GVU Trojaner Win7 64bit

t'john · 24.07.2012, 23:48

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

gutschge · 25.07.2012, 13:48

Hallo, hier nun der Log von AdwCleaner:

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/25/2012 at 06:37:27
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ich Selbst - ICHSELBST-PC
# Running from : C:\Users\Ich Selbst\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Ich Selbst\AppData\Local\Conduit
Folder Deleted : C:\Users\Ich Selbst\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ich Selbst\AppData\LocalLow\Freeware.de
Folder Deleted : C:\Users\Ich Selbst\AppData\Roaming\Mozilla\Firefox\Profiles\ad9lm4uu.default\Conduit
Folder Deleted : C:\Users\Ich Selbst\AppData\Roaming\Mozilla\Firefox\Profiles\ad9lm4uu.default\ConduitCommon
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Freeware.de
File Deleted : C:\Users\Ich Selbst\AppData\Roaming\Mozilla\Firefox\Profiles\ad9lm4uu.default\searchplugins\Conduit.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Freeware.de
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freeware.de Toolbar

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E111A5C-3D11-4F56-9463-5310C3C69025}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Ich Selbst\AppData\Roaming\Mozilla\Firefox\Profiles\ad9lm4uu.default\prefs.js

Deleted : user_pref("CT2613550..clientLogIsEnabled", false);
Deleted : user_pref("CT2613550..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2613550..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2613550.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2613550.CTID", "ct2613550");
Deleted : user_pref("CT2613550.CurrentServerDate", "22-4-2012");
Deleted : user_pref("CT2613550.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2613550.DialogsGetterLastCheckTime", "Sat Apr 21 2012 13:12:10 GMT+0200");
Deleted : user_pref("CT2613550.DownloadReferralCookieData", "");
Deleted : user_pref("CT2613550.EMailNotifierPollDate", "Tue Oct 05 2010 17:01:14 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602533", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602539", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602545", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602551", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602557", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602563", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602569", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602575", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602581", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602587", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602593", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602599", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602605", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602611", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602617", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602623", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602629", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedTTL129254982599602545", 5);
Deleted : user_pref("CT2613550.FeedTTL129254982599602551", 5);
Deleted : user_pref("CT2613550.FeedTTL129254982599602575", 2);
Deleted : user_pref("CT2613550.FeedTTL129254982599602605", 5);
Deleted : user_pref("CT2613550.FeedTTL129254982599602617", 30);
Deleted : user_pref("CT2613550.FirstServerDate", "5-10-2010");
Deleted : user_pref("CT2613550.FirstTime", true);
Deleted : user_pref("CT2613550.FirstTimeFF3", true);
Deleted : user_pref("CT2613550.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2613550.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2613550.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2613550.HasUserGlobalKeys", true);
Deleted : user_pref("CT2613550.Initialize", true);
Deleted : user_pref("CT2613550.InitializeCommonPrefs", true);
Deleted : user_pref("CT2613550.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2613550.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2613550.InstalledDate", "Tue Oct 05 2010 16:42:33 GMT+0200");
Deleted : user_pref("CT2613550.IsGrouping", false);
Deleted : user_pref("CT2613550.IsMulticommunity", false);
Deleted : user_pref("CT2613550.IsOpenThankYouPage", false);
Deleted : user_pref("CT2613550.IsOpenUninstallPage", true);
Deleted : user_pref("CT2613550.LanguagePackLastCheckTime", "Tue Oct 05 2010 16:42:33 GMT+0200");
Deleted : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2613550.LastLogin_2.7.1.3", "Tue Oct 05 2010 16:42:49 GMT+0200");
Deleted : user_pref("CT2613550.LastLogin_3.12.0.7", "Sun Apr 22 2012 15:53:57 GMT+0200");
Deleted : user_pref("CT2613550.LatestVersion", "3.12.0.7");
Deleted : user_pref("CT2613550.Locale", "de-de");
Deleted : user_pref("CT2613550.LoginCache", 4);
Deleted : user_pref("CT2613550.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2613550.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2613550.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2613550.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2613550.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...]
Deleted : user_pref("CT2613550.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2613550.ServiceMapLastCheckTime", "Sun Apr 22 2012 18:19:44 GMT+0200");
Deleted : user_pref("CT2613550.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2613550.SettingsLastCheckTime", "Tue Oct 05 2010 16:36:51 GMT+0200");
