GVU Trojaner legt Geschäfts PC lahm
 

Hallo,
mein GeschäftsPC ist vom GVU Trojaner lahm gelegt worden. Ich kann nichts mehr machen, habe keinen Zugrif mehr auf den Desktop, es erscheint über den gesamten Bildschirm das angebliche Schreiben der GVU mit Zahlungsaufforderung!
Es handelt sich um einen Aldi PC mit Windows 7 Home Edition, 64 Bit.
Der Login Benutzer hat Administrationsrechte,ich benutze Firefox.
Welche Informationen benötigen Sie noch von mir.

Ich brauche bitte dringend Hilfe, da ich ein Reisebüro habe und nicht mehr arbeiten kann!

Herzlichen Dank!
Bernd

:hallo:

Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:


Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

• Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
• Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
• Lege eine leere CD in Deinen Brenner.
• ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
• Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
• Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

• Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
• Mache einen Doppelklick auf das OTLPE Icon.
• Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
• Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
• OTLpe sollte nun starten.
• Drücke Run Scan, um den Scan zu starten.
• Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
• Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
• Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

Hallo t'john,
danke für die spontane Hilfe, ich bin jetzt bei diesem Punkt:
"Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen"

er startet auch den REATOGO-X-PE, dann kommt das Windows Start Bild und danach habe ich einen Blue Screen mit: problem has been redictet and windows has been shut down.....

Was nun?

Nochmals Danke!
Bernd

Im BIOS bitte SATA von AHCI auf IDE umstellen.

Hat geklappt, hier das Ergebnis, wie geht es jetzt weiter?

OTL Logfile:
--- --- ---

Fixen mit OTLpe

• Starte den unbootbaren Computer erneut mit der OTLPE-CD,
• warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.

• Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
• Sollte das mangels Internet-Verbindung nicht möglich sein,
• kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
• Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
• Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:

• Schließe alle Programme.
• Klicke auf den Fix Button.
• Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
• Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
  Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
• Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

hallo t'john,

hier das Ergebnis.
Wenn ich den PC neu strate erhalte ich eine startup repair anfrage!
soll ich den PC restoren?


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Macromedia Licensing Service deleted successfully.
File C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HsspConfig deleted successfully.
File C:\Windows\SysWOW64\CfgSrvc.exe not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CfgSrvc deleted successfully.
File C:\Windows\SysWOW64\CfgSrvc.exe not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Bernd_Jung_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50}\ deleted successfully.
File C:\Program Files (x86)\BrowserCompanion\jsloader.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}\ deleted successfully.
File C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\LogitechQuickCamRibbon deleted successfully.
File C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe not found.
Registry key HKEY_USERS\Bernd_Jung_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe not found.
Registry key HKEY_USERS\LocalService_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
File C:\Users\Bernd Jung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk not found.
File C:\Users\Bernd Jung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\Bernd_Jung_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\base64\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}\ not found.
File {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\chrome\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}\ not found.
File {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\prox\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}\ not found.
File {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ not found.
File {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_USERS\Bernd_Jung_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Bernd Jung\AppData\Roaming\msconfig.dat deleted successfully.
File C:\Users\Bernd Jung\AppData\Roaming\msconfig.dat not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
File/Folder C:\Windows\SysWow64\*.tmp not found.
File C:\Windows\tasks\Final Media Player Update Checker.job not found.
File C:\Windows\tasks\FreeFileViewerUpdateChecker.job not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
Folder C:\Users\Bernd Jung\AppData\Roaming\BrowserCompanion\ not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bernd Jung
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Bernd Jung
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <[emptyjava]> in the current context!

OTLPE by OldTimer - Version 3.1.48.0 log created on 07272012_164454

Files\Folders moved on Reboot...
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
File\Folder C:\Users\Bernd Jung\AppData\Local\Temp\2011-09-15-1182985418_04-RG.PDF not found!
File\Folder C:\Users\Bernd Jung\AppData\Local\Temp\2011-10-14-1193277784_04-RG.PDF not found!

Registry entries deleted on Reboot...

Nein, nicht restoren!

Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Search.
• Nach Ende des Suchlaufs öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

habe vollscan noch nicht gestartet. OTLPD-CD ist nicht im Laufwerk, er bringt system recovery options und will wohl ein kompletten neuanfang machen, will nun erst mal meine daten sichern, oder gibt es andere Möglichkeit?

