem Laptop - von allein wieder weg? |
| ahnung, anderen, bildschirm, computer, computern, daten, erbitte, fenster, forum, hallo zusammen, interne, internet, laptop, nachricht, neu, nicht mehr, nichts, prozesse, rechner, strg, sucht, trojaner, trojaner task manager, wirklich, überhaupt, zugreifen, zusammen |
Linear-Darstellung
