Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU-Virus unter Win 7 - das nächste Opfer (https://www.trojaner-board.de/119213-gvu-virus-win-7-naechste-opfer.html)

Pedro64 11.07.2012 19:14

GVU-Virus unter Win 7 - das nächste Opfer
 
Hallo,

erstmal schön, dass es euch gibt (und dass ich eich gefunden habe) und dass ihr hier so nett seid und anderen helft.

Zu meinem Problem: ich habe mir ebenfalls den Bundespolizei-Virus eingefangen. defogger und OTL habe ich laufen lassen.
Ich hoffe, das Anhängen der Dateien hat funktioniert.

Schon mal Danke für eure Hilfe.

t'john 11.07.2012 20:56

:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1916146632-4209647930-2302923303-1003\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1916146632-4209647930-2302923303-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1916146632-4209647930-2302923303-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1916146632-4209647930-2302923303-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..network.proxy.type: 0
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1916146632-4209647930-2302923303-1003\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [WavXMgr] ";C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" File not found
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-430053540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f80241bf-01e9-11e0-919d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f80241bf-01e9-11e0-919d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Client_Installation.exe


:Commands
ipconfig /flushdns /c
[emptytemp]
[emptyflash]
[resethosts]

  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Pedro64 11.07.2012 21:36

hallo t'john

habs vermutlich vermasselt. Ich hatte vergessen den Virenscanner (Avira) zu deaktivieren bevor ich den fix gestartet habe. Nun steht OTL seit ca. 20 Minuten mit der Meldung "Resetting HOSTS File. DO NOT INTERRUPT..." und es scheint sich nichts mehr zu tun.
Sorry für meine Blödheit - bin heute etwas von der Rolle.

t'john 12.07.2012 00:21

Mach Dir keine Gedanken :)

Deaktiviere Avira und lasse den Fix erneut laufen.

Poste dann das Log.

Pedro64 12.07.2012 01:37

Wow, habs ja doch noch geschafft :)
Nachdem ich OTL das 2. Mal gestartet habe, hab ich folgendes Log erhalten:

Code:

Files\Folders moved on Reboot...
File\Folder C:\Users\Pedro\AppData\Local\Temp\{E4AE2C71-DDB6-4229-9F20-204F6CFCB774}\fpb.tmp not found!
File move failed. C:\Users\Pedro\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Windows\System32\drivers\etc\Hosts moved successfully.

PendingFileRenameOperations files...
File C:\Users\Pedro\AppData\Local\Temp\{E4AE2C71-DDB6-4229-9F20-204F6CFCB774}\fpb.tmp not found!
[2012.07.11 02:42:49 | 000,000,000 | ---- | M] () C:\Users\Pedro\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5
File C:\Windows\System32\drivers\etc\Hosts not found!

Registry entries deleted on Reboot...

Nach dem 2. Fix und reboot erhielt ich folgendes:

Code:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files (x86)\Freecorder\prxtbFre0.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1916146632-4209647930-2302923303-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files (x86)\Freecorder\prxtbFre0.dll not found.
HKEY_USERS\S-1-5-21-1916146632-4209647930-2302923303-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-1916146632-4209647930-2302923303-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1916146632-4209647930-2302923303-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files (x86)\Freecorder\prxtbFre0.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files (x86)\Freecorder\prxtbFre0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\S-1-5-21-1916146632-4209647930-2302923303-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
File C:\Program Files (x86)\Freecorder\prxtbFre0.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WavXMgr not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IMSS not found.
File C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
File move failed. C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk scheduled to be moved on reboot.
File C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-430053540000}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-430053540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-430053540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-430053540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-430053540000}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f80241bf-01e9-11e0-919d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f80241bf-01e9-11e0-919d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f80241bf-01e9-11e0-919d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f80241bf-01e9-11e0-919d-806e6f6e6963}\ not found.
File F:\Client_Installation.exe not found.
========== COMMANDS ==========
Error: Unable to interpret <ipconfig /flushdns /c> in the current context!
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Drucker
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Pedro
->Temp folder emptied: 465096 bytes
->Temporary Internet Files folder emptied: 2046194 bytes
->Flash cache emptied: 492 bytes
 
