Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU Troaner Eingefangen

GVU Troaner Eingefangen


Log-Analyse und Auswertung: GVU Troaner Eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 27.07.2012, 17:08   #1
Schlieder
 
GVU Troaner Eingefangen - Standard

GVU Troaner Eingefangen


Guten Abend Liebe Community

bin neu hier und Breuchte Dringent hilfe ich habe wärend ich so gesurft bin mir einen sogenanten GVU Troaner eingefangen konte nix machen nur eine seite gesehen mit allerhand strafen die ich angeblich gemacht haben sol meine cam hat sich eingeschaltet und konnte mich Rechts oben in einen Kleinen Fenster selber sehen.

habe mich gleich erkundigt und siehe da ein Troaner denoch erster Blick *schock* sage ich nur ^^ die www.gvu.de hat mich dann hier her weitergeleitet habe mich auch schon schlau gemacht also erstmal die info´s was ich den schönes alles gemacht habe.

Naricht kam ich PC aus Router aus PC neu angemacht und mein
Microsoft Security Essentials gestartet hat 13 Bedrohungen gefunden habe diese Entfernt und seit dem kan ich auch wieder in das Internet sprich die seite kommt nicht mehr *ich habe nur diese antiviren Program*

So dann habe ich wie oben Bereits Erwähnt mich auf eure seite schlau gemacht und mir OTL runtergeladen ich hänge den Scrib am Anhang rein

hoffe ihr könnt mir helfen und Tipps oder Empehlung für antiviren Programme gerne gesehen bin ein wenig Enteucht das mein Microsoft Security Essentials da nichts gemeldet hat da ich eigentlich recht zufrieden damit wahr.

naja wie dem auch sei vielen dank schonmal das ihr euch dies Durchgelsen habt und dann nochmal danke für die Hilfe dann ^^

P.S: OTL.Txt ist im Anhang allerdings hat er mir noch ein Extra.Txt gemacht diese ist aber zu Groß als das ich es anhänge könnte bitte schreibt einfach fals dies Benötigt wird ich werde es dann so Posten es sei den ihr habt ne alternative ^^

MFg

Alt 27.07.2012, 17:33   #2
t'john
/// Helfer-Team
 
GVU Troaner Eingefangen - Standard

GVU Troaner Eingefangen





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=make&s={searchTerms}&f=4 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} 
IE - HKCU\..\URLSearchHook: - No CLSID value found 
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) 
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=make&s={searchTerms}&f=4 
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&babsrc=SP_def&AF=100363&tt=110911_startpage 
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKCU\..\SearchScopes\{6BB3C24D-2DCA-4a9f-8652-863DA4B509D6}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM 
IE - HKCU\..\SearchScopes\{86F14831-D88C-4BC8-B871-C8FB24D95D9B}: "URL" = http://www.questbasic.com/?prt=QstbscWD4&keywords={searchTerms} 
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={7361850D-2233-41EF-B624-5B3AD6992198}&mid=58ab13add75547d19cb56de783dc1337-c525ca2ae0a05d80c558a450112f467a098d87a8&lang=en&ds=tg028&pr=sa&d=2011-09-17 19:04:16&v=8.0.0.34&sap=dsp&q={searchTerms} 
IE - HKCU\..\SearchScopes\{9921B71E-B0C6-4dc6-8052-212FDD8A6D72}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346 
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=390&systemid=406&sr=0&q={searchTerms} 
IE - HKCU\..\SearchScopes\{DB2FA464-CFD1-4fac-BE48-18100B60931D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultenginename: "Search Results" 
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" 
FF - prefs.js..browser.search.order.1: "Search Results" 
FF - prefs.js..browser.search.selectedEngine: "Search Results" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406" 
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q=" 
FF - prefs.js..network.proxy.type: 0 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
[2012.06.21 17:57:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schlieder\AppData\Roaming\mozilla\Extensions 
[2012.06.21 18:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schlieder\AppData\Roaming\mozilla\Firefox\Profiles\2o1vlqg3.default\extensions 
[2011.06.15 10:08:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Schlieder\AppData\Roaming\mozilla\Firefox\Profiles\2o1vlqg3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} 
[2011.08.16 16:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schlieder\AppData\Roaming\mozilla\Firefox\Profiles\2o1vlqg3.default\extensions.log 
[2011.06.05 18:13:40 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\SCHLIEDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O1VLQG3.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI 
[2011.06.04 01:16:08 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\SCHLIEDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O1VLQG3.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI 
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll File not found 
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found 
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. 
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll File not found 
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found 
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. 

