Infizierte Datei lässt sich nicht dauerhaft entfernen
 

Hallo Trojaner-Board-Team, hallo Forum-Mitglieder,
ich habe gestern diese Seite entdeckt und bin sehr froh, dass es euch gibt.
Ich hoffe, ihr könnt mir bei meinem Problem helfen.
Ich habe wie beschrieben die Malsoftware runtergeladen und denke, hab auch alles soweit richtig gemacht. Das Programm fand 2 Trojaner, die ich auch erfolgreich in die Quarantäne verschieben konnte und nachträglich löschen konnte.

Jetzt findet er aber leider immer und immer wieder diesen "Rootkit" der sich nicht dauerhaft entfernen lässt.

Kopie aus Meldung:

Infizierte Dateien: 1
C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Er schreibt zwar, er schiebt die Datei in die Quarantäne, aber beim nochmaligen durchsuchen taucht das Teil immer wieder auf. Hab es jetzt schon ein paarmal versucht, und komme nicht weiter. In meiner Quarantäne steht jetzt 3 x der selbe Link, aber vom System löschen lässt er sich nicht.
Was kann ich noch tun?

Ich hoffe, ihr könnt mir weiterhelfen. :dankeschoen:

Grüße Schwabenbär

:hallo:

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

• Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Wähle Scanne Alle Benuzer
• Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
• Unter Extra Registrierung, wähle bitte Benutze SafeList
• Klicke nun auf Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.

Vielen Dank für die schnelle Antwort.

Hier kommen die 2 Text-Editoren aus dem OTL-Programm.


Aus OTL.Txt-Editor:OTL Logfile:
--- --- ---



Aus Extras.Txt - EditorOTL Logfile:
--- --- ---



Gruß, schönes Wochenende und :dankeschoen:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

• Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
• Starte die OTL.exe.
  Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
• Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

• Schließe alle Programme.
• Klicke auf den Fix Button.
• Wenn OTL einen Neustart verlangt, bitte zulassen.
• Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
  Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

All processes killed
========== OTL ==========
Service Akamai stopped successfully!
Service Akamai deleted successfully!
c:\program files\common files\akamai/netsession_win_4f7fccd.dll moved successfully.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys File not found not found.
Service DgiVecp stopped successfully!
Service DgiVecp deleted successfully!
File C:\Windows\system32\Drivers\DgiVecp.sys File not found not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a51a36e6-31e7-4838-9ff7-76298b527ec0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a51a36e6-31e7-4838-9ff7-76298b527ec0}\ deleted successfully.
C:\Programme\softonic-Germany\tbsoft.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a51a36e6-31e7-4838-9ff7-76298b527ec0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a51a36e6-31e7-4838-9ff7-76298b527ec0}\ not found.
File C:\Programme\softonic-Germany\tbsoft.dll not found.
Registry value HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found.
Registry key HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\SearchScopes\{432F3996-53CF-4698-A38E-FC4BDBC1E7FA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{432F3996-53CF-4698-A38E-FC4BDBC1E7FA}\ not found.
Registry key HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "softonic-Germany Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&type=971163" removed from browser.search.param.yahoo-fr
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.t-online.de/" removed from browser.startup.homepage
Prefs.js: ffxtlbr@babylon.com:1.1.3 removed from extensions.enabledItems
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL
Prefs.js: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=16508" removed from sweetim.toolbar.previous.browser.search.defaulturl
Prefs.js: "Google" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from sweetim.toolbar.previous.keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a51a36e6-31e7-4838-9ff7-76298b527ec0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a51a36e6-31e7-4838-9ff7-76298b527ec0}\ not found.
File C:\Programme\softonic-Germany\tbsoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a51a36e6-31e7-4838-9ff7-76298b527ec0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a51a36e6-31e7-4838-9ff7-76298b527ec0}\ not found.
File Germany\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A51A36E6-31E7-4838-9FF7-76298B527EC0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A51A36E6-31E7-4838-9FF7-76298B527EC0}\ not found.
File Germany\tbsoft.dll not found.
Registry value HKEY_USERS\S-1-5-21-1339509497-3006987741-1441456527-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An vorhandene PDF-Datei anfügen\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\In Adobe PDF konvertieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Linkziel an vorhandene PDF-Datei anhängen\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Linkziel in Adobe PDF konvertieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\ProgramData\Ask\APN-Stub folder moved successfully.
C:\ProgramData\Ask folder moved successfully.
C:\Windows\System32\ConduitEngine.tmp deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\800000cb.@ moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cc803221d2a1d0.job moved successfully.
C:\Windows\System32\deployJava1.dll moved successfully.
C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\80000000.@ moved successfully.
C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\00000001.@ moved successfully.
C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\@ moved successfully.
C:\Users\Michi\AppData\Local\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\@ moved successfully.
C:\Users\Branko\AppData\Roaming\Babylon\updates folder moved successfully.
C:\Users\Branko\AppData\Roaming\Babylon\Content\icons folder moved successfully.
C:\Users\Branko\AppData\Roaming\Babylon\Content folder moved successfully.
C:\Users\Branko\AppData\Roaming\Babylon folder moved successfully.
========== FILES ==========
C:\Users\Michi\AppData\Local\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U folder moved successfully.
C:\Users\Michi\AppData\Local\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\L folder moved successfully.
C:\Users\Michi\AppData\Local\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e} folder moved successfully.
C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U folder moved successfully.
C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\L folder moved successfully.
Folder move failed. C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e} scheduled to be moved on reboot.
C:\Users\Michi\AppData\Local\{2774214D-4BE7-4C0B-B883-F339F1ECB13D} moved successfully.
C:\Users\Michi\AppData\Local\{5DF38481-694B-4BAB-A8D7-ABA0DC3B81E1} moved successfully.
C:\Users\Michi\AppData\Local\{89F3762B-1A8A-40EB-8877-1688B6F0E874} moved successfully.
C:\Users\Michi\AppData\Local\{BDFDC85B-C810-4821-9801-6797779B0842} moved successfully.
C:\Users\Michi\AppData\Local\{F0482072-47F8-4AC7-92C3-9C6782993162} moved successfully.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Michi\AppData\Local\Temp\*.exe not found.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6d0ad391-5ab8f17c-n folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Michi\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Michi\Downloads\cmd.bat deleted successfully.
C:\Users\Michi\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Branko
->Temp folder emptied: 49025536 bytes
->Temporary Internet Files folder emptied: 15272543 bytes
->Java cache emptied: 1635126 bytes
->FireFox cache emptied: 53680519 bytes
->Apple Safari cache emptied: 23835648 bytes
->Flash cache emptied: 506 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

User: Michi
->Temp folder emptied: 213789 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 51326831 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 528 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14295 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 186,00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08262012_134115

Files\Folders moved on Reboot...
C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U folder moved successfully.
C:\Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e} folder moved successfully.
File\Folder C:\Users\Branko\AppData\Local\Temp\2011-10-28-1198426082_04-RG.PDF not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

So hallo, ich habe alles so ausgeführt wie beschrieben und jetzt scheint mein Rechner wieder sauber zu sein.
Das Malware-Programm findet nichts mehr. Jetzt werde ich mal wieder meinen Antivire draufladen und hoffe, er meckert auch nicht mehr!