Deleted : user_pref("CT2613550.SettingsLastUpdate", "1285580322");
Deleted : user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Tue Oct 05 2010 16:36:51 GMT+0200");
Deleted : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2613550");
Deleted : user_pref("CT2613550.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2613550.Uninstall", true);
Deleted : user_pref("CT2613550.UserID", "UN17349322164049985");
Deleted : user_pref("CT2613550.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2613550.alertChannelId", "1006347");
Deleted : user_pref("CT2613550.clientLogIsEnabled", false);
Deleted : user_pref("CT2613550.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2613550.components.1000082", false);
Deleted : user_pref("CT2613550.components.1000234", false);
Deleted : user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 353);
Deleted : user_pref("CT2613550.ct2613550.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Sun Apr 22 2012 15:53:56 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.Locale", "de-de");
Deleted : user_pref("CT2613550.ct2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Deleted : user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Sun Apr 22 2012 15:53:56 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Sun Apr 22 2012 15:53:56 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1334650619");
Deleted : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2613550.ct2613550.toolbarAppMetaDataLastCheckTime", "Sun Apr 22 2012 15:53:56 GMT+0200"[...]
Deleted : user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2613550.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2613550.initDone", true);
Deleted : user_pref("CT2613550.myStuffEnabled", true);
Deleted : user_pref("CT2613550.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2613550.revertSettingsEnabled", true);
Deleted : user_pref("CT2613550.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2613550.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2613550.testingCtid", "");
Deleted : user_pref("CT2613550.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2613550.usagesFlag", 2);
Deleted : user_pref("CT2736476..clientLogIsEnabled", false);
Deleted : user_pref("CT2736476..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2736476..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2736476.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2736476.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2736476.CTID", "CT2736476");
Deleted : user_pref("CT2736476.CurrentServerDate", "21-4-2012");
Deleted : user_pref("CT2736476.DSInstall", true);
Deleted : user_pref("CT2736476.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2736476.DialogsGetterLastCheckTime", "Sat Apr 21 2012 14:36:54 GMT+0200");
Deleted : user_pref("CT2736476.DownloadReferralCookieData", "");
Deleted : user_pref("CT2736476.FeedLastCount129257621460541612", 20);
Deleted : user_pref("CT2736476.FeedLastCount129257621968979554", 20);
Deleted : user_pref("CT2736476.FeedLastCount129258323135539557", 20);
Deleted : user_pref("CT2736476.FeedPollDate129257621460541612", "Sat Apr 21 2012 14:36:56 GMT+0200");
Deleted : user_pref("CT2736476.FeedPollDate129257621968979554", "Sat Apr 21 2012 14:36:56 GMT+0200");
Deleted : user_pref("CT2736476.FeedPollDate129258323135539557", "Sat Apr 21 2012 14:36:56 GMT+0200");
Deleted : user_pref("CT2736476.FirstServerDate", "29-2-2012");
Deleted : user_pref("CT2736476.FirstTime", true);
Deleted : user_pref("CT2736476.FirstTimeFF3", true);
Deleted : user_pref("CT2736476.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2736476.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2736476.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2736476.HPInstall", true);
Deleted : user_pref("CT2736476.HasUserGlobalKeys", true);
Deleted : user_pref("CT2736476.HomePageProtectorEnabled", true);
Deleted : user_pref("CT2736476.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=[...]
Deleted : user_pref("CT2736476.Initialize", true);
Deleted : user_pref("CT2736476.InitializeCommonPrefs", true);
Deleted : user_pref("CT2736476.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2736476.InstallationId", "ConduitNSISIntegration");
Deleted : user_pref("CT2736476.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT2736476.InstalledDate", "Wed Feb 29 2012 14:08:26 GMT+0100");
Deleted : user_pref("CT2736476.InvalidateCache", false);
Deleted : user_pref("CT2736476.IsGrouping", false);
Deleted : user_pref("CT2736476.IsInitSetupIni", true);
Deleted : user_pref("CT2736476.IsMulticommunity", false);
Deleted : user_pref("CT2736476.IsOpenThankYouPage", false);
Deleted : user_pref("CT2736476.IsOpenUninstallPage", true);
Deleted : user_pref("CT2736476.IsProtectorsInit", true);
Deleted : user_pref("CT2736476.LanguagePackLastCheckTime", "Sat Apr 21 2012 14:36:54 GMT+0200");
Deleted : user_pref("CT2736476.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2736476.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2736476.LastLogin_3.10.0.1", "Sat Apr 21 2012 14:36:54 GMT+0200");
Deleted : user_pref("CT2736476.LatestVersion", "3.12.0.7");
Deleted : user_pref("CT2736476.Locale", "de");
Deleted : user_pref("CT2736476.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2736476.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2736476.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2736476.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2736476.OriginalFirstVersion", "3.10.0.1");