O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found 
O4 - Startup: C:\Users\Schlieder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () 
O4 - Startup: C:\Users\Schlieder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{16cf100a-8d11-11e0-9e5d-bcaec538fac4}\Shell - "" = AutoRun 
O33 - MountPoints2\{16cf100a-8d11-11e0-9e5d-bcaec538fac4}\Shell\AutoRun\command - "" = G:\hotdogs-hotgirls.exe 
O33 - MountPoints2\{32d49dff-7e5b-11e1-bd84-bcaec538fac4}\Shell - "" = AutoRun 
O33 - MountPoints2\{32d49dff-7e5b-11e1-bd84-bcaec538fac4}\Shell\AutoRun\command - "" = G:\Installer.exe 
O33 - MountPoints2\{63f0576f-1ea2-11e1-b372-bcaec538fac4}\Shell - "" = AutoRun 
O33 - MountPoints2\{63f0576f-1ea2-11e1-b372-bcaec538fac4}\Shell\AutoRun\command - "" = G:\Setup.exe 
O33 - MountPoints2\{da8e1a54-8cf6-11e0-b4c3-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{da8e1a54-8cf6-11e0-b4c3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe 

[2012.07.27 17:29:11 | 000,003,704 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad 
 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________
Alt 28.07.2012, 03:04   #3
Schlieder
 
GVU Troaner Eingefangen - Standard

GVU Troaner Eingefangen


Vielen lieben dank für die Schnelle bearbeitung hab alles gemacht wie Erlärt und hier das was dabei herausgekommen ist hoffe ihr könnte was damit anfangen

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\ deleted successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6BB3C24D-2DCA-4a9f-8652-863DA4B509D6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BB3C24D-2DCA-4a9f-8652-863DA4B509D6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86F14831-D88C-4BC8-B871-C8FB24D95D9B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86F14831-D88C-4BC8-B871-C8FB24D95D9B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9921B71E-B0C6-4dc6-8052-212FDD8A6D72}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9921B71E-B0C6-4dc6-8052-212FDD8A6D72}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DB2FA464-CFD1-4fac-BE48-18100B60931D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB2FA464-CFD1-4fac-BE48-18100B60931D}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" removed from browser.search.defaulturl
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "Search Results" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.searchnu.com/406" removed from browser.startup.homepage
Prefs.js: "hxxp://dts.search-results.com/sr?src=ffb&appid=390&systemid=406&sr=0&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Users\Schlieder\AppData\Roaming\mozilla\Extensions folder moved successfully.
C:\Users\Schlieder\AppData\Roaming\mozilla\Firefox\Profiles\2o1vlqg3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Schlieder\AppData\Roaming\mozilla\Firefox\Profiles\2o1vlqg3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Schlieder\AppData\Roaming\mozilla\Firefox\Profiles\2o1vlqg3.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\Schlieder\AppData\Roaming\mozilla\Firefox\Profiles\2o1vlqg3.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\Schlieder\AppData\Roaming\mozilla\Firefox\Profiles\2o1vlqg3.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Users\Schlieder\AppData\Roaming\mozilla\Firefox\Profiles\2o1vlqg3.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Schlieder\AppData\Roaming\mozilla\Firefox\Profiles\2o1vlqg3.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Schlieder\AppData\Roaming\mozilla\Firefox\Profiles\2o1vlqg3.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Schlieder\AppData\Roaming\mozilla\Firefox\Profiles\2o1vlqg3.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Schlieder\AppData\Roaming\mozilla\Firefox\Profiles\2o1vlqg3.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\Schlieder\AppData\Roaming\mozilla\Firefox\Profiles\2o1vlqg3.default\extensions folder moved successfully.
Folder C:\Users\Schlieder\AppData\Roaming\mozilla\Firefox\Profiles\2o1vlqg3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\ not found.
C:\Users\Schlieder\AppData\Roaming\mozilla\Firefox\Profiles\2o1vlqg3.default\extensions.log folder moved successfully.
File C:\USERS\SCHLIEDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O1VLQG3.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI not found.
File C:\USERS\SCHLIEDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2O1VLQG3.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
C:\Users\Schlieder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip moved successfully.
C:\Users\Schlieder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk moved successfully.
C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16cf100a-8d11-11e0-9e5d-bcaec538fac4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16cf100a-8d11-11e0-9e5d-bcaec538fac4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16cf100a-8d11-11e0-9e5d-bcaec538fac4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16cf100a-8d11-11e0-9e5d-bcaec538fac4}\ not found.
File G:\hotdogs-hotgirls.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32d49dff-7e5b-11e1-bd84-bcaec538fac4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32d49dff-7e5b-11e1-bd84-bcaec538fac4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32d49dff-7e5b-11e1-bd84-bcaec538fac4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32d49dff-7e5b-11e1-bd84-bcaec538fac4}\ not found.
File G:\Installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63f0576f-1ea2-11e1-b372-bcaec538fac4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63f0576f-1ea2-11e1-b372-bcaec538fac4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63f0576f-1ea2-11e1-b372-bcaec538fac4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63f0576f-1ea2-11e1-b372-bcaec538fac4}\ not found.
File G:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da8e1a54-8cf6-11e0-b4c3-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da8e1a54-8cf6-11e0-b4c3-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da8e1a54-8cf6-11e0-b4c3-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da8e1a54-8cf6-11e0-b4c3-806e6f6e6963}\ not found.
File E:\Autorun.exe not found.
C:\ProgramData\z7_0ytr.pad moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Schlieder\Desktop\OTL\cmd.bat deleted successfully.
C:\Users\Schlieder\Desktop\OTL\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Schlieder
->Temp folder emptied: 54645 bytes
->Temporary Internet Files folder emptied: 6305750 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 110925941 bytes
->Flash cache emptied: 90304 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 364128694 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85096 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 746 bytes
RecycleBin emptied: 7631058514 bytes
 