Was genau steht auf dem Bildschirm?
Kannst du Windows normal starten?

beim start kommt unten "del to enter oder f8"
wenn ich nichts drücke kommt
mit starthilfe starten oder windos normal starten
wenn ich nichts mache kommt nach 30 sec
system recovery options wie oben erwähnt

Bitte windows normal starten!

windows konnte nicht gestartet werden, dann wieder das selbe spiel
mit starthilfe und normal starten

Dann Starthilfe.

cannot repair
statement online:
//go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409


habe jetzt folgende optionen:
startup repair
system restore
system image recovery
windows memory diagnostik
command prompt

Von wann ist das letzte Image Recovery?

bin grad etwas hilflos, etwas in der art habe ich noch nicht gemacht!

Klicke auf den Punkt und sag das aelteste Datum.

24.06.2012

OK, hattest du im BIOS eigentich wieder auf AHCI umgestellt?

nein, hab ich nicht

Bitte umstellen und normal booten.

Hallo!

Nach dem Umstellen hat er normal gebootet. Es ist nochmal die 'Rettungs-Applikation' erschienen und dann war der PC wieder da.
Ich lasse gerade einen Komplett-Scan laufen und hoffe, dass dann alles wieder gut ist.

Ganz herzlichen Dank für die schnelle und kompetente Hilfe.

Herzliche Grüße
Bernd

Wir haben noch nichtmal mit der Bereinigung angefangen.
(das wird keine Probleme mehr machen)

Bitte an dieser Stele weitermachen:
http://www.trojaner-board.de/120474-...tml#post875548

Hier das Ergebnis des Vollscans:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.31.08

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Bernd Jung :: BERNDJUNG-PC [Administrator]

31.07.2012 13:50:51
mbam-log-2012-07-31 (16-59-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 725039
Laufzeit: 2 Stunde(n), 13 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 9
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Dateien: 14
C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Bernd Jung\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\07272012_152716\C_Users\Bernd Jung\AppData\Roaming\msconfig.dat (Spyware.Zbot) -> Keine Aktion durchgeführt.
D:\download & installation\freefileviewer_730.exe (PUP.BundleOffers.IIQ) -> Keine Aktion durchgeführt.
D:\download & installation\nero-kwik-burn.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
D:\zum Brennen freigegeben\DVD.1\Backup vom alten BERND\C_Programme\Traffics\TravelFoxx\Splash.exe (Spyware.Banker) -> Keine Aktion durchgeführt.
C:\Windows\hosts (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.

(Ende)

Funde loeschen!

Wo ist das adwCleaner Log?

hier :-)

# AdwCleaner v1.703 - Logfile created 07/31/2012 at 23:10:32
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Bernd Jung - BERNDJUNG-PC
# Running from : C:\Users\Bernd Jung\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Bernd Jung\AppData\Local\AVG Secure Search
Folder Found : C:\Users\BERNDJ~1\AppData\Local\Temp\avg@toolbar
Folder Found : C:\Users\Bernd Jung\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Bernd Jung\AppData\LocalLow\bbrs_002.tb
Folder Found : D:\mozilla\browser\Conduit
Folder Found : D:\mozilla\browser\SweetIMToolbarData
Folder Found : D:\mozilla\browser\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : D:\mozilla\browser\searchplugins\Conduit.xml
File Found : D:\mozilla\browser\searchplugins\SweetIm.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\BrowserCompanion
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Found : HKLM\SOFTWARE\Default Tab
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
[x64] Key Found : HKCU\Software\Ask.com
[x64] Key Found : HKCU\Software\AVG Secure Search
[x64] Key Found : HKCU\Software\Default Tab
[x64] Key Found : HKCU\Software\IGearSettings
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
[x64] Key Found : HKLM\SOFTWARE\Classes\S
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[x64] Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
[x64] Key Found : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[x64] Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
[x64] Key Found : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : Berndi [Profil par défaut]
File : D:\mozilla\browser\prefs.js