Das ist wie beschrieben die infizierte Datei:
Die Datei wurde geöffnet und ich konnte es löschen. Hier nochmal der Link.


Infizierte Dateien: 1

C:\_OTL\MovedFiles\08262012_134115\C_Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

So, vielen vielen Dank für eure Hilfe, das hätte ich alleine niemals hinbekommen. :daumenhoc:daumenhoc

Ich werde euch gerne weiterempfehlen.

Herzliche Grüsse, und einen schönen Sonntag noch...

Schwabenbär

Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Search.
• Nach Ende des Suchlaufs öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Hallo t'john,
tja, zu früh gefreut...
Das Malware-Programm sagt ok, nichts gefunden nach dem Komplettdurchlauf, aber mein AntiVira meckert und meldet er hätte ein "W32/Patched.UB" gefunden. Zugriff verweigert, lässt sich nicht löschen. Toll...
Hier nochmal das log:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.29.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Michi :: BRANKO-PC [Administrator]

Schutz: Aktiviert

29.08.2012 18:01:11
mbam-log-2012-08-29 (18-01-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 381589
Laufzeit: 3 Stunde(n), 1 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Der Text des AdwCleaner-Programm bringt diese Meldung nach dem Search:

# AdwCleaner v1.801 - Logfile created 08/29/2012 at 21:06:29
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Michi - BRANKO-PC
# Boot Mode : Normal
# Running from : C:\Users\Michi\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Branko\AppData\Local\Babylon
Folder Found : C:\Users\Michi\AppData\Local\Conduit
Folder Found : C:\Users\Branko\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Branko\AppData\LocalLow\Conduit
Folder Found : C:\Users\Branko\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Branko\AppData\LocalLow\DVDVideoSoftTB
Folder Found : C:\Users\Branko\AppData\LocalLow\pdfforge
Folder Found : C:\Users\Branko\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Branko\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Branko\AppData\LocalLow\softonic-Germany
Folder Found : C:\Users\Branko\AppData\LocalLow\SweetIM
Folder Found : C:\Users\Michi\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Michi\AppData\LocalLow\Conduit
Folder Found : C:\Users\Michi\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Michi\AppData\LocalLow\DVDVideoSoftTB
Folder Found : C:\Users\Michi\AppData\LocalLow\pdfforge
Folder Found : C:\Users\Michi\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Michi\AppData\LocalLow\softonic-Germany
Folder Found : C:\Users\Michi\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\Conduit
Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\ConduitCommon
Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\ConduitEngine
Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2269050
Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2269050
Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2431245
Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2449729
Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2625848
Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2857572
Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\Smartbar
Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\SweetIMToolbarData
Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\SweetPacksToolbarData
Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{38542454-dfb6-44f5-b052-d4e071a3d073}
Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{a51a36e6-31e7-4838-9ff7-76298b527ec0}
Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\engine@conduit.com
Folder Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\ffxtlbr@babylon.com
Folder Found : C:\Program Files\Babylon
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\ConduitEngine
Folder Found : C:\Program Files\DVDVideoSoftTB
Folder Found : C:\Program Files\pdfforge Toolbar
Folder Found : C:\Program Files\softonic-Germany
File Found : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Found : C:\Program Files\Mozilla Firefox\Extensions\search@searchsettings.com
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2449729[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\a6eb8fe4c9986914497e92c7f5a702e3
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\a6eb8fe4c9986914497e92c7f5a702e3
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\DVDVideoSoftTB
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-Germany Toolbar
Key Found : HKLM\SOFTWARE\pdfforge
Key Found : HKLM\SOFTWARE\Search Settings
Key Found : HKLM\SOFTWARE\softonic-Germany
Key Found : HKLM\SOFTWARE\SweetIM

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F75B8121-0A98-4503-ADAA-5180CF1D7556}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FAE2191-BA19-43C5-8283-989E95ADB67D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9911698-4371-47F6-AF08-FB01D34050DB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74739784-809D-4F8B-B266-8E3F9C00950B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6799308A-7679-49B5-9BA9-66294B7C3AFF}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Branko\AppData\Roaming\Mozilla\Firefox\Profiles\1s3savbq.default\prefs.js

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[...]
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=adbartrp&AF=16508&q=");

Profile name : default
File : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\prefs.js