User: Peter
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2,00 mb
 
 
[EMPTYFLASH]
 
User: Admin
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
 
User: Default User
 
User: Drucker
->Flash cache emptied: 0 bytes
 
User: Pedro
->Flash cache emptied: 0 bytes
 
User: Peter
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07122012_022506

Files\Folders moved on Reboot...
File\Folder C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk not found!
C:\Users\Pedro\AppData\Local\Temp\{F75A8FC9-D6F5-44A0-B1EF-890FD33B053D}\fpb.tmp moved successfully.
File move failed. C:\Users\Pedro\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk not found!
File C:\Users\Pedro\AppData\Local\Temp\{F75A8FC9-D6F5-44A0-B1EF-890FD33B053D}\fpb.tmp not found!
[2012.07.12 02:26:45 | 000,000,000 | ---- | M] () C:\Users\Pedro\AppData\Local\Temp\FXSAPIDebugLogFile.txt : Unable to obtain MD5

Registry entries deleted on Reboot...


t'john 12.07.2012 12:02

Sehr gut!

Wie laueft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Pedro64 12.07.2012 17:32

Hallo t'John

Der Rechner scheint wieder einwandfrei zu laufen.

Log von Malwarebytes:
Code:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: PETERS_ACER [Administrator]

Schutz: Aktiviert

12.07.2012 17:47:05
mbam-log-2012-07-12 (17-47-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 441214
Laufzeit: 32 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Log von adwcleaner:
Code:

# AdwCleaner v1.701 - Logfile created 07/12/2012 at 18:21:54
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Admin - PETERS_ACER
# Running from : C:\Users\Pedro\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Peter\AppData\Local\Conduit
Folder Found : C:\Users\Peter\AppData\LocalLow\Conduit
Folder Found : C:\Users\Peter\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Peter\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Admin\AppData\LocalLow\Conduit
Folder Found : C:\Users\Admin\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Admin\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Drucker\AppData\LocalLow\Conduit
Folder Found : C:\Users\Drucker\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Drucker\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Pedro\AppData\LocalLow\Conduit
Folder Found : C:\Users\Pedro\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\54kyerfz.default\Conduit
Folder Found : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\54kyerfz.default\ConduitCommon
Folder Found : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\54kyerfz.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Found : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\54kyerfz.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Found : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7s9vj2oo.default\extensions\staged
Folder Found : C:\Program Files (x86)\Conduit

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\PriceGong
[x64] Key Found : HKCU\Software\AppDataLow\Toolbar
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0 (de)

Profile name : default
File : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\54kyerfz.default\prefs.js