Deleted : user_pref("CT2736476.RadioIsPodcast", false);
Deleted : user_pref("CT2736476.RadioLastCheckTime", "Sat Apr 21 2012 14:36:56 GMT+0200");
Deleted : user_pref("CT2736476.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2736476.RadioLastUpdateServer", "129570411865130000");
Deleted : user_pref("CT2736476.RadioMediaID", "21930450");
Deleted : user_pref("CT2736476.RadioMediaType", "Media Player");
Deleted : user_pref("CT2736476.RadioMenuSelectedID", "EBRadioMenu_CT273647621930450");
Deleted : user_pref("CT2736476.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2736476.RadioStationName", "California%20Rock%20-%20Rock");
Deleted : user_pref("CT2736476.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Deleted : user_pref("CT2736476.SavedHomepage", "hxxp://www.shortnews.de/");
Deleted : user_pref("CT2736476.SearchCaption", "Freeware.de Customized Web Search");
Deleted : user_pref("CT2736476.SearchEngineBeforeUnload", "Freeware.de Customized Web Search");
Deleted : user_pref("CT2736476.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2736476.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT273[...]
Deleted : user_pref("CT2736476.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2736476.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2736476.SearchInNewTabLastCheckTime", "Sat Apr 21 2012 14:36:53 GMT+0200");
Deleted : user_pref("CT2736476.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2736476.SearchProtectorEnabled", true);
Deleted : user_pref("CT2736476.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2736476.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2736476.ServiceMapLastCheckTime", "Sat Apr 21 2012 14:36:53 GMT+0200");
Deleted : user_pref("CT2736476.SettingsLastCheckTime", "Sat Apr 21 2012 14:36:53 GMT+0200");
Deleted : user_pref("CT2736476.SettingsLastUpdate", "1334746574");
Deleted : user_pref("CT2736476.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=13");
Deleted : user_pref("CT2736476.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2736476.ThirdPartyComponentsLastCheck", "Sat Apr 21 2012 14:36:53 GMT+0200");
Deleted : user_pref("CT2736476.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2736476.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2736476.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2736476");
Deleted : user_pref("CT2736476.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2736476.Uninstall", true);
Deleted : user_pref("CT2736476.UserID", "UN62097962760378375");
Deleted : user_pref("CT2736476.alertChannelId", "1128724");
Deleted : user_pref("CT2736476.autoDisableScopes", -1);
Deleted : user_pref("CT2736476.backendstorage.2736476a129652188678262596000000paramsgk1", "7B22757064617465526[...]
Deleted : user_pref("CT2736476.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2736476.globalFirstTimeInfoLastCheckTime", "Sat Apr 21 2012 14:36:54 GMT+0200");
Deleted : user_pref("CT2736476.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2736476.initDone", true);
Deleted : user_pref("CT2736476.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2736476.isFirstRadioInstallation", false);
Deleted : user_pref("CT2736476.myStuffEnabled", true);
Deleted : user_pref("CT2736476.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2736476.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2736476.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2736476.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2736476.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2736476.oldAppsList", "129257551953509225,129257551953665476,111,129257617514448028,129[...]
Deleted : user_pref("CT2736476.revertSettingsEnabled", true);
Deleted : user_pref("CT2736476.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2736476.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2736476.testingCtid", "");
Deleted : user_pref("CT2736476.toolbarAppMetaDataLastCheckTime", "Sat Apr 21 2012 14:36:54 GMT+0200");
Deleted : user_pref("CT2736476.toolbarContextMenuLastCheckTime", "Sat Apr 21 2012 14:36:54 GMT+0200");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2613550/CT2613550[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1128724/1124413/DE", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2736476", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2736476",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/6340849712463612[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"b5f[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Ich Selbst\\AppData\\Roaming\\Mozil[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2613550,CT2736476");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550,CT2736476");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2736476");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Oct 05 2010 16:42:34 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "4923c7de-7ef2-496b-a83b-0832e080e693");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2736476");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Feb 29 2012 14:08:2[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Feb 29 2012 14:08:36 GMT+010[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Feb 29 2012 14:08:26 GMT+0100");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "4519897a-4a73-4c2a-a291-2278bc00a606");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.shortnews.de/");