Found : user_pref("CT1060933..clientLogIsEnabled", false);
Found : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT1060933.AppTrackingLastCheckTime", "Tue May 24 2011 15:26:46 GMT+0200");
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Found : user_pref("CT1060933.CTID", "CT1060933");
Found : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Tue Jul 31 2012 18:12:28 GMT+0200");
Found : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Found : user_pref("CT1060933.CommunityChanged", true);
Found : user_pref("CT1060933.CurrentServerDate", "31-7-2012");
Found : user_pref("CT1060933.DialogsAlignMode", "LTR");
Found : user_pref("CT1060933.DialogsGetterLastCheckTime", "Mon Jul 30 2012 20:45:50 GMT+0200");
Found : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
Found : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Mon Jul 30 2012 20:45:49 GMT+0200");
Found : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983");
Found : user_pref("CT1060933.DownloadReferralCookieData", "");
Found : user_pref("CT1060933.FirstServerDate", "1-12-2010");
Found : user_pref("CT1060933.FirstTime", true);
Found : user_pref("CT1060933.FirstTimeFF3", true);
Found : user_pref("CT1060933.FixPageNotFoundErrors", true);
Found : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Found : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT1060933.HasUserGlobalKeys", true);
Found : user_pref("CT1060933.Initialize", true);
Found : user_pref("CT1060933.InitializeCommonPrefs", true);
Found : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT1060933.InstalledDate", "Wed Dec 01 2010 20:42:02 GMT+0100");
Found : user_pref("CT1060933.InvalidateCache", false);
Found : user_pref("CT1060933.IsGrouping", false);
Found : user_pref("CT1060933.IsMulticommunity", true);
Found : user_pref("CT1060933.IsOpenThankYouPage", true);
Found : user_pref("CT1060933.IsOpenUninstallPage", true);
Found : user_pref("CT1060933.LanguagePackLastCheckTime", "Mon Jul 30 2012 20:45:50 GMT+0200");
Found : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT1060933.LastLogin_3.12.2.3", "Wed May 30 2012 18:04:18 GMT+0200");
Found : user_pref("CT1060933.LastLogin_3.13.0.6", "Mon Jul 16 2012 14:04:09 GMT+0200");
Found : user_pref("CT1060933.LastLogin_3.14.1.0", "Tue Jul 31 2012 18:12:29 GMT+0200");
Found : user_pref("CT1060933.LastLogin_3.2.1.3", "Sun May 01 2011 16:28:46 GMT+0200");
Found : user_pref("CT1060933.LastLogin_3.3.2.1", "Thu Mar 24 2011 14:09:08 GMT+0100");
Found : user_pref("CT1060933.LastLogin_3.3.3.2", "Thu May 26 2011 10:11:43 GMT+0200");
Found : user_pref("CT1060933.LatestVersion", "3.14.1.0");
Found : user_pref("CT1060933.Locale", "en-us");
Found : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Found : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Found : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT1060933.RadioIsPodcast", false);
Found : user_pref("CT1060933.RadioLastCheckTime", "Wed Mar 30 2011 18:15:13 GMT+0200");
Found : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Found : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Found : user_pref("CT1060933.RadioMediaID", "21504191");
Found : user_pref("CT1060933.RadioMediaType", "Media Player");
Found : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
Found : user_pref("CT1060933.RadioStationName", "KFOG");
Found : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
Found : user_pref("CT1060933.SavedHomepage", "hxxp://www.reise-kiste.de/index.html|hxxp://www.kooperation24.[...]
Found : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Found : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Found : user_pref("CT1060933.SearchInNewTabEnabled", true);
Found : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Mon Jul 30 2012 20:45:49 GMT+0200");
Found : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT1060933.ServiceMapLastCheckTime", "Mon Jul 30 2012 20:45:50 GMT+0200");
Found : user_pref("CT1060933.SettingsLastCheckTime", "Tue Jul 31 2012 18:12:28 GMT+0200");
Found : user_pref("CT1060933.SettingsLastUpdate", "1343322401");
Found : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Fri May 06 2011 03:25:59 GMT+0200");
Found : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT1060933.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Found : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT1060933.UserID", "UN17906963953206467");
Found : user_pref("CT1060933.ValidationData_Search", 2);
Found : user_pref("CT1060933.ValidationData_Toolbar", 2);
Found : user_pref("CT1060933.alertChannelId", "15651");
Found : user_pref("CT1060933.components.1000082", false);
Found : user_pref("CT1060933.components.129032145384800518", false);
Found : user_pref("CT1060933.components.129032148247613461", false);
Found : user_pref("CT1060933.components.129032152822456983", false);
Found : user_pref("CT1060933.components.129032154330894193", false);
Found : user_pref("CT1060933.components.129032155426050046", false);
Found : user_pref("CT1060933.components.129032157011675027", false);
Found : user_pref("CT1060933.components.129032162642925076", false);
Found : user_pref("CT1060933.components.129078058382649592", false);
Found : user_pref("CT1060933.components.129272674122038321", false);
Found : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Thu May 26 2011 14:11:43 GMT+0200");
Found : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Found : user_pref("CT1060933.initDone", true);
Found : user_pref("CT1060933.isAppTrackingManagerOn", true);
Found : user_pref("CT1060933.myStuffEnabled", true);
Found : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Found : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT1060933.oldAppsList", "200,128346981843587669,128280995260143876,129272674122038321,129[...]
Found : user_pref("CT1060933.revertSettingsEnabled", true);
Found : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Found : user_pref("CT1060933.testingCtid", "");
Found : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Mon Jul 30 2012 20:45:50 GMT+0200");
Found : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Sat Jan 15 2011 11:57:44 GMT+0100");
Found : user_pref("CT1060933.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/DE", "\"0\"");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63439407619947[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/?ctid=CT1060933&octid=CT[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Found : user_pref("CommunityToolbar.EngineOwner", "");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "freecorder");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1060933");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "freecorder");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Jun 04 2011 11:49:43 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jun 27 2011 09:49:23 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jun 27 2011 09:49:15 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "f1e8eaea-85c5-4814-9e9a-7cc434e86448");
Found : user_pref("CommunityToolbar.globalUserId", "1ff34d85-b703-46bb-b37e-2e3188a882b5");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1060933");
Found : user_pref("CommunityToolbar.killedEngine", true);
Found : user_pref("CommunityToolbar.undefined", "");
Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.1.0.21");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.defaultthis.engineName", "Freecorder Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Found : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Found : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7B7ec11b21-a31f-4242-aaaf-25aed05668d3[...]
Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.mode.debug", "false");
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "chrome://browser-region/loca[...]
Found : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]
Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Freecorder Customized Web Searc[...]
Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://de.start3.mozilla.com/firefox[...]
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://browser-region/locale/region.properties"[...]
Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Found : user_pref("sweetim.toolbar.search.history.capacity", "10");
Found : user_pref("sweetim.toolbar.searchguard.enable", "true");
Found : user_pref("sweetim.toolbar.simapp_id", "{095CBB7C-55F8-11E0-8474-0013D3BC49FA}");
Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
Found : user_pref("sweetim.toolbar.version", "1.2.0.2");
Found : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");