Found : user_pref("CT1060933..clientLogIsEnabled", false);
Found : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT1060933.AppTrackingLastCheckTime", "Tue Mar 20 2012 22:06:40 GMT+0100");
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129633202291172081", true);
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129652058719725628", true);
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Found : user_pref("CT1060933.CTID", "CT1060933");
Found : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Wed Jul 11 2012 00:28:54 GMT+0200");
Found : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Found : user_pref("CT1060933.CommunityChanged", true);
Found : user_pref("CT1060933.CurrentServerDate", "10-7-2012");
Found : user_pref("CT1060933.DialogsAlignMode", "LTR");
Found : user_pref("CT1060933.DialogsGetterLastCheckTime", "Mon Jul 09 2012 00:06:52 GMT+0200");
Found : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
Found : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Wed Jul 04 2012 18:29:52 GMT+0200");
Found : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983");
Found : user_pref("CT1060933.DownloadReferralCookieData", "");
Found : user_pref("CT1060933.FirstServerDate", "9-1-2011");
Found : user_pref("CT1060933.FirstTime", true);
Found : user_pref("CT1060933.FirstTimeFF3", true);
Found : user_pref("CT1060933.FixPageNotFoundErrors", false);
Found : user_pref("CT1060933.GroupingInvalidateCache", false);
Found : user_pref("CT1060933.GroupingLastCheckTime", "0");
Found : user_pref("CT1060933.GroupingLastServerUpdateTime", "0");
Found : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Found : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT1060933.HasUserGlobalKeys", true);
Found : user_pref("CT1060933.HomePageProtectorEnabled", false);
Found : user_pref("CT1060933.Initialize", true);
Found : user_pref("CT1060933.InitializeCommonPrefs", true);
Found : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT1060933.InstalledDate", "Sun Jan 09 2011 14:22:53 GMT+0100");
Found : user_pref("CT1060933.InvalidateCache", false);
Found : user_pref("CT1060933.IsAlertDBUpdated", true);
Found : user_pref("CT1060933.IsGrouping", false);
Found : user_pref("CT1060933.IsMulticommunity", true);
Found : user_pref("CT1060933.IsOpenThankYouPage", true);
Found : user_pref("CT1060933.IsOpenUninstallPage", true);
Found : user_pref("CT1060933.LanguagePackLastCheckTime", "Tue Jul 10 2012 01:11:47 GMT+0200");
Found : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT1060933.LastLogin_3.10.0.1", "Mon Apr 23 2012 21:57:38 GMT+0200");
Found : user_pref("CT1060933.LastLogin_3.12.0.7", "Thu Apr 26 2012 20:25:06 GMT+0200");
Found : user_pref("CT1060933.LastLogin_3.12.2.3", "Thu May 31 2012 22:56:10 GMT+0200");
Found : user_pref("CT1060933.LastLogin_3.13.0.6", "Tue Jul 10 2012 21:16:41 GMT+0200");
Found : user_pref("CT1060933.LastLogin_3.2.1.3", "Sun Jan 09 2011 14:22:55 GMT+0100");
Found : user_pref("CT1060933.LastLogin_3.2.5.2", "Mon Mar 21 2011 17:53:07 GMT+0100");
Found : user_pref("CT1060933.LastLogin_3.3.2.1", "Fri Mar 25 2011 20:25:26 GMT+0100");
Found : user_pref("CT1060933.LastLogin_3.3.3.2", "Thu Aug 18 2011 10:25:45 GMT+0200");
Found : user_pref("CT1060933.LastLogin_3.6.0.10", "Sat Oct 15 2011 11:31:46 GMT+0200");
Found : user_pref("CT1060933.LastLogin_3.7.0.6", "Mon Nov 07 2011 22:17:07 GMT+0100");
Found : user_pref("CT1060933.LastLogin_3.8.0.8", "Tue Dec 06 2011 14:34:54 GMT+0100");
Found : user_pref("CT1060933.LastLogin_3.8.1.0", "Mon Jan 09 2012 23:07:46 GMT+0100");
Found : user_pref("CT1060933.LastLogin_3.9.0.3", "Thu Feb 16 2012 18:47:58 GMT+0100");
Found : user_pref("CT1060933.LatestVersion", "3.13.0.6");
Found : user_pref("CT1060933.Locale", "en-us");
Found : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Found : user_pref("CT1060933.MCDetectTooltipShow", true);
Found : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Found : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT1060933.RadioIsPodcast", false);
Found : user_pref("CT1060933.RadioLastCheckTime", "Tue Jul 10 2012 01:12:16 GMT+0200");
Found : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Found : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Found : user_pref("CT1060933.RadioMediaID", "21504193");
Found : user_pref("CT1060933.RadioMediaType", "Media Player");
Found : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT1060933_RECENT21504193");
Found : user_pref("CT1060933.RadioShrinkedFromSetup", false);
Found : user_pref("CT1060933.RadioStationName", "Blues%20HiFi");
Found : user_pref("CT1060933.RadioStationURL", "hxxp://www.radioindy.com/jamroom/play.php?mode=radio&id=463"[...]
Found : user_pref("CT1060933.SearchBoxWidth", 175);
Found : user_pref("CT1060933.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Found : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Found : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Found : user_pref("CT1060933.SearchInNewTabEnabled", true);
Found : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Tue Jul 10 2012 01:11:45 GMT+0200");
Found : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT1060933.SearchInNewTabUserEnabled", false);
Found : user_pref("CT1060933.SearchProtectorEnabled", false);
Found : user_pref("CT1060933.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT1060933.ServiceMapLastCheckTime", "Tue Jul 10 2012 01:11:46 GMT+0200");
Found : user_pref("CT1060933.SettingsLastCheckTime", "Wed Jul 11 2012 00:15:04 GMT+0200");
Found : user_pref("CT1060933.SettingsLastUpdate", "1341409951");
Found : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Wed Jul 04 2012 01:52:09 GMT+0200");
Found : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT1060933.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Found : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT1060933.UserID", "UN06768100567291402");
Found : user_pref("CT1060933.ValidationData_Search", 2);
Found : user_pref("CT1060933.ValidationData_Toolbar", 2);
Found : user_pref("CT1060933.alertChannelId", "15651");
Found : user_pref("CT1060933.approveUntrustedApps", false);
Found : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Found : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Found : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Found : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "247E70756B74757945473D3E3C3D3F3B224D4245327A342[...]
Found : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Found : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Found : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D6F6F6D71756D7471");
Found : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473757573777B737A77242F4B4947[...]
