GVU Trojaner legt Geschäfts PC lahm

t'john · 27.07.2012, 17:11

Von wann ist das letzte Image Recovery?

reisekiste · 27.07.2012, 17:37

bin grad etwas hilflos, etwas in der art habe ich noch nicht gemacht!

t'john · 27.07.2012, 17:43

Klicke auf den Punkt und sag das aelteste Datum.

reisekiste · 27.07.2012, 17:48

24.06.2012

t'john · 27.07.2012, 17:50

OK, hattest du im BIOS eigentich wieder auf AHCI umgestellt?

reisekiste · 27.07.2012, 17:52

nein, hab ich nicht

t'john · 27.07.2012, 17:52

Bitte umstellen und normal booten.

reisekiste · 30.07.2012, 19:58

Hallo!

Nach dem Umstellen hat er normal gebootet. Es ist nochmal die 'Rettungs-Applikation' erschienen und dann war der PC wieder da.
Ich lasse gerade einen Komplett-Scan laufen und hoffe, dass dann alles wieder gut ist.

Ganz herzlichen Dank für die schnelle und kompetente Hilfe.

Herzliche Grüße
Bernd

t'john · 30.07.2012, 20:06

Wir haben noch nichtmal mit der Bereinigung angefangen.
(das wird keine Probleme mehr machen)

Bitte an dieser Stele weitermachen:
http://www.trojaner-board.de/120474-...tml#post875548

reisekiste · 31.07.2012, 16:03

Hier das Ergebnis des Vollscans:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.31.08

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Bernd Jung :: BERNDJUNG-PC [Administrator]

31.07.2012 13:50:51
mbam-log-2012-07-31 (16-59-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 725039
Laufzeit: 2 Stunde(n), 13 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 9
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Dateien: 14
C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Bernd Jung\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\07272012_152716\C_Users\Bernd Jung\AppData\Roaming\msconfig.dat (Spyware.Zbot) -> Keine Aktion durchgeführt.
D:\download & installation\freefileviewer_730.exe (PUP.BundleOffers.IIQ) -> Keine Aktion durchgeführt.
D:\download & installation\nero-kwik-burn.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
D:\zum Brennen freigegeben\DVD.1\Backup vom alten BERND\C_Programme\Traffics\TravelFoxx\Splash.exe (Spyware.Banker) -> Keine Aktion durchgeführt.
C:\Windows\hosts (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.

(Ende)

t'john · 31.07.2012, 16:08

Funde loeschen!

Wo ist das adwCleaner Log?

reisekiste · 31.07.2012, 22:19

hier :-)

# AdwCleaner v1.703 - Logfile created 07/31/2012 at 23:10:32
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Bernd Jung - BERNDJUNG-PC
# Running from : C:\Users\Bernd Jung\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\Bernd Jung\AppData\Local\AVG Secure Search
Folder Found : C:\Users\BERNDJ~1\AppData\Local\Temp\avg@toolbar
Folder Found : C:\Users\Bernd Jung\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Bernd Jung\AppData\LocalLow\bbrs_002.tb
Folder Found : D:\mozilla\browser\Conduit
Folder Found : D:\mozilla\browser\SweetIMToolbarData
Folder Found : D:\mozilla\browser\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : D:\mozilla\browser\searchplugins\Conduit.xml
File Found : D:\mozilla\browser\searchplugins\SweetIm.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\BrowserCompanion
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Found : HKLM\SOFTWARE\Default Tab
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
[x64] Key Found : HKCU\Software\Ask.com
[x64] Key Found : HKCU\Software\AVG Secure Search
[x64] Key Found : HKCU\Software\Default Tab
[x64] Key Found : HKCU\Software\IGearSettings
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
[x64] Key Found : HKLM\SOFTWARE\Classes\S
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[x64] Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
[x64] Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[x64] Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
[x64] Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : Berndi [Profil par défaut]
File : D:\mozilla\browser\prefs.js