*************************

AdwCleaner[R1].txt - [29799 octets] - [31/07/2012 23:10:32]

########## EOF - C:\AdwCleaner[R1].txt - [29928 octets] ##########

Sehr gut! :daumenhoc

• Schließe alle offenen Programme und Browser.
• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Delete.
• Bestätige jeweils mit Ok.
• Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

hier der Inhalt:

# AdwCleaner v1.703 - Logfile created 07/31/2012 at 23:35:28
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Bernd Jung - BERNDJUNG-PC
# Running from : C:\Users\Bernd Jung\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Bernd Jung\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\BERNDJ~1\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Bernd Jung\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Bernd Jung\AppData\LocalLow\bbrs_002.tb
Folder Deleted : D:\mozilla\browser\Conduit
Folder Deleted : D:\mozilla\browser\SweetIMToolbarData
Folder Deleted : D:\mozilla\browser\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : D:\mozilla\browser\searchplugins\Conduit.xml
File Deleted : D:\mozilla\browser\searchplugins\SweetIm.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Key Deleted : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Key Deleted : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Key Deleted : HKLM\SOFTWARE\Default Tab
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : Berndi [Profil par défaut]
File : D:\mozilla\browser\prefs.js

D:\mozilla\browser\user.js ... Deleted !

Deleted : user_pref("CT1060933..clientLogIsEnabled", false);
Deleted : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1060933.AppTrackingLastCheckTime", "Tue May 24 2011 15:26:46 GMT+0200");
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Deleted : user_pref("CT1060933.CTID", "CT1060933");
Deleted : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Tue Jul 31 2012 18:12:28 GMT+0200");
Deleted : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Deleted : user_pref("CT1060933.CommunityChanged", true);
Deleted : user_pref("CT1060933.CurrentServerDate", "31-7-2012");
Deleted : user_pref("CT1060933.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1060933.DialogsGetterLastCheckTime", "Mon Jul 30 2012 20:45:50 GMT+0200");
Deleted : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
Deleted : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Mon Jul 30 2012 20:45:49 GMT+0200");
Deleted : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983");
Deleted : user_pref("CT1060933.DownloadReferralCookieData", "");
Deleted : user_pref("CT1060933.FirstServerDate", "1-12-2010");
Deleted : user_pref("CT1060933.FirstTime", true);
Deleted : user_pref("CT1060933.FirstTimeFF3", true);
Deleted : user_pref("CT1060933.FixPageNotFoundErrors", true);
Deleted : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1060933.HasUserGlobalKeys", true);
Deleted : user_pref("CT1060933.Initialize", true);
Deleted : user_pref("CT1060933.InitializeCommonPrefs", true);
Deleted : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT1060933.InstalledDate", "Wed Dec 01 2010 20:42:02 GMT+0100");
Deleted : user_pref("CT1060933.InvalidateCache", false);
Deleted : user_pref("CT1060933.IsGrouping", false);
Deleted : user_pref("CT1060933.IsMulticommunity", true);
Deleted : user_pref("CT1060933.IsOpenThankYouPage", true);
Deleted : user_pref("CT1060933.IsOpenUninstallPage", true);
Deleted : user_pref("CT1060933.LanguagePackLastCheckTime", "Mon Jul 30 2012 20:45:50 GMT+0200");
Deleted : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1060933.LastLogin_3.12.2.3", "Wed May 30 2012 18:04:18 GMT+0200");
Deleted : user_pref("CT1060933.LastLogin_3.13.0.6", "Mon Jul 16 2012 14:04:09 GMT+0200");
Deleted : user_pref("CT1060933.LastLogin_3.14.1.0", "Tue Jul 31 2012 18:12:29 GMT+0200");
Deleted : user_pref("CT1060933.LastLogin_3.2.1.3", "Sun May 01 2011 16:28:46 GMT+0200");
Deleted : user_pref("CT1060933.LastLogin_3.3.2.1", "Thu Mar 24 2011 14:09:08 GMT+0100");
Deleted : user_pref("CT1060933.LastLogin_3.3.3.2", "Thu May 26 2011 10:11:43 GMT+0200");
Deleted : user_pref("CT1060933.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT1060933.Locale", "en-us");
Deleted : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT1060933.RadioIsPodcast", false);
Deleted : user_pref("CT1060933.RadioLastCheckTime", "Wed Mar 30 2011 18:15:13 GMT+0200");
Deleted : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Deleted : user_pref("CT1060933.RadioMediaID", "21504191");
Deleted : user_pref("CT1060933.RadioMediaType", "Media Player");
Deleted : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