Total Files Cleaned = 7.737,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Schlieder
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 07282012_035826

Files\Folders moved on Reboot...
C:\Users\Schlieder\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Schlieder\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
__________________
Alt 28.07.2012, 12:23   #4
t'john
/// Helfer-Team
 
GVU Troaner Eingefangen - Standard

GVU Troaner Eingefangen


Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 29.07.2012, 00:04   #5
Schlieder
 
GVU Troaner Eingefangen - Standard

GVU Troaner Eingefangen


Alles Erledigt das Erste ist malwarebytes

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.28.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Schlieder :: SCHLIEDER-PC [Administrator]

29.07.2012 00:08:20
mbam-log-2012-07-29 (00-08-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 355951
Laufzeit: 52 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
So und hier ist das AdwCleaner

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/29/2012 at 01:03:23
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Schlieder - SCHLIEDER-PC
# Running from : C:\Users\Schlieder\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Schlieder\AppData\Local\Babylon
Folder Found : C:\Users\Schlieder\AppData\Local\Ilivid Player
Folder Found : C:\Users\Schlieder\AppData\Local\OpenCandy
Folder Found : C:\Users\Schlieder\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Schlieder\AppData\Roaming\Babylon
Folder Found : C:\Users\Schlieder\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Schlieder\AppData\Roaming\Mozilla\Firefox\Profiles\2o1vlqg3.default\ConduitCommon
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\Program Files (x86)\QuestBasic
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
File Found : C:\Users\Schlieder\AppData\Roaming\Mozilla\Firefox\Profiles\2o1vlqg3.default\searchplugins\SearchResults.xml
File Found : C:\Users\Schlieder\AppData\Roaming\Mozilla\Firefox\Profiles\2o1vlqg3.default\searchplugins\Search_Results.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\extensions\{1CE72EFA-E2D1-48FA-A5EC-D7111C2C5BB6}
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Found : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
[x64] Key Found : HKCU\Software\AVG Secure Search
[x64] Key Found : HKCU\Software\DataMngr
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[x64] Key Found : HKLM\SOFTWARE\DataMngr

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{86F14831-D88C-4BC8-B871-C8FB24D95D9B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[x64] Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{86F14831-D88C-4BC8-B871-C8FB24D95D9B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Schlieder\AppData\Roaming\Mozilla\Firefox\Profiles\2o1vlqg3.default\prefs.js