Found : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Found : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Found : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cji5c;m\"mbe", "247E61393F236B256F77767A2A212C6E414F444[...]
Found : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Found : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Found : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Found : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Found : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Found : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Found : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Found : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Found : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Found : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Found : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Found : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Found : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Found : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Found : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Found : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Found : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Found : user_pref("CT1060933.backendstorage./9b-0?3g>d", "6E6E3D6F3F4370407A727872772075784E4C254F217D4F2A56[...]
Found : user_pref("CT1060933.backendstorage./9b-0?3g@6:5;", "");
Found : user_pref("CT1060933.backendstorage./9b-0?3gfa7ef", "393F352F3E");
Found : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Found : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Found : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484778213F3E484F4E4D464[...]
Found : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "686A3C3E6E3E43717A6F7479757579784B4F4B7C7C");
Found : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6F6D71756D7474767578");
Found : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A");
Found : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E");
Found : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443");
Found : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Found : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D");
Found : user_pref("CT1060933.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Found : user_pref("CT1060933.backendstorage.autocompletepro_enable", "31");
Found : user_pref("CT1060933.backendstorage.autocompletepro_enable_auto", "30");
Found : user_pref("CT1060933.backendstorage.cb_firstuse0100", "31");
Found : user_pref("CT1060933.backendstorage.cbfirsttime", "5475652044656320313320323031312030313A31383A35382[...]
Found : user_pref("CT1060933.backendstorage.shoppingapp.gk.exipres", "53756E2044656320323520323031312031373A[...]
Found : user_pref("CT1060933.backendstorage.shoppingapp.gk.geolocation", "61757374726961");
Found : user_pref("CT1060933.backendstorage.url_history", "687474703A2F2F7777772E766F6C2E61742F67656F7267652[...]
Found : user_pref("CT1060933.backendstorage.url_history_time", "31333234343130313339393232");
Found : user_pref("CT1060933.components.129032145384800518", true);
Found : user_pref("CT1060933.components.129032148247613461", true);
Found : user_pref("CT1060933.components.129032152822456983", true);
Found : user_pref("CT1060933.components.129032154330894193", true);
Found : user_pref("CT1060933.components.129032155426050046", true);
Found : user_pref("CT1060933.components.129032157011675027", true);
Found : user_pref("CT1060933.components.129032162642925076", true);
Found : user_pref("CT1060933.components.129078058382649592", false);
Found : user_pref("CT1060933.components.129272674122038321", false);
Found : user_pref("CT1060933.components.129652058719725628", false);
Found : user_pref("CT1060933.components.129677514212584059", false);
Found : user_pref("CT1060933.components.129681785283868963", false);
Found : user_pref("CT1060933.components.129686665230467549", false);
Found : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Mon Jul 02 2012 17:38:10 GMT+0200");
Found : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Found : user_pref("CT1060933.initDone", true);
Found : user_pref("CT1060933.isAppTrackingManagerOn", true);
Found : user_pref("CT1060933.isFirstRadioInstallation", false);
Found : user_pref("CT1060933.myStuffEnabled", true);
Found : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Found : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT1060933.oldAppsList", "200,128346981843587669,128280995260143876,111,129272674122038321[...]
Found : user_pref("CT1060933.revertSettingsEnabled", true);
Found : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Found : user_pref("CT1060933.testingCtid", "");
Found : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Tue Jul 10 2012 01:11:47 GMT+0200");
Found : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Tue Jul 10 2012 19:23:58 GMT+0200");
Found : user_pref("CT1060933.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/AT", "\"0\"");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AT", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1060933&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Found : user_pref("CommunityToolbar.EngineOwner", "");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "freecorder");
Found : user_pref("CommunityToolbar.IsEngineShown", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Peter\\AppData\\Roaming\\Mozilla\\F[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Found : user_pref("CommunityToolbar.MiniIPageGadgetPosition. hxxp://storage.conduit.com/gadgets/LiveTV.html?[...]
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize. hxxp://storage.conduit.com/gadgets/LiveTV.html?sour[...]
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1060933");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "freecorder");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Mar 21 2011 19:29:14 GMT+01[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Aug 18 2011 13:34:45 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Aug 18 2011 10:25:44 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "353bf4d3-995a-4c38-977f-e294a69ce9fd");
Found : user_pref("CommunityToolbar.globalUserId", "62592e02-0add-4d09-aff7-04cb0c002aa2");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.killedEngine", true);
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jul 08 2012 16:12:0[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Jul 10 2012 01:11:54 GMT+020[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Jul 10 2012 01:11:46 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "e812edda-3ce8-4ba3-9330-e6be0c15f554");
Found : user_pref("CommunityToolbar.undefined", "");