Deleted : user_pref("CT1060933.RadioStationName", "KFOG");
Deleted : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
Deleted : user_pref("CT1060933.SavedHomepage", "hxxp://www.reise-kiste.de/index.html|hxxp://www.kooperation24.[...]
Deleted : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Deleted : user_pref("CT1060933.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Mon Jul 30 2012 20:45:49 GMT+0200");
Deleted : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT1060933.ServiceMapLastCheckTime", "Mon Jul 30 2012 20:45:50 GMT+0200");
Deleted : user_pref("CT1060933.SettingsLastCheckTime", "Tue Jul 31 2012 18:12:28 GMT+0200");
Deleted : user_pref("CT1060933.SettingsLastUpdate", "1343322401");
Deleted : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Fri May 06 2011 03:25:59 GMT+0200");
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT1060933.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Deleted : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT1060933.UserID", "UN17906963953206467");
Deleted : user_pref("CT1060933.ValidationData_Search", 2);
Deleted : user_pref("CT1060933.ValidationData_Toolbar", 2);
Deleted : user_pref("CT1060933.alertChannelId", "15651");
Deleted : user_pref("CT1060933.components.1000082", false);
Deleted : user_pref("CT1060933.components.129032145384800518", false);
Deleted : user_pref("CT1060933.components.129032148247613461", false);
Deleted : user_pref("CT1060933.components.129032152822456983", false);
Deleted : user_pref("CT1060933.components.129032154330894193", false);
Deleted : user_pref("CT1060933.components.129032155426050046", false);
Deleted : user_pref("CT1060933.components.129032157011675027", false);
Deleted : user_pref("CT1060933.components.129032162642925076", false);
Deleted : user_pref("CT1060933.components.129078058382649592", false);
Deleted : user_pref("CT1060933.components.129272674122038321", false);
Deleted : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Thu May 26 2011 14:11:43 GMT+0200");
Deleted : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT1060933.initDone", true);
Deleted : user_pref("CT1060933.isAppTrackingManagerOn", true);
Deleted : user_pref("CT1060933.myStuffEnabled", true);
Deleted : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1060933.oldAppsList", "200,128346981843587669,128280995260143876,129272674122038321,129[...]
Deleted : user_pref("CT1060933.revertSettingsEnabled", true);
Deleted : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT1060933.testingCtid", "");
Deleted : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Mon Jul 30 2012 20:45:50 GMT+0200");
Deleted : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Sat Jan 15 2011 11:57:44 GMT+0100");
Deleted : user_pref("CT1060933.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/DE", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63439407619947[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/?ctid=CT1060933&octid=CT[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "freecorder");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1060933");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "freecorder");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Jun 04 2011 11:49:43 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jun 27 2011 09:49:23 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jun 27 2011 09:49:15 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "f1e8eaea-85c5-4814-9e9a-7cc434e86448");
Deleted : user_pref("CommunityToolbar.globalUserId", "1ff34d85-b703-46bb-b37e-2e3188a882b5");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1060933");
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.undefined", "");
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.1.0.21");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "Freecorder Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7B7ec11b21-a31f-4242-aaaf-25aed05668d3[...]
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "chrome://browser-region/loca[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Freecorder Customized Web Searc[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://de.start3.mozilla.com/firefox[...]
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://browser-region/locale/region.properties"[...]
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "true");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{095CBB7C-55F8-11E0-8474-0013D3BC49FA}");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
Deleted : user_pref("sweetim.toolbar.version", "1.2.0.2");
Deleted : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");