Found : user_pref("CT2269050..clientLogIsEnabled", false);
Found : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Found : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Found : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Found : user_pref("CT2269050.CTID", "CT2269050");
Found : user_pref("CT2269050.CurrentServerDate", "29-8-2012");
Found : user_pref("CT2269050.DialogsAlignMode", "LTR");
Found : user_pref("CT2269050.DialogsGetterLastCheckTime", "Wed Aug 29 2012 17:06:47 GMT+0200");
Found : user_pref("CT2269050.DownloadReferralCookieData", "");
Found : user_pref("CT2269050.EMailNotifierPollDate", "Tue Aug 31 2010 18:02:30 GMT+0200");
Found : user_pref("CT2269050.FirstServerDate", "30-4-2010");
Found : user_pref("CT2269050.FirstTime", true);
Found : user_pref("CT2269050.FirstTimeFF3", true);
Found : user_pref("CT2269050.FirstTimeSettingsDone", true);
Found : user_pref("CT2269050.FixPageNotFoundErrors", true);
Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2269050.HasUserGlobalKeys", true);
Found : user_pref("CT2269050.Initialize", true);
Found : user_pref("CT2269050.InitializeCommonPrefs", true);
Found : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2269050.InstallationType", "Unknown");
Found : user_pref("CT2269050.InstalledDate", "Fri Apr 30 2010 21:52:48 GMT+0200");
Found : user_pref("CT2269050.InvalidateCache", false);
Found : user_pref("CT2269050.IsGrouping", false);
Found : user_pref("CT2269050.IsMulticommunity", false);
Found : user_pref("CT2269050.IsOpenThankYouPage", false);
Found : user_pref("CT2269050.IsOpenUninstallPage", false);
Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Aug 29 2012 17:06:47 GMT+0200");
Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2269050.LastLogin_2.5.8.6", "Fri Apr 30 2010 21:52:49 GMT+0200");
Found : user_pref("CT2269050.LastLogin_2.7.2.0", "Tue Aug 31 2010 17:56:16 GMT+0200");
Found : user_pref("CT2269050.LastLogin_3.12.0.7", "Fri Apr 27 2012 10:16:30 GMT+0200");
Found : user_pref("CT2269050.LastLogin_3.12.2.3", "Wed May 30 2012 17:00:47 GMT+0200");
Found : user_pref("CT2269050.LastLogin_3.13.0.6", "Fri Jun 22 2012 15:55:12 GMT+0200");
Found : user_pref("CT2269050.LastLogin_3.15.1.0", "Wed Aug 29 2012 17:06:46 GMT+0200");
Found : user_pref("CT2269050.LatestVersion", "3.15.1.0");
Found : user_pref("CT2269050.Locale", "en");
Found : user_pref("CT2269050.LoginCache", 4);
Found : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Found : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2269050.RadioIsPodcast", false);
Found : user_pref("CT2269050.RadioLastCheckTime", "Tue Aug 31 2010 17:56:16 GMT+0200");
Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Found : user_pref("CT2269050.RadioMediaID", "12473383");
Found : user_pref("CT2269050.RadioMediaType", "Media Player");
Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Found : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Found : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Found : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2269050.SavedHomepage", "hxxp://home.sweetim.com");
Found : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Found : user_pref("CT2269050.SearchInNewTabEnabled", true);
Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Aug 29 2012 17:06:45 GMT+0200");
Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2269050.ServiceMapLastCheckTime", "Wed Aug 29 2012 17:06:45 GMT+0200");
Found : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2269050.SettingsLastCheckTime", "Wed Aug 29 2012 17:06:44 GMT+0200");
Found : user_pref("CT2269050.SettingsLastUpdate", "1346236157");
Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sun Aug 29 2010 22:46:48 GMT+0200");
Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1272286482");
Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Found : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2269050.UserID", "UN34423118382261710");
Found : user_pref("CT2269050.ValidationData_Toolbar", 2);
Found : user_pref("CT2269050.WeatherNetwork", "");
Found : user_pref("CT2269050.WeatherPollDate", "Tue Aug 31 2010 17:56:17 GMT+0200");
Found : user_pref("CT2269050.WeatherUnit", "C");
Found : user_pref("CT2269050.alertChannelId", "666138");
Found : user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Found : user_pref("CT2269050.clientLogIsEnabled", false);
Found : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2269050.initDone", true);
Found : user_pref("CT2269050.myStuffEnabled", true);
Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2269050.revertSettingsEnabled", true);
Found : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Found : user_pref("CT2269050.testingCtid", "");
Found : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Wed Aug 29 2012 17:06:47 GMT+0200");
Found : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT2269050.usagesFlag", 2);
Found : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2431245.CTID", "CT2431245");
Found : user_pref("CT2431245.CurrentServerDate", "31-8-2010");
Found : user_pref("CT2431245.DialogsAlignMode", "LTR");
Found : user_pref("CT2431245.DownloadReferralCookieData", "");


Nochmal danke für die tolle Hilfe!
Gruss und schönen Abend
Schwabenbär

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

• Windows XP (nur 32-bit)
• Windows Vista (32-bit/64-bit)
• Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise

• Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
• Liste der zu deaktivierenden Programme.
  Bei Unklarheiten bitte fragen.

• ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
• Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
• Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
• Teile uns das mit und warte auf unsere Anweisungen.

• Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
• Während des Laufs von Combofix nichts anderes am Computer machen!
• Akzeptiere die Bedingungen (Disclaimer) mit "Ja".

• Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
• Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
• Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
• Bitte nicht in dieses Combofix-Fenster klicken.
• Das könnte Dein System einfrieren oder hängen bleiben lassen.
• Es wird ein Backup Deiner Registry erstellt.
• Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.

• Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
• Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
• Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

• Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
• Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

Hallo, das scheint ja echt was größeres...
Ich will ja nicht nerven, aber es wird immer besser...
Ich kann dieses Combofix nicht installieren, da die Meldung kommt: Achtung!!!
ComboFix hat festgestellt das folgende Real-Time-Scanner aktiv sind.
antivirus: Avira Desktop
antispyware: Avira Desktop

Ich habe aber das komplette Antivire-Programm deinstalliert und einen Neustart gemacht. Hängt das mit dem komischen "W32/Patched.UB" zusammen? Ich finde keine restlichen AntiVire-Daten auf dem Desktop und verstehe nur noch Bahnhof... :crazy:

Gruss Schwabenbär

Laesst sich Combofix dennoch starten?

Da bin ich wieder...
So hallo, ja nach dem heutigen Update von Combofix hat er sich ohne Probleme installiert und er hat die Platte durchsucht. Dann automatischer Neustart. Und hier das Log:
Combofix Logfile:
--- --- ---
Ich installiere jetzt mal noch keine Antiviren-Programme.
Hoffentlich hat das Combofix das jetzt gepackt. :o))

Schönen Restsonntag und Gruß Schwabenbär

Ich glaube jetzt funktioniert wieder alles wieder wie es sein sollte!

Tausend Dank für Eure Hilfe. :abklatsch:

Gruss Schwabenbär

Sehr gut! :daumenhoc

• Schließe alle offenen Programme und Browser.
• Starte die adwcleaner.exe mit einem Doppelklick.
• Klicke auf Delete.
• Bestätige jeweils mit Ok.
• Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
• Poste mir den Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Hallo,
hier der Log vom adwcleaner.

# AdwCleaner v1.801 - Logfile created 09/04/2012 at 16:12:52
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Michi - BRANKO-PC
# Boot Mode : Normal
# Running from : C:\Users\Michi\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Branko\AppData\Local\Babylon
Folder Deleted : C:\Users\Michi\AppData\Local\Babylon
Folder Deleted : C:\Users\Michi\AppData\Local\Conduit
Folder Deleted : C:\Users\Branko\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Branko\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Branko\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Branko\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\Branko\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\Branko\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Branko\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Branko\AppData\LocalLow\softonic-Germany
Folder Deleted : C:\Users\Branko\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Michi\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Michi\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Michi\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Michi\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\Michi\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\Michi\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Michi\AppData\LocalLow\softonic-Germany
Folder Deleted : C:\Users\Michi\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Michi\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Michi\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\Conduit
Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\ConduitCommon
Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\ConduitEngine
Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2269050
Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2431245
Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2449729
Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2625848
Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\CT2857572
Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\Smartbar
Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\SweetIMToolbarData
Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\SweetPacksToolbarData
Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{38542454-dfb6-44f5-b052-d4e071a3d073}
Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{a51a36e6-31e7-4838-9ff7-76298b527ec0}
Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\engine@conduit.com
Folder Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\ffxtlbr@babylon.com
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\DVDVideoSoftTB
Folder Deleted : C:\Program Files\BrowserCompanion
File Deleted : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Program Files\Mozilla Firefox\Extensions\search@searchsettings.com
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2449729[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\a6eb8fe4c9986914497e92c7f5a702e3
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\a6eb8fe4c9986914497e92c7f5a702e3
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\DVDVideoSoftTB
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\softonic-Germany Toolbar
Key Deleted : HKLM\SOFTWARE\pdfforge
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKLM\SOFTWARE\softonic-Germany
Key Deleted : HKLM\SOFTWARE\SweetIM