Found : user_pref("CT2653012..clientLogIsEnabled", false);
Found : user_pref("CT2653012..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2653012..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2653012.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2653012.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2653012.BrowserCompStateIsOpen_129514968327663878", true);
Found : user_pref("CT2653012.BrowserCompStateIsOpen_129780839977253423", true);
Found : user_pref("CT2653012.BrowserCompStateIsOpen_129780841964128425", true);
Found : user_pref("CT2653012.BrowserCompStateIsOpen_129780842340847176", true);
Found : user_pref("CT2653012.CTID", "ct2653012");
Found : user_pref("CT2653012.CurrentServerDate", "28-4-2012");
Found : user_pref("CT2653012.DialogsAlignMode", "LTR");
Found : user_pref("CT2653012.DialogsGetterLastCheckTime", "Fri Apr 27 2012 21:50:03 GMT+0200");
Found : user_pref("CT2653012.DownloadReferralCookieData", "");
Found : user_pref("CT2653012.FirstServerDate", "15-8-2011");
Found : user_pref("CT2653012.FirstTime", true);
Found : user_pref("CT2653012.FirstTimeFF3", true);
Found : user_pref("CT2653012.FixPageNotFoundErrors", true);
Found : user_pref("CT2653012.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2653012.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2653012.HasUserGlobalKeys", true);
Found : user_pref("CT2653012.Initialize", true);
Found : user_pref("CT2653012.InitializeCommonPrefs", true);
Found : user_pref("CT2653012.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2653012.InstallationType", "ConduitIntegration");
Found : user_pref("CT2653012.InstalledDate", "Mon Aug 15 2011 02:11:33 GMT+0200");
Found : user_pref("CT2653012.IsAlertDBUpdated", true);
Found : user_pref("CT2653012.IsGrouping", false);
Found : user_pref("CT2653012.IsInitSetupIni", true);
Found : user_pref("CT2653012.IsMulticommunity", false);
Found : user_pref("CT2653012.IsOpenThankYouPage", false);
Found : user_pref("CT2653012.IsOpenUninstallPage", true);
Found : user_pref("CT2653012.LanguagePackLastCheckTime", "Mon Aug 15 2011 02:11:35 GMT+0200");
Found : user_pref("CT2653012.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2653012.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2653012.LastLogin_3.12.0.7", "Sat Apr 28 2012 22:09:10 GMT+0200");
Found : user_pref("CT2653012.LastLogin_3.6.0.10", "Tue Aug 16 2011 17:05:22 GMT+0200");
Found : user_pref("CT2653012.LatestVersion", "3.12.2.3");
Found : user_pref("CT2653012.Locale", "en");
Found : user_pref("CT2653012.MCDetectTooltipHeight", "83");
Found : user_pref("CT2653012.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2653012.MCDetectTooltipWidth", "295");
Found : user_pref("CT2653012.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2653012.OriginalFirstVersion", "3.6.0.10");
Found : user_pref("CT2653012.RadioShrinkedFromSetup", false);
Found : user_pref("CT2653012.SavedHomepage", "hxxp://www.google.de/");
Found : user_pref("CT2653012.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT265[...]
Found : user_pref("CT2653012.SearchInNewTabEnabled", true);
Found : user_pref("CT2653012.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2653012.SearchInNewTabLastCheckTime", "Mon Aug 15 2011 02:11:34 GMT+0200");
Found : user_pref("CT2653012.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2653012.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2653012.ServiceMapLastCheckTime", "Sat Apr 28 2012 23:53:07 GMT+0200");
Found : user_pref("CT2653012.SettingsLastCheckTime", "Mon Aug 15 2011 02:11:32 GMT+0200");
Found : user_pref("CT2653012.SettingsLastUpdate", "1312887586");
Found : user_pref("CT2653012.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2653012.ThirdPartyComponentsLastCheck", "Mon Aug 15 2011 01:49:21 GMT+0200");
Found : user_pref("CT2653012.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT2653012.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2653012.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2653012");
Found : user_pref("CT2653012.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2653012.Uninstall", true);
Found : user_pref("CT2653012.UserID", "UN41332205831332114");
Found : user_pref("CT2653012.alertChannelId", "1045667");
Found : user_pref("CT2653012.ct2653012.DialogsAlignMode", "LTR");
Found : user_pref("CT2653012.ct2653012.InvalidateCache", false);
Found : user_pref("CT2653012.ct2653012.LanguagePackLastCheckTime", "Sat Apr 28 2012 23:53:09 GMT+0200");
Found : user_pref("CT2653012.ct2653012.Locale", "en");
Found : user_pref("CT2653012.ct2653012.RadioLastCheckTime", "Tue Aug 16 2011 17:05:21 GMT+0200");