Found : user_pref("CT1060933..clientLogIsEnabled", false);
Found : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT1060933.AppTrackingLastCheckTime", "Tue May 24 2011 15:26:46 GMT+0200");
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Found : user_pref("CT1060933.CTID", "CT1060933");
Found : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Tue Jul 31 2012 18:12:28 GMT+0200");
Found : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Found : user_pref("CT1060933.CommunityChanged", true);
Found : user_pref("CT1060933.CurrentServerDate", "31-7-2012");
Found : user_pref("CT1060933.DialogsAlignMode", "LTR");
Found : user_pref("CT1060933.DialogsGetterLastCheckTime", "Mon Jul 30 2012 20:45:50 GMT+0200");
Found : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
Found : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Mon Jul 30 2012 20:45:49 GMT+0200");
Found : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983");
Found : user_pref("CT1060933.DownloadReferralCookieData", "");
Found : user_pref("CT1060933.FirstServerDate", "1-12-2010");
Found : user_pref("CT1060933.FirstTime", true);
Found : user_pref("CT1060933.FirstTimeFF3", true);
Found : user_pref("CT1060933.FixPageNotFoundErrors", true);
Found : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Found : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT1060933.HasUserGlobalKeys", true);
Found : user_pref("CT1060933.Initialize", true);
Found : user_pref("CT1060933.InitializeCommonPrefs", true);
Found : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT1060933.InstalledDate", "Wed Dec 01 2010 20:42:02 GMT+0100");
Found : user_pref("CT1060933.InvalidateCache", false);
Found : user_pref("CT1060933.IsGrouping", false);
Found : user_pref("CT1060933.IsMulticommunity", true);
Found : user_pref("CT1060933.IsOpenThankYouPage", true);
Found : user_pref("CT1060933.IsOpenUninstallPage", true);
Found : user_pref("CT1060933.LanguagePackLastCheckTime", "Mon Jul 30 2012 20:45:50 GMT+0200");
Found : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT1060933.LastLogin_3.12.2.3", "Wed May 30 2012 18:04:18 GMT+0200");
Found : user_pref("CT1060933.LastLogin_3.13.0.6", "Mon Jul 16 2012 14:04:09 GMT+0200");
Found : user_pref("CT1060933.LastLogin_3.14.1.0", "Tue Jul 31 2012 18:12:29 GMT+0200");
Found : user_pref("CT1060933.LastLogin_3.2.1.3", "Sun May 01 2011 16:28:46 GMT+0200");
Found : user_pref("CT1060933.LastLogin_3.3.2.1", "Thu Mar 24 2011 14:09:08 GMT+0100");
Found : user_pref("CT1060933.LastLogin_3.3.3.2", "Thu May 26 2011 10:11:43 GMT+0200");
Found : user_pref("CT1060933.LatestVersion", "3.14.1.0");
Found : user_pref("CT1060933.Locale", "en-us");
Found : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Found : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Found : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT1060933.RadioIsPodcast", false);
Found : user_pref("CT1060933.RadioLastCheckTime", "Wed Mar 30 2011 18:15:13 GMT+0200");
Found : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Found : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Found : user_pref("CT1060933.RadioMediaID", "21504191");
Found : user_pref("CT1060933.RadioMediaType", "Media Player");
Found : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
Found : user_pref("CT1060933.RadioStationName", "KFOG");
Found : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
Found : user_pref("CT1060933.SavedHomepage", "hxxp://www.reise-kiste.de/index.html|hxxp://www.kooperation24.[...]
Found : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Found : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Found : user_pref("CT1060933.SearchInNewTabEnabled", true);
Found : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Mon Jul 30 2012 20:45:49 GMT+0200");
Found : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT1060933.ServiceMapLastCheckTime", "Mon Jul 30 2012 20:45:50 GMT+0200");
Found : user_pref("CT1060933.SettingsLastCheckTime", "Tue Jul 31 2012 18:12:28 GMT+0200");
Found : user_pref("CT1060933.SettingsLastUpdate", "1343322401");
Found : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Fri May 06 2011 03:25:59 GMT+0200");
Found : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT1060933.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Found : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT1060933.UserID", "UN17906963953206467");
Found : user_pref("CT1060933.ValidationData_Search", 2);
Found : user_pref("CT1060933.ValidationData_Toolbar", 2);
Found : user_pref("CT1060933.alertChannelId", "15651");
Found : user_pref("CT1060933.components.1000082", false);
Found : user_pref("CT1060933.components.129032145384800518", false);
Found : user_pref("CT1060933.components.129032148247613461", false);
Found : user_pref("CT1060933.components.129032152822456983", false);
Found : user_pref("CT1060933.components.129032154330894193", false);
Found : user_pref("CT1060933.components.129032155426050046", false);
Found : user_pref("CT1060933.components.129032157011675027", false);
Found : user_pref("CT1060933.components.129032162642925076", false);
Found : user_pref("CT1060933.components.129078058382649592", false);
Found : user_pref("CT1060933.components.129272674122038321", false);
Found : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Thu May 26 2011 14:11:43 GMT+0200");
Found : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Found : user_pref("CT1060933.initDone", true);
Found : user_pref("CT1060933.isAppTrackingManagerOn", true);
Found : user_pref("CT1060933.myStuffEnabled", true);
Found : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Found : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT1060933.oldAppsList", "200,128346981843587669,128280995260143876,129272674122038321,129[...]
Found : user_pref("CT1060933.revertSettingsEnabled", true);
Found : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Found : user_pref("CT1060933.testingCtid", "");
Found : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Mon Jul 30 2012 20:45:50 GMT+0200");
Found : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Sat Jan 15 2011 11:57:44 GMT+0100");
Found : user_pref("CT1060933.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/DE", "\"0\"");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63439407619947[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/?ctid=CT1060933&octid=CT[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Found : user_pref("CommunityToolbar.EngineOwner", "");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "freecorder");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1060933");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "freecorder");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Jun 04 2011 11:49:43 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jun 27 2011 09:49:23 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jun 27 2011 09:49:15 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "f1e8eaea-85c5-4814-9e9a-7cc434e86448");
Found : user_pref("CommunityToolbar.globalUserId", "1ff34d85-b703-46bb-b37e-2e3188a882b5");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1060933");
Found : user_pref("CommunityToolbar.killedEngine", true);
Found : user_pref("CommunityToolbar.undefined", "");
Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.1.0.21");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.defaultthis.engineName", "Freecorder Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Found : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Found : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7B7ec11b21-a31f-4242-aaaf-25aed05668d3[...]
Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.mode.debug", "false");
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "chrome://browser-region/loca[...]
Found : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]
Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Freecorder Customized Web Searc[...]
Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://de.start3.mozilla.com/firefox[...]
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://browser-region/locale/region.properties"[...]
Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Found : user_pref("sweetim.toolbar.search.history.capacity", "10");
Found : user_pref("sweetim.toolbar.searchguard.enable", "true");
Found : user_pref("sweetim.toolbar.simapp_id", "{095CBB7C-55F8-11E0-8474-0013D3BC49FA}");
Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
Found : user_pref("sweetim.toolbar.version", "1.2.0.2");
Found : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");