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F75B8121-0A98-4503-ADAA-5180CF1D7556}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9FAE2191-BA19-43C5-8283-989E95ADB67D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9911698-4371-47F6-AF08-FB01D34050DB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74739784-809D-4F8B-B266-8E3F9C00950B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6799308A-7679-49B5-9BA9-66294B7C3AFF}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=109958&tt=3612_5&babsrc=HP_ss&mntrId=5cd9e8250000000000000022431e92fd --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Branko\AppData\Roaming\Mozilla\Firefox\Profiles\1s3savbq.default\prefs.js

C:\Users\Branko\AppData\Roaming\Mozilla\Firefox\Profiles\1s3savbq.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[...]
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=adbartrp&AF=16508&q=");

Profile name : default
File : C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\prefs.js

C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\l0egos2v.default\user.js ... Deleted !

Deleted : user_pref("CT2269050..clientLogIsEnabled", false);
Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Deleted : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Deleted : user_pref("CT2269050.CTID", "CT2269050");
Deleted : user_pref("CT2269050.CurrentServerDate", "4-9-2012");
Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2269050.DialogsGetterLastCheckTime", "Sun Sep 02 2012 14:38:47 GMT+0200");
Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Tue Aug 31 2010 18:02:30 GMT+0200");
Deleted : user_pref("CT2269050.FirstServerDate", "30-4-2010");
Deleted : user_pref("CT2269050.FirstTime", true);
Deleted : user_pref("CT2269050.FirstTimeFF3", true);
Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2269050.HasUserGlobalKeys", true);
Deleted : user_pref("CT2269050.Initialize", true);
Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2269050.InstallationType", "Unknown");
Deleted : user_pref("CT2269050.InstalledDate", "Fri Apr 30 2010 21:52:48 GMT+0200");
Deleted : user_pref("CT2269050.InvalidateCache", false);
Deleted : user_pref("CT2269050.IsGrouping", false);
Deleted : user_pref("CT2269050.IsMulticommunity", false);
Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Sep 03 2012 16:12:00 GMT+0200");
Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2269050.LastLogin_2.5.8.6", "Fri Apr 30 2010 21:52:49 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_2.7.2.0", "Tue Aug 31 2010 17:56:16 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.12.0.7", "Fri Apr 27 2012 10:16:30 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.12.2.3", "Wed May 30 2012 17:00:47 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.13.0.6", "Fri Jun 22 2012 15:55:12 GMT+0200");
Deleted : user_pref("CT2269050.LastLogin_3.15.1.0", "Tue Sep 04 2012 16:04:11 GMT+0200");
Deleted : user_pref("CT2269050.LatestVersion", "3.15.1.0");
Deleted : user_pref("CT2269050.Locale", "en");
Deleted : user_pref("CT2269050.LoginCache", 4);
Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2269050.RadioIsPodcast", false);
Deleted : user_pref("CT2269050.RadioLastCheckTime", "Tue Aug 31 2010 17:56:16 GMT+0200");
Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Deleted : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2269050.SavedHomepage", "hxxp://home.sweetim.com");
Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Sep 03 2012 16:12:00 GMT+0200");
Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2269050.ServiceMapLastCheckTime", "Mon Sep 03 2012 16:12:00 GMT+0200");
Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Tue Sep 04 2012 16:04:08 GMT+0200");
Deleted : user_pref("CT2269050.SettingsLastUpdate", "1346669743");
Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sun Aug 29 2010 22:46:48 GMT+0200");
Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1272286482");
Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Deleted : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2269050.UserID", "UN34423118382261710");
Deleted : user_pref("CT2269050.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2269050.WeatherNetwork", "");
Deleted : user_pref("CT2269050.WeatherPollDate", "Tue Aug 31 2010 17:56:17 GMT+0200");
Deleted : user_pref("CT2269050.WeatherUnit", "C");
Deleted : user_pref("CT2269050.alertChannelId", "666138");
Deleted : user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Deleted : user_pref("CT2269050.clientLogIsEnabled", false);
Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.initDone", true);
Deleted : user_pref("CT2269050.myStuffEnabled", true);
Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2269050.revertSettingsEnabled", true);
Deleted : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2269050.testingCtid", "");
Deleted : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Mon Sep 03 2012 16:12:01 GMT+0200");
Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2269050.usagesFlag", 2);
Deleted : user_pref("CT2431245.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2431245.CTID", "CT2431245");
Deleted : user_pref("CT2431245.CurrentServerDate", "31-8-2010");
Deleted : user_pref("CT2431245.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2431245.DownloadReferralCookieData", "");
Deleted : user_pref("CT2431245.EMailNotifierPollDate", "Tue Aug 31 2010 18:02:30 GMT+0200");
Deleted : user_pref("CT2431245.FeedLastCount129009402595187825", 496);
Deleted : user_pref("CT2431245.FeedPollDate7470634014180506963", "Tue Aug 31 2010 17:56:20 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634014269327586", "Tue Aug 31 2010 17:56:19 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634014329599698", "Tue Aug 31 2010 17:56:19 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634014537505092", "Tue Aug 31 2010 17:56:19 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634014970726540", "Tue Aug 31 2010 17:56:19 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015410831318", "Tue Aug 31 2010 17:56:23 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015483395460", "Tue Aug 31 2010 17:56:20 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015636754705", "Tue Aug 31 2010 17:56:20 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015768347545", "Tue Aug 31 2010 17:56:20 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634015855543602", "Tue Aug 31 2010 17:56:19 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016030710453", "Tue Aug 31 2010 17:56:19 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016114705611", "Tue Aug 31 2010 17:56:21 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016129205152", "Tue Aug 31 2010 17:56:21 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016143724791", "Tue Aug 31 2010 17:56:23 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016271239162", "Tue Aug 31 2010 17:56:23 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016568520719", "Tue Aug 31 2010 17:56:20 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634016726993788", "Tue Aug 31 2010 17:56:19 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017109031809", "Tue Aug 31 2010 17:56:20 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017132743740", "Tue Aug 31 2010 17:56:20 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017299547668", "Tue Aug 31 2010 17:56:21 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017302327846", "Tue Aug 31 2010 17:56:20 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017344111490", "Tue Aug 31 2010 17:56:19 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017478360748", "Tue Aug 31 2010 17:56:23 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017732797593", "Tue Aug 31 2010 17:56:19 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634017821686064", "Tue Aug 31 2010 17:56:23 GMT+0200");
Deleted : user_pref("CT2431245.FeedPollDate7470634018090228721", "Tue Aug 31 2010 17:56:21 GMT+0200");
Deleted : user_pref("CT2431245.FeedTTL7470634014269327586", 5);
Deleted : user_pref("CT2431245.FeedTTL7470634014537505092", 5);
Deleted : user_pref("CT2431245.FeedTTL7470634014970726540", 2);
Deleted : user_pref("CT2431245.FeedTTL7470634015636754705", 5);
Deleted : user_pref("CT2431245.FeedTTL7470634016568520719", 30);
Deleted : user_pref("CT2431245.FirstServerDate", "31-8-2010");
Deleted : user_pref("CT2431245.FirstTime", true);
Deleted : user_pref("CT2431245.FirstTimeFF3", true);
Deleted : user_pref("CT2431245.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2431245.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2431245.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2431245.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2431245.Initialize", true);
Deleted : user_pref("CT2431245.InitializeCommonPrefs", true);
Deleted : user_pref("CT2431245.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2431245.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2431245.InstalledDate", "Tue Aug 31 2010 17:56:18 GMT+0200");