Found : user_pref("CT2653012.ct2653012.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2653012.ct2653012.RadioLastUpdateServer", "129438915777300000");
Found : user_pref("CT2653012.ct2653012.SearchInNewTabLastCheckTime", "Sat Apr 28 2012 23:53:08 GMT+0200");
Found : user_pref("CT2653012.ct2653012.SettingsLastCheckTime", "Sat Apr 28 2012 23:53:08 GMT+0200");
Found : user_pref("CT2653012.ct2653012.SettingsLastUpdate", "1334070507");
Found : user_pref("CT2653012.ct2653012.ThirdPartyComponentsLastCheck", "Mon Aug 15 2011 02:11:33 GMT+0200");
Found : user_pref("CT2653012.ct2653012.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT2653012.ct2653012.globalFirstTimeInfoLastCheckTime", "Tue Aug 16 2011 17:05:22 GMT+0200[...]
Found : user_pref("CT2653012.ct2653012.toolbarAppMetaDataLastCheckTime", "Sat Apr 28 2012 23:53:09 GMT+0200"[...]
Found : user_pref("CT2653012.ct2653012.toolbarContextMenuLastCheckTime", "Mon Aug 15 2011 02:11:35 GMT+0200"[...]
Found : user_pref("CT2653012.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2653012.globalFirstTimeInfoLastCheckTime", "Mon Aug 15 2011 01:49:23 GMT+0200");
Found : user_pref("CT2653012.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2653012.initDone", true);
Found : user_pref("CT2653012.isAppTrackingManagerOn", true);
Found : user_pref("CT2653012.isFirstRadioInstallation", false);
Found : user_pref("CT2653012.myStuffEnabled", true);
Found : user_pref("CT2653012.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2653012.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2653012.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2653012.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2653012.revertSettingsEnabled", true);
Found : user_pref("CT2653012.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2653012.searchProtectorEnableByLogin", true);
Found : user_pref("CT2653012.testingCtid", "");
Found : user_pref("CT2653012.toolbarAppMetaDataLastCheckTime", "Mon Aug 15 2011 01:49:23 GMT+0200");
Found : user_pref("CT2653012.toolbarContextMenuLastCheckTime", "Mon Aug 15 2011 02:11:35 GMT+0200");
Found : user_pref("CT2653012.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2653012&Search[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2653012/CT2653012[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2653012", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2653012",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2653012&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2653012&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"c46[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Schlieder\\AppData\\Roaming\\Mozill[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2653012");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2653012");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2653012");
Found : user_pref("CommunityToolbar.globalUserId", "aa41bd21-4607-4551-85c8-e23d003dae46");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2653012");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Aug 16 2011 17:05:2[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Aug 16 2011 17:05:22 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "ef55271e-f2e6-4227-92ea-da7f70d0b178");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 6);
Found : user_pref("extensions.BabylonToolbar.cntry", "DE");
Found : user_pref("extensions.BabylonToolbar.firstRun", false);
Found : user_pref("extensions.BabylonToolbar.hdrMd5", "F8FF6777DF0E99466265AFC8CABF441F");
Found : user_pref("extensions.BabylonToolbar.lastActv", "6");
Found : user_pref("extensions.BabylonToolbar.lastDP", 6);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.31.29:34:25");
Found : user_pref("extensions.BabylonToolbar.newTab", true);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Found : user_pref("extensions.BabylonToolbar.propectorlck", 59094045);
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108298");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "fafb1b09000000000000bcaec538fac4");
Found : user_pref("extensions.BabylonToolbar_i.id", "fafb1b09000000000000bcaec538fac4");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15369");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:16:00");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Found : user_pref("extensions.facemoods.firstRun", false);
Found : user_pref("extensions.facemoods.lastActv", "6");
Found : user_pref("extensions.genieo.genieoHomepageUrl", "hxxp://isearch.avg.com/?cid={7361850D-2233-41EF-B6[...]
Found : user_pref("extensions.questbasic.init", true);