Profile name : default
File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7s9vj2oo.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [27780 octets] - [12/07/2012 18:21:54]

########## EOF - \AdwCleaner[R1].txt - [27909 octets] ##########

Soweit ich das interpretieren kann, scheint wieder alles sauber zu sein :Boogie:

t'john 12.07.2012 19:12

Sehr gut! :daumenhoc

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.


danach:


Aktualisiere die DATENBANK
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

Pedro64 12.07.2012 20:28

ok, folgende Ergebnisse:

AdwCleaner:
Code:

# AdwCleaner v1.701 - Logfile created 07/12/2012 at 20:35:27
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Admin - PETERS_ACER
# Running from : C:\Users\Pedro\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Peter\AppData\Local\Conduit
Folder Deleted : C:\Users\Peter\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Peter\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Peter\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Admin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Admin\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Admin\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Drucker\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Drucker\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Drucker\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Pedro\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Pedro\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\54kyerfz.default\Conduit
Folder Deleted : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\54kyerfz.default\ConduitCommon
Folder Deleted : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\54kyerfz.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Deleted : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7s9vj2oo.default\extensions\staged
Folder Deleted : C:\Program Files (x86)\Conduit

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0 (de)

Profile name : default
File : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\54kyerfz.default\prefs.js

Deleted : user_pref("CT1060933..clientLogIsEnabled", false);
Deleted : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1060933.AppTrackingLastCheckTime", "Tue Mar 20 2012 22:06:40 GMT+0100");
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129633202291172081", true);
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129652058719725628", true);
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Deleted : user_pref("CT1060933.CTID", "CT1060933");
Deleted : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Wed Jul 11 2012 00:28:54 GMT+0200");
Deleted : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Deleted : user_pref("CT1060933.CommunityChanged", true);
Deleted : user_pref("CT1060933.CurrentServerDate", "10-7-2012");
Deleted : user_pref("CT1060933.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1060933.DialogsGetterLastCheckTime", "Mon Jul 09 2012 00:06:52 GMT+0200");
Deleted : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
Deleted : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Wed Jul 04 2012 18:29:52 GMT+0200");
Deleted : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983");
Deleted : user_pref("CT1060933.DownloadReferralCookieData", "");
Deleted : user_pref("CT1060933.FirstServerDate", "9-1-2011");
Deleted : user_pref("CT1060933.FirstTime", true);
Deleted : user_pref("CT1060933.FirstTimeFF3", true);
Deleted : user_pref("CT1060933.FixPageNotFoundErrors", false);
Deleted : user_pref("CT1060933.GroupingInvalidateCache", false);
Deleted : user_pref("CT1060933.GroupingLastCheckTime", "0");
Deleted : user_pref("CT1060933.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1060933.HasUserGlobalKeys", true);
Deleted : user_pref("CT1060933.HomePageProtectorEnabled", false);
Deleted : user_pref("CT1060933.Initialize", true);
Deleted : user_pref("CT1060933.InitializeCommonPrefs", true);
Deleted : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT1060933.InstalledDate", "Sun Jan 09 2011 14:22:53 GMT+0100");
Deleted : user_pref("CT1060933.InvalidateCache", false);
Deleted : user_pref("CT1060933.IsAlertDBUpdated", true);
Deleted : user_pref("CT1060933.IsGrouping", false);
Deleted : user_pref("CT1060933.IsMulticommunity", true);
Deleted : user_pref("CT1060933.IsOpenThankYouPage", true);