Deleted : user_pref("CT2431245.InvalidateCache", false);
Deleted : user_pref("CT2431245.IsGrouping", false);
Deleted : user_pref("CT2431245.IsMulticommunity", false);
Deleted : user_pref("CT2431245.IsOpenThankYouPage", false);
Deleted : user_pref("CT2431245.IsOpenUninstallPage", true);
Deleted : user_pref("CT2431245.LanguagePackLastCheckTime", "Tue Aug 31 2010 17:56:20 GMT+0200");
Deleted : user_pref("CT2431245.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2431245.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2431245.LastLogin_2.7.2.0", "Tue Aug 31 2010 17:56:20 GMT+0200");
Deleted : user_pref("CT2431245.LatestVersion", "2.7.2.0");
Deleted : user_pref("CT2431245.Locale", "de-de");
Deleted : user_pref("CT2431245.LoginCache", 4);
Deleted : user_pref("CT2431245.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2431245.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2431245.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2431245.RadioIsPodcast", false);
Deleted : user_pref("CT2431245.RadioLastCheckTime", "Tue Aug 31 2010 17:56:20 GMT+0200");
Deleted : user_pref("CT2431245.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2431245.RadioLastUpdateServer", "129167771525870000");
Deleted : user_pref("CT2431245.RadioMediaID", "20503672");
Deleted : user_pref("CT2431245.RadioMediaType", "Media Player");
Deleted : user_pref("CT2431245.RadioMenuSelectedID", "EBRadioMenu_CT243124520503672");
Deleted : user_pref("CT2431245.RadioStationName", "Team%20Radio%20Deutschland");
Deleted : user_pref("CT2431245.RadioStationURL", "hxxp://trd.stream.w-u-s.org:6666/dsl.m3u");
Deleted : user_pref("CT2431245.SavedHomepage", "hxxp://www.t-online.de/");
Deleted : user_pref("CT2431245.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2431245.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2431245.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Deleted : user_pref("CT2431245.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2431245.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2431245.SearchInNewTabLastCheckTime", "Tue Aug 31 2010 17:56:20 GMT+0200");
Deleted : user_pref("CT2431245.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2431245.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2431245.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2431245.SettingsLastCheckTime", "Tue Aug 31 2010 17:56:16 GMT+0200");
Deleted : user_pref("CT2431245.SettingsLastUpdate", "1281127908");
Deleted : user_pref("CT2431245.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2431245.ThirdPartyComponentsLastCheck", "Tue Aug 31 2010 17:56:16 GMT+0200");
Deleted : user_pref("CT2431245.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2431245.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2431245.UserID", "UN42251906708570826");
Deleted : user_pref("CT2431245.ValidationData_Toolbar", 0);
Deleted : user_pref("CT2431245.WeatherNetwork", "");
Deleted : user_pref("CT2431245.WeatherPollDate", "Tue Aug 31 2010 17:56:20 GMT+0200");
Deleted : user_pref("CT2431245.WeatherUnit", "C");
Deleted : user_pref("CT2431245.alertChannelId", "825452");
Deleted : user_pref("CT2431245.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Deleted : user_pref("CT2431245.clientLogIsEnabled", false);
Deleted : user_pref("CT2431245.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2431245.myStuffEnabled", true);
Deleted : user_pref("CT2431245.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2431245.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2431245.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2431245.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2431245.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2449729..clientLogIsEnabled", false);
Deleted : user_pref("CT2449729..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2449729..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2449729.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2449729.CTID", "CT2449729");
Deleted : user_pref("CT2449729.CurrentServerDate", "28-2-2011");
Deleted : user_pref("CT2449729.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2449729.DialogsGetterLastCheckTime", "Mon Feb 28 2011 20:39:22 GMT+0100");
Deleted : user_pref("CT2449729.DownloadReferralCookieData", "");
Deleted : user_pref("CT2449729.EMailNotifierPollDate", "Mon Feb 28 2011 21:24:03 GMT+0100");
Deleted : user_pref("CT2449729.FeedLastCount129029445737143755", 506);
Deleted : user_pref("CT2449729.FeedPollDate7470634014180506963", "Mon Feb 28 2011 20:39:04 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634014269327586", "Mon Feb 28 2011 20:39:03 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634014329599698", "Mon Feb 28 2011 20:39:03 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634014537505092", "Mon Feb 28 2011 20:39:03 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634014970726540", "Mon Feb 28 2011 20:39:03 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634015410831318", "Mon Feb 28 2011 20:39:05 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634015483395460", "Mon Feb 28 2011 20:39:04 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634015636754705", "Mon Feb 28 2011 20:39:04 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634015768347545", "Mon Feb 28 2011 20:39:03 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634015855543602", "Mon Feb 28 2011 20:39:03 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634016030710453", "Mon Feb 28 2011 20:39:03 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634016114705611", "Mon Feb 28 2011 20:39:05 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634016129205152", "Mon Feb 28 2011 20:39:04 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634016143724791", "Mon Feb 28 2011 20:39:05 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634016271239162", "Mon Feb 28 2011 20:39:05 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634016568520719", "Mon Feb 28 2011 20:39:04 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634016726993788", "Mon Feb 28 2011 20:39:03 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634017109031809", "Mon Feb 28 2011 20:39:04 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634017132743740", "Mon Feb 28 2011 20:39:04 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634017299547668", "Mon Feb 28 2011 20:39:04 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634017302327846", "Mon Feb 28 2011 20:39:04 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634017344111490", "Mon Feb 28 2011 20:39:03 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634017478360748", "Mon Feb 28 2011 20:39:05 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634017732797593", "Mon Feb 28 2011 20:39:03 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634017821686064", "Mon Feb 28 2011 20:39:05 GMT+0100");
Deleted : user_pref("CT2449729.FeedPollDate7470634018090228721", "Mon Feb 28 2011 20:39:04 GMT+0100");
Deleted : user_pref("CT2449729.FeedTTL7470634014269327586", 5);
Deleted : user_pref("CT2449729.FeedTTL7470634014970726540", 2);
Deleted : user_pref("CT2449729.FeedTTL7470634015636754705", 5);
Deleted : user_pref("CT2449729.FeedTTL7470634016568520719", 30);
Deleted : user_pref("CT2449729.FirstServerDate", "28-2-2011");
Deleted : user_pref("CT2449729.FirstTime", true);
Deleted : user_pref("CT2449729.FirstTimeFF3", true);
Deleted : user_pref("CT2449729.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2449729.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2449729.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2449729.HasUserGlobalKeys", true);
Deleted : user_pref("CT2449729.Initialize", true);
Deleted : user_pref("CT2449729.InitializeCommonPrefs", true);
Deleted : user_pref("CT2449729.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2449729.InstallationId", "softonic-Germany.exe");
Deleted : user_pref("CT2449729.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2449729.InstalledDate", "Mon Feb 28 2011 20:39:02 GMT+0100");
Deleted : user_pref("CT2449729.InvalidateCache", false);
Deleted : user_pref("CT2449729.IsGrouping", false);
Deleted : user_pref("CT2449729.IsMulticommunity", false);
Deleted : user_pref("CT2449729.IsOpenThankYouPage", false);
Deleted : user_pref("CT2449729.IsOpenUninstallPage", true);
Deleted : user_pref("CT2449729.LanguagePackLastCheckTime", "Mon Feb 28 2011 20:39:11 GMT+0100");
Deleted : user_pref("CT2449729.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2449729.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2449729.LastLogin_3.3.0.19", "Mon Feb 28 2011 20:39:01 GMT+0100");
Deleted : user_pref("CT2449729.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT2449729.Locale", "de-de");
Deleted : user_pref("CT2449729.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2449729.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2449729.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2449729.RadioIsPodcast", false);
Deleted : user_pref("CT2449729.RadioLastCheckTime", "Mon Feb 28 2011 20:39:03 GMT+0100");