*************************

AdwCleaner[R1].txt - [22881 octets] - [29/07/2012 01:03:23]

########## EOF - C:\AdwCleaner[R1].txt - [23010 octets] ##########
Hoffe das so alles Richtig und in Ordnung ist ^^ Wenn noch was ist lasst es mich wissen bzw ist noch ürgentwas wegen troaner oder so drauf ? will es nicht Hoffen ^^

LG


Alt 29.07.2012, 12:48   #6
t'john
/// Helfer-Team
 
GVU Troaner Eingefangen - Standard

GVU Troaner Eingefangen


Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
--> GVU Troaner Eingefangen

Alt 30.07.2012, 23:02   #7
Schlieder
 
GVU Troaner Eingefangen - Standard

GVU Troaner Eingefangen


So AdwCleaner

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/30/2012 at 22:20:52
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Schlieder - SCHLIEDER-PC
# Running from : C:\Users\Schlieder\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Schlieder\AppData\Local\Babylon
Folder Deleted : C:\Users\Schlieder\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Schlieder\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Schlieder\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Schlieder\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Schlieder\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Schlieder\AppData\Roaming\Mozilla\Firefox\Profiles\2o1vlqg3.default\ConduitCommon
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\QuestBasic
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Users\Schlieder\AppData\Roaming\Mozilla\Firefox\Profiles\2o1vlqg3.default\searchplugins\SearchResults.xml
File Deleted : C:\Users\Schlieder\AppData\Roaming\Mozilla\Firefox\Profiles\2o1vlqg3.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\extensions\{1CE72EFA-E2D1-48FA-A5EC-D7111C2C5BB6}
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
[x64] Key Deleted : HKLM\SOFTWARE\DataMngr

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{86F14831-D88C-4BC8-B871-C8FB24D95D9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Schlieder\AppData\Roaming\Mozilla\Firefox\Profiles\2o1vlqg3.default\prefs.js

C:\Users\Schlieder\AppData\Roaming\Mozilla\Firefox\Profiles\2o1vlqg3.default\user.js ... Deleted !