*************************

AdwCleaner[R1].txt - [29808 octets] - [31/07/2012 23:10:32]
AdwCleaner[S1].txt - [26451 octets] - [31/07/2012 23:35:28]

########## EOF - C:\AdwCleaner[S1].txt - [26580 octets] ##########

Sehr gut! :daumenhoc


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

• Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
• Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
• Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

• Lade und starte Eset Smartinstaller
• Haken setzen bei YES, I accept the Terms of Use.
• Klick auf Start.
• Haken setzen bei Remove found threads und Scan archives.
• Klick auf Start.
• Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Finish drücken.
• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

ich kann Emisoft nicht installieren, weil das SP1 von Windows 7 nicht installiert ist, die Installation des SP1 klappt aber nicht!?

er sagt beim Installationsversuch:
Fehler:
Code 80073701 Unbekannter Fehler bei Windows Update

Lass den UpdateHelper mal laufen: http://download.mshelper.de/microsof...check_v78f.exe

Hallo!

Gesagt getan. Anbei die AULOGS.

Gruß,
Bernd

OK, versuche den Update Pack WinFuture Windows 7 Update Pack 64-Bit 1.26 (Voll) Download - WinFuture.de

Das Update lief durch, aber auch danach war der SP1 offensichtlich nicht installiert - zumindest moniert Emisoft das immer noch. AUch im System Bildschirm steht nach wie vor nur Windows 7 Home Premium
ohne den Zusatz SP 1

Ok versuche folgendes: http://www.trojaner-board.de/72874-s...eparieren.html

Der nachfolgende Versuch, dann über Windows Updates das SP1 zu installieren ist aber leider immer noch mit dem gleichen Fehler fehlgeschlagen :(

Der ganze CBS Ordner ist leider zu groß als Attachment.

Gruß,
Bernd

Du wirst entweder neuaufsetzen oder ein sog. Inplace-Upgrade machen muessen.