Deleted : user_pref("CT2449729.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2449729.RadioLastUpdateServer", "3");
Deleted : user_pref("CT2449729.RadioMediaID", "9962");
Deleted : user_pref("CT2449729.RadioMediaType", "Media Player");
Deleted : user_pref("CT2449729.RadioMenuSelectedID", "EBRadioMenu_CT24497299962");
Deleted : user_pref("CT2449729.RadioStationName", "California%20Rock");
Deleted : user_pref("CT2449729.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT2449729.SavedHomepage", "hxxp://www.t-online.de/");
Deleted : user_pref("CT2449729.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2449729.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT244[...]
Deleted : user_pref("CT2449729.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2449729.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2449729.SearchInNewTabLastCheckTime", "Mon Feb 28 2011 20:39:03 GMT+0100");
Deleted : user_pref("CT2449729.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2449729.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2449729.ServiceMapLastCheckTime", "Mon Feb 28 2011 20:39:00 GMT+0100");
Deleted : user_pref("CT2449729.SettingsLastCheckTime", "Mon Feb 28 2011 20:39:00 GMT+0100");
Deleted : user_pref("CT2449729.SettingsLastUpdate", "1297858522");
Deleted : user_pref("CT2449729.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2449729.ThirdPartyComponentsLastCheck", "Mon Feb 28 2011 20:39:00 GMT+0100");
Deleted : user_pref("CT2449729.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2449729.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Deleted : user_pref("CT2449729.UserID", "UN94126971300382876");
Deleted : user_pref("CT2449729.WeatherNetwork", "");
Deleted : user_pref("CT2449729.WeatherPollDate", "Mon Feb 28 2011 21:09:46 GMT+0100");
Deleted : user_pref("CT2449729.WeatherUnit", "C");
Deleted : user_pref("CT2449729.alertChannelId", "843580");
Deleted : user_pref("CT2449729.backendstorage._fb_dailyactivity", "31323938393231393433363931");
Deleted : user_pref("CT2449729.backendstorage._fb_lifetimesent", "54525545");
Deleted : user_pref("CT2449729.backendstorage.facebook_ctid_connect_send", "73656E646564");
Deleted : user_pref("CT2449729.globalFirstTimeInfoLastCheckTime", "Mon Feb 28 2011 20:39:01 GMT+0100");
Deleted : user_pref("CT2449729.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2449729.myStuffEnabled", true);
Deleted : user_pref("CT2449729.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2449729.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2449729.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2449729.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2449729.testingCtid", "");
Deleted : user_pref("CT2449729.toolbarAppMetaDataLastCheckTime", "Mon Feb 28 2011 20:39:00 GMT+0100");
Deleted : user_pref("CT2449729.toolbarContextMenuLastCheckTime", "Mon Feb 28 2011 20:39:11 GMT+0100");
Deleted : user_pref("CT2449729.usagesFlag", 1);
Deleted : user_pref("CT2625848.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT2625848.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT2625848.2625848a129894023611240511000000paramsGK1", "{\"updateReqTime\":1345996432350,\[...]
Deleted : user_pref("CT2625848.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2625848.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT2625848.FirstTime", "true");
Deleted : user_pref("CT2625848.FirstTimeFF3", "true");
Deleted : user_pref("CT2625848.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSBC[...]
Deleted : user_pref("CT2625848.UserID", "UN27124993240142055");
Deleted : user_pref("CT2625848.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2625848.autoDisableScopes", -1);
Deleted : user_pref("CT2625848.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT2625848.defaultSearch", "true");
Deleted : user_pref("CT2625848.embeddedsData", "[{\"appId\":\"129181467799155027\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2625848.enableAlerts", "false");
Deleted : user_pref("CT2625848.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT2625848.firstTimeDialogOpened", "true");
Deleted : user_pref("CT2625848.fixPageNotFoundError", "true");
Deleted : user_pref("CT2625848.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2625848.fixUrls", true);
Deleted : user_pref("CT2625848.installId", "ConduitNSISIntegration");
Deleted : user_pref("CT2625848.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT2625848.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2625848.isNewTabEnabled", true);
Deleted : user_pref("CT2625848.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2625848.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2625848.keyword", true);
Deleted : user_pref("CT2625848.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT2625848.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT2625848.openThankYouPage", "false");
Deleted : user_pref("CT2625848.openUninstallPage", "true");
Deleted : user_pref("CT2625848.search.searchAppId", "129181467799155027");
Deleted : user_pref("CT2625848.search.searchCount", "0");
Deleted : user_pref("CT2625848.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2625848.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2625848.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2625848.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2625848.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT2625848.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1345996198035");
Deleted : user_pref("CT2625848.serviceLayer_services_appsMetadata_lastUpdate", "1345996198088");
Deleted : user_pref("CT2625848.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1345996199239");
Deleted : user_pref("CT2625848.serviceLayer_services_login_10.10.22.13_lastUpdate", "1346252928858");
Deleted : user_pref("CT2625848.serviceLayer_services_login_10.10.27.6_lastUpdate", "1346767582019");
Deleted : user_pref("CT2625848.serviceLayer_services_optimizer_lastUpdate", "1345996199468");
Deleted : user_pref("CT2625848.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1345996199324");
Deleted : user_pref("CT2625848.serviceLayer_services_searchAPI_lastUpdate", "1345996196777");
Deleted : user_pref("CT2625848.serviceLayer_services_serviceMap_lastUpdate", "1346682067961");
Deleted : user_pref("CT2625848.serviceLayer_services_toolbarContextMenu_lastUpdate", "1345996198365");
Deleted : user_pref("CT2625848.serviceLayer_services_toolbarSettings_lastUpdate", "1346767579620");
Deleted : user_pref("CT2625848.serviceLayer_services_translation_lastUpdate", "1346682068395");
Deleted : user_pref("CT2625848.settingsINI", true);
Deleted : user_pref("CT2625848.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT2625848.smartbar.CTID", "CT2625848");
Deleted : user_pref("CT2625848.smartbar.Uninstall", "0");
Deleted : user_pref("CT2625848.smartbar.homepage", true);
Deleted : user_pref("CT2625848.smartbar.isHidden", true);
Deleted : user_pref("CT2625848.smartbar.toolbarName", "DVDVideoSoftTB DE ");
Deleted : user_pref("CT2625848.startPage", "userChanged");
Deleted : user_pref("CT2625848.toolbarBornServerTime", "26-8-2012");
Deleted : user_pref("CT2625848.toolbarCurrentServerTime", "4-9-2012");
Deleted : user_pref("CT2857572..clientLogIsEnabled", true);
Deleted : user_pref("CT2857572..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2857572..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2857572.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2857572.AppTrackingLastCheckTime", "Mon Feb 28 2011 18:05:09 GMT+0100");
Deleted : user_pref("CT2857572.CT2857572", "CT2857572");
Deleted : user_pref("CT2857572.CurrentServerDate", "28-2-2011");
Deleted : user_pref("CT2857572.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2857572.DialogsGetterLastCheckTime", "Thu Jan 06 2011 13:06:36 GMT+0100");
Deleted : user_pref("CT2857572.DownloadReferralCookieData", "");
Deleted : user_pref("CT2857572.ExternalComponentPollDate129356796046694434", "Sun Feb 27 2011 15:19:29 GMT+010[...]
Deleted : user_pref("CT2857572.FirstServerDate", "6-1-2011");
Deleted : user_pref("CT2857572.FirstTime", true);
Deleted : user_pref("CT2857572.FirstTimeFF3", true);
Deleted : user_pref("CT2857572.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2857572.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2857572.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2857572.HasUserGlobalKeys", true);
Deleted : user_pref("CT2857572.Initialize", true);
Deleted : user_pref("CT2857572.InitializeCommonPrefs", true);
Deleted : user_pref("CT2857572.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2857572.InstalledDate", "Thu Jan 06 2011 13:06:37 GMT+0100");
Deleted : user_pref("CT2857572.InvalidateCache", false);
Deleted : user_pref("CT2857572.IsGrouping", false);
Deleted : user_pref("CT2857572.IsMulticommunity", false);
Deleted : user_pref("CT2857572.IsOpenThankYouPage", true);
Deleted : user_pref("CT2857572.IsOpenUninstallPage", true);