*************************

AdwCleaner[R1].txt - [24376 octets] - [24/07/2012 14:44:58]
AdwCleaner[S1].txt - [24373 octets] - [25/07/2012 06:37:27]

########## EOF - C:\AdwCleaner[S1].txt - [24502 octets] ##########

Und das Log vom Emsisoft:

Code:

ATTFilter

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 25.07.2012 06:47:33

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\, F:\, G:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	25.07.2012 13:23:57

C:\Users\Ich Selbst\Desktop\VideotoGIF.exe 	gefunden: Riskware.Win32.Keylogger!E1
C:\Users\Ich Selbst\AppData\Local\Mozilla\Firefox\Profiles\ad9lm4uu.default\Cache\2\A4\A66D9d01 	gefunden: Attached PE/Script!E2
E:\Eigene Dateien\mirc616.exe 	gefunden: Riskware.Client-IRC.Win32.mIRC!E2
E:\Eigene Dateien\mirc621.exe -> $INSTDIR\mirc.exe 	gefunden: not-a-virus:Client-IRC.Win32.mIRC!E2
E:\Eigene Dateien\mirc631.exe -> $TEMP\mirc631.exe -> $INSTDIR\mirc.exe 	gefunden: not-a-virus:Client-IRC.Win32.mIRC!E2
E:\Eigene Dateien\mirc631.exe -> $TEMP\mirc631.exe 	gefunden: not-a-virus:Client-IRC.Win32.mIRC!E2
E:\Eigene Dateien\News.File.Grabber.4.6.0.1.keygen-SND\News File Grabber 4.6.0.1.Keygen.exe 	gefunden: Trojan.Crypt!E2

Gescannt	666201
Gefunden	7

Scan Ende:	25.07.2012 14:32:31
Scan Zeit:	1:08:34

E:\Eigene Dateien\News.File.Grabber.4.6.0.1.keygen-SND\News File Grabber 4.6.0.1.Keygen.exe	Quarantäne Trojan.Crypt!E2
E:\Eigene Dateien\mirc621.exe -> $INSTDIR\mirc.exe	Quarantäne not-a-virus:Client-IRC.Win32.mIRC!E2
E:\Eigene Dateien\mirc631.exe -> $TEMP\mirc631.exe -> $INSTDIR\mirc.exe	Quarantäne not-a-virus:Client-IRC.Win32.mIRC!E2
E:\Eigene Dateien\mirc616.exe	Quarantäne Riskware.Client-IRC.Win32.mIRC!E2
C:\Users\Ich Selbst\AppData\Local\Mozilla\Firefox\Profiles\ad9lm4uu.default\Cache\2\A4\A66D9d01	Quarantäne Attached PE/Script!E2
C:\Users\Ich Selbst\Desktop\VideotoGIF.exe	Quarantäne Riskware.Win32.Keylogger!E1

Quarantäne	6

Während des Scans mit Emsisoft bekam ich noch folgende Meldung (wohl ein Fehlalarm) :

Ich finde es schon komisch, das nach zig Scans mit verschiedenen Antivirus und Anti-Malware Programmen jetzt immer noch befallene Dateien auf dem Rechner sind. Das spricht nicht gerade für die Qualität der verwendeten Programme.

GVU Trojaner Win7 64bit

Log-Analyse und Auswertung: GVU Trojaner Win7 64bit

GVU Trojaner Win7 64bit

GVU Trojaner Win7 64bit

Ähnliche Themen: GVU Trojaner Win7 64bit