Deleted : user_pref("CT2653012..clientLogIsEnabled", false);
Deleted : user_pref("CT2653012..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2653012..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2653012.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2653012.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2653012.BrowserCompStateIsOpen_129514968327663878", true);
Deleted : user_pref("CT2653012.BrowserCompStateIsOpen_129780839977253423", true);
Deleted : user_pref("CT2653012.BrowserCompStateIsOpen_129780841964128425", true);
Deleted : user_pref("CT2653012.BrowserCompStateIsOpen_129780842340847176", true);
Deleted : user_pref("CT2653012.CTID", "ct2653012");
Deleted : user_pref("CT2653012.CurrentServerDate", "28-4-2012");
Deleted : user_pref("CT2653012.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2653012.DialogsGetterLastCheckTime", "Fri Apr 27 2012 21:50:03 GMT+0200");
Deleted : user_pref("CT2653012.DownloadReferralCookieData", "");
Deleted : user_pref("CT2653012.FirstServerDate", "15-8-2011");
Deleted : user_pref("CT2653012.FirstTime", true);
Deleted : user_pref("CT2653012.FirstTimeFF3", true);
Deleted : user_pref("CT2653012.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2653012.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2653012.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2653012.HasUserGlobalKeys", true);
Deleted : user_pref("CT2653012.Initialize", true);
Deleted : user_pref("CT2653012.InitializeCommonPrefs", true);
Deleted : user_pref("CT2653012.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2653012.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2653012.InstalledDate", "Mon Aug 15 2011 02:11:33 GMT+0200");
Deleted : user_pref("CT2653012.IsAlertDBUpdated", true);
Deleted : user_pref("CT2653012.IsGrouping", false);
Deleted : user_pref("CT2653012.IsInitSetupIni", true);
Deleted : user_pref("CT2653012.IsMulticommunity", false);
Deleted : user_pref("CT2653012.IsOpenThankYouPage", false);
Deleted : user_pref("CT2653012.IsOpenUninstallPage", true);
Deleted : user_pref("CT2653012.LanguagePackLastCheckTime", "Mon Aug 15 2011 02:11:35 GMT+0200");
Deleted : user_pref("CT2653012.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2653012.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2653012.LastLogin_3.12.0.7", "Sat Apr 28 2012 22:09:10 GMT+0200");
Deleted : user_pref("CT2653012.LastLogin_3.6.0.10", "Tue Aug 16 2011 17:05:22 GMT+0200");
Deleted : user_pref("CT2653012.LatestVersion", "3.12.2.3");
Deleted : user_pref("CT2653012.Locale", "en");
Deleted : user_pref("CT2653012.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2653012.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2653012.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2653012.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2653012.OriginalFirstVersion", "3.6.0.10");
Deleted : user_pref("CT2653012.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2653012.SavedHomepage", "hxxp://www.google.de/");
Deleted : user_pref("CT2653012.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT265[...]
Deleted : user_pref("CT2653012.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2653012.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2653012.SearchInNewTabLastCheckTime", "Mon Aug 15 2011 02:11:34 GMT+0200");
Deleted : user_pref("CT2653012.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2653012.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2653012.ServiceMapLastCheckTime", "Sat Apr 28 2012 23:53:07 GMT+0200");
Deleted : user_pref("CT2653012.SettingsLastCheckTime", "Mon Aug 15 2011 02:11:32 GMT+0200");
Deleted : user_pref("CT2653012.SettingsLastUpdate", "1312887586");
Deleted : user_pref("CT2653012.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2653012.ThirdPartyComponentsLastCheck", "Mon Aug 15 2011 01:49:21 GMT+0200");
Deleted : user_pref("CT2653012.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2653012.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2653012.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2653012");
Deleted : user_pref("CT2653012.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2653012.Uninstall", true);
Deleted : user_pref("CT2653012.UserID", "UN41332205831332114");
Deleted : user_pref("CT2653012.alertChannelId", "1045667");
Deleted : user_pref("CT2653012.ct2653012.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2653012.ct2653012.InvalidateCache", false);
Deleted : user_pref("CT2653012.ct2653012.LanguagePackLastCheckTime", "Sat Apr 28 2012 23:53:09 GMT+0200");
Deleted : user_pref("CT2653012.ct2653012.Locale", "en");
Deleted : user_pref("CT2653012.ct2653012.RadioLastCheckTime", "Tue Aug 16 2011 17:05:21 GMT+0200");
Deleted : user_pref("CT2653012.ct2653012.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2653012.ct2653012.RadioLastUpdateServer", "129438915777300000");
Deleted : user_pref("CT2653012.ct2653012.SearchInNewTabLastCheckTime", "Sat Apr 28 2012 23:53:08 GMT+0200");
Deleted : user_pref("CT2653012.ct2653012.SettingsLastCheckTime", "Sat Apr 28 2012 23:53:08 GMT+0200");
Deleted : user_pref("CT2653012.ct2653012.SettingsLastUpdate", "1334070507");
Deleted : user_pref("CT2653012.ct2653012.ThirdPartyComponentsLastCheck", "Mon Aug 15 2011 02:11:33 GMT+0200");
Deleted : user_pref("CT2653012.ct2653012.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2653012.ct2653012.globalFirstTimeInfoLastCheckTime", "Tue Aug 16 2011 17:05:22 GMT+0200[...]
Deleted : user_pref("CT2653012.ct2653012.toolbarAppMetaDataLastCheckTime", "Sat Apr 28 2012 23:53:09 GMT+0200"[...]
Deleted : user_pref("CT2653012.ct2653012.toolbarContextMenuLastCheckTime", "Mon Aug 15 2011 02:11:35 GMT+0200"[...]
Deleted : user_pref("CT2653012.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2653012.globalFirstTimeInfoLastCheckTime", "Mon Aug 15 2011 01:49:23 GMT+0200");
Deleted : user_pref("CT2653012.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2653012.initDone", true);
Deleted : user_pref("CT2653012.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2653012.isFirstRadioInstallation", false);
Deleted : user_pref("CT2653012.myStuffEnabled", true);
Deleted : user_pref("CT2653012.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2653012.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2653012.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2653012.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2653012.revertSettingsEnabled", true);
Deleted : user_pref("CT2653012.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2653012.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2653012.testingCtid", "");
Deleted : user_pref("CT2653012.toolbarAppMetaDataLastCheckTime", "Mon Aug 15 2011 01:49:23 GMT+0200");
Deleted : user_pref("CT2653012.toolbarContextMenuLastCheckTime", "Mon Aug 15 2011 02:11:35 GMT+0200");
Deleted : user_pref("CT2653012.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2653012&Search[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2653012/CT2653012[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2653012", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2653012",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2653012&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2653012&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"c46[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Schlieder\\AppData\\Roaming\\Mozill[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2653012");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2653012");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2653012");
Deleted : user_pref("CommunityToolbar.globalUserId", "aa41bd21-4607-4551-85c8-e23d003dae46");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2653012");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Aug 16 2011 17:05:2[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Aug 16 2011 17:05:22 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "ef55271e-f2e6-4227-92ea-da7f70d0b178");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 6);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "DE");
Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "F8FF6777DF0E99466265AFC8CABF441F");
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "6");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 6);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.31.29:34:25");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 59094045);
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108298");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "fafb1b09000000000000bcaec538fac4");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "fafb1b09000000000000bcaec538fac4");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15369");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:16:00");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Deleted : user_pref("extensions.facemoods.firstRun", false);
Deleted : user_pref("extensions.facemoods.lastActv", "6");
Deleted : user_pref("extensions.genieo.genieoHomepageUrl", "hxxp://isearch.avg.com/?cid={7361850D-2233-41EF-B6[...]
Deleted : user_pref("extensions.questbasic.init", true);