Deleted : user_pref("CT2857572.LanguagePackLastCheckTime", "Mon Feb 28 2011 18:04:59 GMT+0100");
Deleted : user_pref("CT2857572.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2857572.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2857572.LastLogin_3.3.0.19", "Mon Feb 28 2011 18:04:59 GMT+0100");
Deleted : user_pref("CT2857572.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT2857572.Locale", "en");
Deleted : user_pref("CT2857572.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2857572.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2857572.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2857572.RadioIsPodcast", false);
Deleted : user_pref("CT2857572.RadioLastCheckTime", "Mon Feb 28 2011 18:04:59 GMT+0100");
Deleted : user_pref("CT2857572.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2857572.RadioLastUpdateServer", "129400870958430000");
Deleted : user_pref("CT2857572.RadioMediaID", "21753723");
Deleted : user_pref("CT2857572.RadioMediaType", "Media Player");
Deleted : user_pref("CT2857572.RadioMenuSelectedID", "EBRadioMenu_CT285757221753723");
Deleted : user_pref("CT2857572.RadioStationName", "California%20Rock%20-%20Rock");
Deleted : user_pref("CT2857572.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Deleted : user_pref("CT2857572.SavedHomepage", "hxxp://www.t-online.de/");
Deleted : user_pref("CT2857572.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2857572.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Deleted : user_pref("CT2857572.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2857572.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2857572.SearchInNewTabLastCheckTime", "Mon Feb 28 2011 18:04:58 GMT+0100");
Deleted : user_pref("CT2857572.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2857572.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2857572.ServiceMapLastCheckTime", "Mon Feb 28 2011 18:04:58 GMT+0100");
Deleted : user_pref("CT2857572.SettingsLastCheckTime", "Mon Feb 28 2011 20:38:39 GMT+0100");
Deleted : user_pref("CT2857572.SettingsLastUpdate", "1298225553");
Deleted : user_pref("CT2857572.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2857572.ThirdPartyComponentsLastCheck", "Sat Feb 19 2011 10:30:47 GMT+0100");
Deleted : user_pref("CT2857572.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2857572.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Deleted : user_pref("CT2857572.UserID", "UN28618226516012224");
Deleted : user_pref("CT2857572.ValidationData_Search", 2);
Deleted : user_pref("CT2857572.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2857572.WeatherNetwork", "");
Deleted : user_pref("CT2857572.WeatherPollDate", "Mon Feb 28 2011 21:09:46 GMT+0100");
Deleted : user_pref("CT2857572.WeatherUnit", "C");
Deleted : user_pref("CT2857572.alertChannelId", "1249594");
Deleted : user_pref("CT2857572.approveUntrustedApps", true);
Deleted : user_pref("CT2857572.backendstorage._fb_dailyactivity", "31323938393132373033303735");
Deleted : user_pref("CT2857572.backendstorage._fb_lifetimesent", "54525545");
Deleted : user_pref("CT2857572.backendstorage.facebook_ctid_connect_send", "73656E646564");
Deleted : user_pref("CT2857572.backendstorage.facebook_mode", "32");
Deleted : user_pref("CT2857572.backendstorage.facebook_user_first_login_date", "30322F31302F32303131");
Deleted : user_pref("CT2857572.backendstorage.facebook_user_locale", "6465");
Deleted : user_pref("CT2857572.backendstorage.facebook_user_survey_visit", "4E4F545F56495349544544");
Deleted : user_pref("CT2857572.backendstorage.hxxp://facebook_conduitapps_com/v3_2_0.facebook_ctid_connect_sen[...]
Deleted : user_pref("CT2857572.backendstorage.hxxp://facebook_conduitapps_com/v3_2_1.facebook_ctid_connect_sen[...]
Deleted : user_pref("CT2857572.globalFirstTimeInfoLastCheckTime", "Mon Feb 28 2011 18:04:59 GMT+0100");
Deleted : user_pref("CT2857572.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2857572.myStuffEnabled", true);
Deleted : user_pref("CT2857572.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2857572.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2857572.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2857572.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2857572.oldAppsList", "129356796045131912,129356796046381930,129356796046694434,1000082[...]
Deleted : user_pref("CT2857572.testingCtid", "");
Deleted : user_pref("CT2857572.toolbarAppMetaDataLastCheckTime", "Mon Feb 28 2011 18:04:59 GMT+0100");
Deleted : user_pref("CT2857572.toolbarContextMenuLastCheckTime", "Thu Jan 06 2011 13:06:37 GMT+0100");
Deleted : user_pref("CT2857572.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2449729");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1249594/1245267/DE", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/843580/839383/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2449729", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2857572", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.2.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2857572",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2449729/CT2449729[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2857572/CT2857572[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"5f3[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2857572");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{38542454-dfb6-44f5-b052-d4e071a3d073}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1.12");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2857572");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{38542454-dfb6-44f5-b052-d4e071a3d073}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1.12");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.sweetim.com/search.asp?src[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,CT2431245,ConduitEngine,CT2857572,CT2449729");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050,CT2431245,CT2857572,CT2449729");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Mar 24 2011 17:38:58 GMT+01[...]
Deleted : user_pref("CommunityToolbar.alert.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jul 12 2011 17:54:15 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jul 12 2011 17:54:09 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "e5c51fd0-b909-421a-9392-2aa7fdad4126");
Deleted : user_pref("CommunityToolbar.facebook.sessionKey", "2.sNvrDCpkZSutFUNdp9owzQ__.86400.1272744000-10000[...]
Deleted : user_pref("CommunityToolbar.facebook.sessionSecret", "sNvrDCpkZSutFUNdp9owzQ__");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Aug 31 2010 17:56:15 GMT+0200");
Deleted : user_pref("CommunityToolbar.facebook.userId", "100001027080696");
Deleted : user_pref("CommunityToolbar.globalUserId", "eee2b23f-88c8-4ff6-bd1a-169a5026dce0");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2449729");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Mon Jun 20 2011 22:51:15 GMT+0200");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Feb 27 2011 15:19:30 GMT+0100");
Deleted : user_pref("ConduitEngine.FirstServerDate", "01/06/2011 15");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Thu Jan 06 2011 13:06:35 GMT+0100");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Feb 28 2011 18:05:01 GMT+0100");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.0.19", "Mon Feb 28 2011 21:05:02 GMT+0100");
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Feb 28 2011 21:05:02 GMT+0100");
Deleted : user_pref("ConduitEngine.UserID", "UN72742982783502340");
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Feb 28 2011 18:05:01 GMT+0100");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Feb 28 2011 18:05:01 GMT+0100");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2625848");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=109958&tt=3612_5&babsrc=NT_ss&mntr[...]
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=109958&tt=3612_5&babsrc=HP_s[...]
Deleted : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 9);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "DE");
Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "11C451F463C521D1CBD851338FC91F14");
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "13");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 9);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsn", "1.1.5");
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 59428116);
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "free");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.html")[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "data:text/plain,browser.startup.home[...]
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "data:text/plain,keyword.URL=hxxp://go.web.de/br/m[...]
Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "true");
Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.predictad.com/scripts/publishers/sweetim/pre[...]
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "true");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{7C3B8B58-548E-11DF-B935-001F16080FB3}");