*************************

AdwCleaner[R1].txt - [29799 octets] - [31/07/2012 23:10:32]

########## EOF - C:\AdwCleaner[R1].txt - [29928 octets] ##########

t'john · 31.07.2012, 22:32

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

reisekiste · 31.07.2012, 22:41

hier der Inhalt:

# AdwCleaner v1.703 - Logfile created 07/31/2012 at 23:35:28
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Bernd Jung - BERNDJUNG-PC
# Running from : C:\Users\Bernd Jung\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Bernd Jung\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\BERNDJ~1\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Bernd Jung\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Bernd Jung\AppData\LocalLow\bbrs_002.tb
Folder Deleted : D:\mozilla\browser\Conduit
Folder Deleted : D:\mozilla\browser\SweetIMToolbarData
Folder Deleted : D:\mozilla\browser\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : D:\mozilla\browser\searchplugins\Conduit.xml
File Deleted : D:\mozilla\browser\searchplugins\SweetIm.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Deleted : HKLM\SOFTWARE\Default Tab
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : Berndi [Profil par défaut]
File : D:\mozilla\browser\prefs.js

D:\mozilla\browser\user.js ... Deleted !

Deleted : user_pref("CT1060933..clientLogIsEnabled", false);
Deleted : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1060933.AppTrackingLastCheckTime", "Tue May 24 2011 15:26:46 GMT+0200");
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Deleted : user_pref("CT1060933.CTID", "CT1060933");
Deleted : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Tue Jul 31 2012 18:12:28 GMT+0200");
Deleted : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Deleted : user_pref("CT1060933.CommunityChanged", true);
Deleted : user_pref("CT1060933.CurrentServerDate", "31-7-2012");
Deleted : user_pref("CT1060933.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1060933.DialogsGetterLastCheckTime", "Mon Jul 30 2012 20:45:50 GMT+0200");
Deleted : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
Deleted : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Mon Jul 30 2012 20:45:49 GMT+0200");
Deleted : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983");
Deleted : user_pref("CT1060933.DownloadReferralCookieData", "");
Deleted : user_pref("CT1060933.FirstServerDate", "1-12-2010");
Deleted : user_pref("CT1060933.FirstTime", true);
Deleted : user_pref("CT1060933.FirstTimeFF3", true);
Deleted : user_pref("CT1060933.FixPageNotFoundErrors", true);
Deleted : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1060933.HasUserGlobalKeys", true);
Deleted : user_pref("CT1060933.Initialize", true);
Deleted : user_pref("CT1060933.InitializeCommonPrefs", true);
Deleted : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT1060933.InstalledDate", "Wed Dec 01 2010 20:42:02 GMT+0100");
Deleted : user_pref("CT1060933.InvalidateCache", false);
Deleted : user_pref("CT1060933.IsGrouping", false);
Deleted : user_pref("CT1060933.IsMulticommunity", true);
Deleted : user_pref("CT1060933.IsOpenThankYouPage", true);
Deleted : user_pref("CT1060933.IsOpenUninstallPage", true);
Deleted : user_pref("CT1060933.LanguagePackLastCheckTime", "Mon Jul 30 2012 20:45:50 GMT+0200");
Deleted : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1060933.LastLogin_3.12.2.3", "Wed May 30 2012 18:04:18 GMT+0200");
Deleted : user_pref("CT1060933.LastLogin_3.13.0.6", "Mon Jul 16 2012 14:04:09 GMT+0200");
Deleted : user_pref("CT1060933.LastLogin_3.14.1.0", "Tue Jul 31 2012 18:12:29 GMT+0200");
Deleted : user_pref("CT1060933.LastLogin_3.2.1.3", "Sun May 01 2011 16:28:46 GMT+0200");
Deleted : user_pref("CT1060933.LastLogin_3.3.2.1", "Thu Mar 24 2011 14:09:08 GMT+0100");
Deleted : user_pref("CT1060933.LastLogin_3.3.3.2", "Thu May 26 2011 10:11:43 GMT+0200");
Deleted : user_pref("CT1060933.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT1060933.Locale", "en-us");
Deleted : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT1060933.RadioIsPodcast", false);
Deleted : user_pref("CT1060933.RadioLastCheckTime", "Wed Mar 30 2011 18:15:13 GMT+0200");
Deleted : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Deleted : user_pref("CT1060933.RadioMediaID", "21504191");
Deleted : user_pref("CT1060933.RadioMediaType", "Media Player");
Deleted : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
Deleted : user_pref("CT1060933.RadioStationName", "KFOG");
Deleted : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