Was ist dir lieber?

was ist denn für mich einfacher und schneller?
für ein inplace update bräuchte ich eine detaillierte anleitung, weil an sich noch ein paar scans ausstehen, oder soll ich nur der microsoft anleitung für inplace update folgen?

Sicherer: Neuaufsetzen

Schneller: Inplace Upgrade

Ja, folge der Microsoft Anleitung.

Hallo!

Inplace Update war erfolgreich,nun ist auch das SP1 installiert. Danach habe ich die Emisoft Malware installiert und ausgefuehrt. Hier ist das Log:
Weiteres Vorgehen?

Gruss,
Bernd

Ausgezeichnet!

welche Anleitung hast du befolgt?


Sehr gut! :daumenhoc


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

• Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
• Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
• Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

• Lade und starte Eset Smartinstaller
• Haken setzen bei YES, I accept the Terms of Use.
• Klick auf Start.
• Haken setzen bei Remove found threads und Scan archives.
• Klick auf Start.
• Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Finish drücken.
• Browser schließen.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Guten Morgen!

Hier das Ergebnis des ESET:

Gruss,
Bernd

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

• Downloade dir bitte die neueste Java-Version von hier
• Speichere die jxpiinstall.exe
• Schließe alle laufenden Programme. Speziell deinen Browser.
• Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
• Wenn die Installation beendet wurde
  Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
• Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

• Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
• Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
• Klicke auf Dateien löschen....
• Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
• Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Hallo!
Habe alles erledigt!
Was ist der nächste Schritt?

Danke!!
Bernd

Welche Anleitung hast du fuer das Inplace Upgrade befolgt?


Zur Kontrolle:

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

Hallo!

Ich bin die technische Unterstuetzung von Bernd ;)

Ich habe das Inplace-Upgrade gemaess MS-KB 2255099 gemacht.

Der letzte Scan hat nichts mehr zu Tage gebracht.

Nun habe ich aber noch eine andere Anomalie, die euch vom Trojaner-Board evtl. interessieren koennte.
Der befallene PC hatte das Sync des Firefox aktiviert. Damit Bernd weiter arbeiten konnte, hat er einen Laptop benutzt, auf dem wir (wider besseren Wissens) das Sync ebenfalls aktiviert haben, um die Bookmarks, Addons etc. von seinem FF auch auf dem Laptop zu haben.
Und siehe da... der GVU hat sich auch auf dem Laptop gezeigt. Kann es sein, dass der GVU sich ueber eine Einstellung, die sich auch im FF-Profile festsetzt, verbreitet? Kein Scan hat allerdings jemals eine Auffaelligkeit im FF-Profil gezeigt.

Ich habe das Profil (auf dem ehemals befallenen PC) nun deaktiviert und ein Neues angelegt. Damit ist hoffentlich alles erledigt.
Falls dieses Profil irgend wie von Interesse ist, oder ich sonst irgendwie zur Auflkaerung beitragen kann, bitte kurz Bescheid geben. Evtl. macht es dann Sinn, einen neuen Thread aufzumachen, mit einem eigenen Profil von mir, damit ich die Benacjrichtigungen bekomme.

Den Laptop werde ich per Hersteller-Restore neu aufsetzen, da da noch keine relevanten Daten drauf waren.

Cheers,
Udo mit den besten Gruessen und 1000 Dank von Bernd

Alles klar ;)

Gut!

Nein, dieser Trojaner kommt ueber einen Java-Exploit.

Was aber sein kann ist, dass in den Bookmarks eine Seite ist, die den Trojaner verbreitet und diese Seite am neuen Rechner geoeffnet wurde.


Das macht Sinn.

;)

Welche Version ist denn betroffen? Auf dem Rechner laeuft Software, die eine bestimmte Version von Java benoetigt (und eben leider nicht mit der aktuellsten laeuft).

Diese aeltere Java-Version wird demnaechst wieder vom Support-Team des Software-Anbieters (TouristikBranche) installiert. Falls das tatsaechlich das Scheunentor ist, gibt es eine Moeglichkeit, diese aeltere Java-Version nur fuer bestimmte Seiten frei zu schalten und ansonsten zu deaktivieren?

Gruss,
Udo

Betroffen sind alle alten Versionen.

Man kann versuchen das Browser-PlugIn zu deaktivieren, aber die Luecke ist trotzdem da.
Man darf mit so einem Rechner einfach nicht im Internet surfen.