*************************

AdwCleaner[R1].txt - [60442 octets] - [29/08/2012 21:06:29]
AdwCleaner[S1].txt - [62690 octets] - [04/09/2012 16:12:52]

########## EOF - C:\AdwCleaner[S1].txt - [62819 octets] ##########

Schaue bitte in der Anleitung (http://www.trojaner-board.de/103809-...i-malware.html) nach, wo du die Logfiles finden kannst.
Poste das Logfile bitte.

Oh, sorry, da kommt das Log.
Das Emisoft-Programm hat leider schon wieder was gefunden. Ich hab das alles mal in die Quarantäne verschoben. Habs mir nicht getraut zu löschen, da er meinte, er könnte das wieder zurückverschieben.

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 04.09.2012 17:12:02

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 04.09.2012 17:16:51

c:\program files\phenomedia gefunden: Trace.File.moorfrog 1.0!E1
Key: hkey_local_machine\software\trymedia systems gefunden: Trace.Registry.trymedia!E1
Key: hkey_local_machine\software\trymedia systems\activemark software gefunden: Trace.Registry.trymedia!E1
C:\_OTL\MovedFiles\08262012_134115\C_Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\00000001.@ gefunden: Trojan.Win32.Sirefef.AMN!E1
C:\_OTL\MovedFiles\08262012_134115\C_Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\80000000.@ gefunden: Trojan.Win32.Sirefef.AMN!E1
C:\_OTL\MovedFiles\08262012_134115\C_Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll gefunden: Adware.Win32.Toolbar.Dealio!E1

Gescannt 615601
Gefunden 7

Scan Ende: 04.09.2012 19:45:10
Scan Zeit: 2:28:19

C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll Quarantäne Adware.Win32.Toolbar.Dealio!E1
C:\_OTL\MovedFiles\08262012_134115\C_Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll Quarantäne Adware.Win32.Toolbar.Dealio.AMN!E1
C:\_OTL\MovedFiles\08262012_134115\C_Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\00000001.@ Quarantäne Trojan.Win32.Sirefef.AMN!E1
C:\_OTL\MovedFiles\08262012_134115\C_Windows\Installer\{d1ddd07c-e817-bb30-a54f-4e60bff7c99e}\U\80000000.@ Quarantäne Trojan.Win32.Sirefef.AMN!E1
Key: hkey_local_machine\software\trymedia systems Quarantäne Trace.Registry.trymedia!E1
Key: hkey_local_machine\software\trymedia systems\activemark software Quarantäne Trace.Registry.trymedia!E1
c:\program files\phenomedia Quarantäne Trace.File.moorfrog 1.0!E1

Quarantäne 7