Deleted : user_pref("CT1060933.SavedHomepage", "hxxp://www.reise-kiste.de/index.html|hxxp://www.kooperation24.[...]
Deleted : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Deleted : user_pref("CT1060933.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Mon Jul 30 2012 20:45:49 GMT+0200");
Deleted : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT1060933.ServiceMapLastCheckTime", "Mon Jul 30 2012 20:45:50 GMT+0200");
Deleted : user_pref("CT1060933.SettingsLastCheckTime", "Tue Jul 31 2012 18:12:28 GMT+0200");
Deleted : user_pref("CT1060933.SettingsLastUpdate", "1343322401");
Deleted : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Fri May 06 2011 03:25:59 GMT+0200");
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT1060933.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Deleted : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT1060933.UserID", "UN17906963953206467");
Deleted : user_pref("CT1060933.ValidationData_Search", 2);
Deleted : user_pref("CT1060933.ValidationData_Toolbar", 2);
Deleted : user_pref("CT1060933.alertChannelId", "15651");
Deleted : user_pref("CT1060933.components.1000082", false);
Deleted : user_pref("CT1060933.components.129032145384800518", false);
Deleted : user_pref("CT1060933.components.129032148247613461", false);
Deleted : user_pref("CT1060933.components.129032152822456983", false);
Deleted : user_pref("CT1060933.components.129032154330894193", false);
Deleted : user_pref("CT1060933.components.129032155426050046", false);
Deleted : user_pref("CT1060933.components.129032157011675027", false);
Deleted : user_pref("CT1060933.components.129032162642925076", false);
Deleted : user_pref("CT1060933.components.129078058382649592", false);
Deleted : user_pref("CT1060933.components.129272674122038321", false);
Deleted : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Thu May 26 2011 14:11:43 GMT+0200");
Deleted : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT1060933.initDone", true);
Deleted : user_pref("CT1060933.isAppTrackingManagerOn", true);
Deleted : user_pref("CT1060933.myStuffEnabled", true);
Deleted : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1060933.oldAppsList", "200,128346981843587669,128280995260143876,129272674122038321,129[...]
Deleted : user_pref("CT1060933.revertSettingsEnabled", true);
Deleted : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT1060933.testingCtid", "");
Deleted : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Mon Jul 30 2012 20:45:50 GMT+0200");
Deleted : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Sat Jan 15 2011 11:57:44 GMT+0100");
Deleted : user_pref("CT1060933.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/DE", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63439407619947[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/?ctid=CT1060933&octid=CT[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "freecorder");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1060933");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "freecorder");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Jun 04 2011 11:49:43 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jun 27 2011 09:49:23 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jun 27 2011 09:49:15 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "f1e8eaea-85c5-4814-9e9a-7cc434e86448");
Deleted : user_pref("CommunityToolbar.globalUserId", "1ff34d85-b703-46bb-b37e-2e3188a882b5");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1060933");
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.undefined", "");
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.1.0.21");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "Freecorder Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7B7ec11b21-a31f-4242-aaaf-25aed05668d3[...]
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "chrome://browser-region/loca[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Freecorder Customized Web Searc[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://de.start3.mozilla.com/firefox[...]
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://browser-region/locale/region.properties"[...]
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "true");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{095CBB7C-55F8-11E0-8474-0013D3BC49FA}");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
Deleted : user_pref("sweetim.toolbar.version", "1.2.0.2");
Deleted : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");