Deleted : user_pref("CT1060933.IsOpenUninstallPage", true);
Deleted : user_pref("CT1060933.LanguagePackLastCheckTime", "Tue Jul 10 2012 01:11:47 GMT+0200");
Deleted : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1060933.LastLogin_3.10.0.1", "Mon Apr 23 2012 21:57:38 GMT+0200");
Deleted : user_pref("CT1060933.LastLogin_3.12.0.7", "Thu Apr 26 2012 20:25:06 GMT+0200");
Deleted : user_pref("CT1060933.LastLogin_3.12.2.3", "Thu May 31 2012 22:56:10 GMT+0200");
Deleted : user_pref("CT1060933.LastLogin_3.13.0.6", "Tue Jul 10 2012 21:16:41 GMT+0200");
Deleted : user_pref("CT1060933.LastLogin_3.2.1.3", "Sun Jan 09 2011 14:22:55 GMT+0100");
Deleted : user_pref("CT1060933.LastLogin_3.2.5.2", "Mon Mar 21 2011 17:53:07 GMT+0100");
Deleted : user_pref("CT1060933.LastLogin_3.3.2.1", "Fri Mar 25 2011 20:25:26 GMT+0100");
Deleted : user_pref("CT1060933.LastLogin_3.3.3.2", "Thu Aug 18 2011 10:25:45 GMT+0200");
Deleted : user_pref("CT1060933.LastLogin_3.6.0.10", "Sat Oct 15 2011 11:31:46 GMT+0200");
Deleted : user_pref("CT1060933.LastLogin_3.7.0.6", "Mon Nov 07 2011 22:17:07 GMT+0100");
Deleted : user_pref("CT1060933.LastLogin_3.8.0.8", "Tue Dec 06 2011 14:34:54 GMT+0100");
Deleted : user_pref("CT1060933.LastLogin_3.8.1.0", "Mon Jan 09 2012 23:07:46 GMT+0100");
Deleted : user_pref("CT1060933.LastLogin_3.9.0.3", "Thu Feb 16 2012 18:47:58 GMT+0100");
Deleted : user_pref("CT1060933.LatestVersion", "3.13.0.6");
Deleted : user_pref("CT1060933.Locale", "en-us");
Deleted : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1060933.MCDetectTooltipShow", true);
Deleted : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT1060933.RadioIsPodcast", false);
Deleted : user_pref("CT1060933.RadioLastCheckTime", "Tue Jul 10 2012 01:12:16 GMT+0200");
Deleted : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Deleted : user_pref("CT1060933.RadioMediaID", "21504193");
Deleted : user_pref("CT1060933.RadioMediaType", "Media Player");
Deleted : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT1060933_RECENT21504193");
Deleted : user_pref("CT1060933.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT1060933.RadioStationName", "Blues%20HiFi");
Deleted : user_pref("CT1060933.RadioStationURL", "hxxp://www.radioindy.com/jamroom/play.php?mode=radio&id=463"[...]
Deleted : user_pref("CT1060933.SearchBoxWidth", 175);
Deleted : user_pref("CT1060933.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Deleted : user_pref("CT1060933.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Tue Jul 10 2012 01:11:45 GMT+0200");
Deleted : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT1060933.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT1060933.SearchProtectorEnabled", false);
Deleted : user_pref("CT1060933.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT1060933.ServiceMapLastCheckTime", "Tue Jul 10 2012 01:11:46 GMT+0200");
Deleted : user_pref("CT1060933.SettingsLastCheckTime", "Wed Jul 11 2012 00:15:04 GMT+0200");
Deleted : user_pref("CT1060933.SettingsLastUpdate", "1341409951");
Deleted : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Wed Jul 04 2012 01:52:09 GMT+0200");
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT1060933.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Deleted : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT1060933.UserID", "UN06768100567291402");
Deleted : user_pref("CT1060933.ValidationData_Search", 2);
Deleted : user_pref("CT1060933.ValidationData_Toolbar", 2);
Deleted : user_pref("CT1060933.alertChannelId", "15651");
Deleted : user_pref("CT1060933.approveUntrustedApps", false);
Deleted : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "247E70756B74757945473D3E3C3D3F3B224D4245327A342[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D6F6F6D71756D7471");
Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473757573777B737A77242F4B4947[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cji5c;m\"mbe", "247E61393F236B256F77767A2A212C6E414F444[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Deleted : user_pref("CT1060933.backendstorage./9b-0?3g>d", "6E6E3D6F3F4370407A727872772075784E4C254F217D4F2A56[...]
Deleted : user_pref("CT1060933.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT1060933.backendstorage./9b-0?3gfa7ef", "393F352F3E");
Deleted : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Deleted : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Deleted : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484778213F3E484F4E4D464[...]