*************************

AdwCleaner[R1].txt - [22944 octets] - [29/07/2012 01:03:23]
AdwCleaner[S1].txt - [21157 octets] - [30/07/2012 22:20:52]

########## EOF - C:\AdwCleaner[S1].txt - [21286 octets] ##########
und beim anderen muss ich passen Lässt sich nicht Installieren bzw ich soll da was bezahlen gibs ne andere möglichkeit ?? habe ja noch immer das
Malwarebytes Anti-Malware ist es nett das selbe ??

Alt 30.07.2012, 23:28   #8
t'john
/// Helfer-Team
 
GVU Troaner Eingefangen - Standard

GVU Troaner Eingefangen


Da gibt es einen kostenlosen Scan!
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.08.2012, 19:51   #9
t'john
/// Helfer-Team
 
GVU Troaner Eingefangen - Standard

GVU Troaner Eingefangen


Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu GVU Troaner Eingefangen
alternative, angeblich, anhang, antiviren, camera, einfach, eingefangen, entfernt, fenster, gen, guten, gvu bundespolizei bka ukash, internet, kleine, kleinen, neu, nicht mehr, nichts, programme, rechts, router, security, seite, tipps, troaner, weitergeleitet, wärend


« Ukash Trojaner eingefangen, OTL-Scan ausgeführt | Computer wurde gesperrt »


Ähnliche Themen: GVU Troaner Eingefangen


  1. Windows XP: Troaner gefunden und gelöscht, ist mein PC wieder völlig sauber?
    Log-Analyse und Auswertung - 24.10.2014 (15)
  2. Was hab ich mir da eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 08.07.2013 (3)
  3. GVU eingefangen
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (44)
  4. GVU 2.07 eingefangen
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (16)
  5. Hab ich mir da was eingefangen?
    Log-Analyse und Auswertung - 07.03.2011 (26)
  6. Hab ich mir was eingefangen?
    Mülltonne - 26.09.2008 (1)
  7. Hab mir was eingefangen!!!
    Mülltonne - 21.08.2008 (0)
  8. Hab mir was eingefangen!!!
    Mülltonne - 21.08.2008 (1)
  9. Hab ich mir was eingefangen?
    Log-Analyse und Auswertung - 20.07.2008 (6)
  10. Hab ich was eingefangen?
    Mülltonne - 15.06.2007 (1)
  11. Hab ich mir was eingefangen?
    Log-Analyse und Auswertung - 15.06.2007 (3)
  12. Probleme bei einem Troaner
    Log-Analyse und Auswertung - 31.05.2007 (1)
  13. Hab mir was eingefangen
    Log-Analyse und Auswertung - 24.04.2007 (11)
  14. Eingefangen ???
    Log-Analyse und Auswertung - 16.02.2007 (11)
  15. Hab mir was eingefangen!!!
    Log-Analyse und Auswertung - 29.12.2005 (3)
  16. Hab ich mir was eingefangen?
    Log-Analyse und Auswertung - 16.08.2005 (3)
  17. chj/cws eingefangen...
    Log-Analyse und Auswertung - 10.02.2005 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Troaner Eingefangen - Guten Abend Liebe Community bin neu hier und Breuchte Dringent hilfe ich habe wärend ich so gesurft bin mir einen sogenanten GVU Troaner eingefangen konte nix machen nur eine seite - GVU Troaner Eingefangen...
Archiv
Du betrachtest: GVU Troaner Eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131