*************************

AdwCleaner[R1].txt - [29808 octets] - [31/07/2012 23:10:32]
AdwCleaner[S1].txt - [26451 octets] - [31/07/2012 23:35:28]

########## EOF - C:\AdwCleaner[S1].txt - [26580 octets] ##########

t'john · 31.07.2012, 22:48

Sehr gut!

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

27.07.2012, 17:11	#16
t'john /// Helfer-Team	GVU Trojaner legt Geschäfts PC lahm Von wann ist das letzte Image Recovery? __________________ Mfg, t'john Das TB unterstützen

27.07.2012, 17:43	#18
t'john /// Helfer-Team	GVU Trojaner legt Geschäfts PC lahm Klicke auf den Punkt und sag das aelteste Datum. __________________ __________________

27.07.2012, 17:50	#20
t'john /// Helfer-Team	GVU Trojaner legt Geschäfts PC lahm OK, hattest du im BIOS eigentich wieder auf AHCI umgestellt? __________________ Mfg, t'john Das TB unterstützen

27.07.2012, 17:52	#22
t'john /// Helfer-Team	GVU Trojaner legt Geschäfts PC lahm Bitte umstellen und normal booten. __________________ Mfg, t'john Das TB unterstützen

30.07.2012, 20:06	#24
t'john /// Helfer-Team	GVU Trojaner legt Geschäfts PC lahm Wir haben noch nichtmal mit der Bereinigung angefangen. (das wird keine Probleme mehr machen) Bitte an dieser Stele weitermachen: http://www.trojaner-board.de/120474-...tml#post875548 __________________ Mfg, t'john Das TB unterstützen

GVU Trojaner legt Geschäfts PC lahm

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner legt Geschäfts PC lahm