Deleted : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "686A3C3E6E3E43717A6F7479757579784B4F4B7C7C");
Deleted : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6F6D71756D7474767578");
Deleted : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT1060933.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT1060933.backendstorage.autocompletepro_enable", "31");
Deleted : user_pref("CT1060933.backendstorage.autocompletepro_enable_auto", "30");
Deleted : user_pref("CT1060933.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT1060933.backendstorage.cbfirsttime", "5475652044656320313320323031312030313A31383A35382[...]
Deleted : user_pref("CT1060933.backendstorage.shoppingapp.gk.exipres", "53756E2044656320323520323031312031373A[...]
Deleted : user_pref("CT1060933.backendstorage.shoppingapp.gk.geolocation", "61757374726961");
Deleted : user_pref("CT1060933.backendstorage.url_history", "687474703A2F2F7777772E766F6C2E61742F67656F7267652[...]
Deleted : user_pref("CT1060933.backendstorage.url_history_time", "31333234343130313339393232");
Deleted : user_pref("CT1060933.components.129032145384800518", true);
Deleted : user_pref("CT1060933.components.129032148247613461", true);
Deleted : user_pref("CT1060933.components.129032152822456983", true);
Deleted : user_pref("CT1060933.components.129032154330894193", true);
Deleted : user_pref("CT1060933.components.129032155426050046", true);
Deleted : user_pref("CT1060933.components.129032157011675027", true);
Deleted : user_pref("CT1060933.components.129032162642925076", true);
Deleted : user_pref("CT1060933.components.129078058382649592", false);
Deleted : user_pref("CT1060933.components.129272674122038321", false);
Deleted : user_pref("CT1060933.components.129652058719725628", false);
Deleted : user_pref("CT1060933.components.129677514212584059", false);
Deleted : user_pref("CT1060933.components.129681785283868963", false);
Deleted : user_pref("CT1060933.components.129686665230467549", false);
Deleted : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Mon Jul 02 2012 17:38:10 GMT+0200");
Deleted : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT1060933.initDone", true);
Deleted : user_pref("CT1060933.isAppTrackingManagerOn", true);
Deleted : user_pref("CT1060933.isFirstRadioInstallation", false);
Deleted : user_pref("CT1060933.myStuffEnabled", true);
Deleted : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1060933.oldAppsList", "200,128346981843587669,128280995260143876,111,129272674122038321[...]
Deleted : user_pref("CT1060933.revertSettingsEnabled", true);
Deleted : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT1060933.testingCtid", "");
Deleted : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Tue Jul 10 2012 01:11:47 GMT+0200");
Deleted : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Tue Jul 10 2012 19:23:58 GMT+0200");
Deleted : user_pref("CT1060933.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/AT", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/AT", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1060933&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "freecorder");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Peter\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition. hxxp://storage.conduit.com/gadgets/LiveTV.html?[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize. hxxp://storage.conduit.com/gadgets/LiveTV.html?sour[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1060933");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "freecorder");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Mar 21 2011 19:29:14 GMT+01[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Aug 18 2011 13:34:45 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Aug 18 2011 10:25:44 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "353bf4d3-995a-4c38-977f-e294a69ce9fd");
Deleted : user_pref("CommunityToolbar.globalUserId", "62592e02-0add-4d09-aff7-04cb0c002aa2");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jul 08 2012 16:12:0[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Jul 10 2012 01:11:54 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Jul 10 2012 01:11:46 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "e812edda-3ce8-4ba3-9330-e6be0c15f554");
Deleted : user_pref("CommunityToolbar.undefined", "");

Profile name : default
File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7s9vj2oo.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [27676 octets] - [12/07/2012 20:35:27]
AdwCleaner[R1].txt - [27895 octets] - [12/07/2012 18:21:54]

########## EOF - \AdwCleaner[S1].txt - [27866 octets] ##########

Malwarebytes:
Code:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Pedro :: PETERS_ACER [limited]

Protection: Enabled

12.07.2012 20:45:11
mbam-log-2012-07-12 (20-45-11).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 339034
Time elapsed: 38 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


t'john 13.07.2012 11:33

Sehr gut!

Mache bitte noch einen Scan mit Superantispyware: http://www.trojaner-board.de/51871-a...tispyware.html

danach:

Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Pedro64 13.07.2012 18:42

Ich habe ja ganz am Anfang mit defogger irgendwelche Treiber deaktiviert. Muss ich diese wieder aktivieren, bevor ich mit OTL die Tools entferne?

t'john 13.07.2012 19:22

Die Reihenfolge spielt hier keine Rolle ;)

Pedro64 13.07.2012 22:23

ok, SUPERAntiSpyWare inst durch, folgendes Log:

SUPERAntiSpyware Scann-Protokoll
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generiert 07/13/2012 bei 09:34 PM

Version der Applikation : 5.5.1006

Version der Kern-Datenbank : 8895
Version der Spur-Datenbank : 6707

Scan Art : kompletter Scann
Totale Scann-Zeit : 01:42:49

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Limited User

Gescannte Speicherelemente : 633
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 70643
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 174087
Erfasste Datei-Elemente : 0

OTL mit clean-up ist ebenfals durch.

t'john 14.07.2012 09:46

Du bist sauber und entlassen! :)

Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html

Pedro64 14.07.2012 10:58

Hallo t'john

tausend Dank für deine Hilfe!

Pedro


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:13 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19