GVU Trojaner Win7 64bit

gutschge · 25.07.2012, 13:48

Hallo, hier nun der Log von AdwCleaner:

Code:

ATTFilter

# AdwCleaner v1.703 - Logfile created 07/25/2012 at 06:37:27
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ich Selbst - ICHSELBST-PC
# Running from : C:\Users\Ich Selbst\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Ich Selbst\AppData\Local\Conduit
Folder Deleted : C:\Users\Ich Selbst\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ich Selbst\AppData\LocalLow\Freeware.de
Folder Deleted : C:\Users\Ich Selbst\AppData\Roaming\Mozilla\Firefox\Profiles\ad9lm4uu.default\Conduit
Folder Deleted : C:\Users\Ich Selbst\AppData\Roaming\Mozilla\Firefox\Profiles\ad9lm4uu.default\ConduitCommon
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Freeware.de
File Deleted : C:\Users\Ich Selbst\AppData\Roaming\Mozilla\Firefox\Profiles\ad9lm4uu.default\searchplugins\Conduit.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Freeware.de
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freeware.de Toolbar

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E111A5C-3D11-4F56-9463-5310C3C69025}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Ich Selbst\AppData\Roaming\Mozilla\Firefox\Profiles\ad9lm4uu.default\prefs.js

Deleted : user_pref("CT2613550..clientLogIsEnabled", false);
Deleted : user_pref("CT2613550..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2613550..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2613550.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2613550.CTID", "ct2613550");
Deleted : user_pref("CT2613550.CurrentServerDate", "22-4-2012");
Deleted : user_pref("CT2613550.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2613550.DialogsGetterLastCheckTime", "Sat Apr 21 2012 13:12:10 GMT+0200");
Deleted : user_pref("CT2613550.DownloadReferralCookieData", "");
Deleted : user_pref("CT2613550.EMailNotifierPollDate", "Tue Oct 05 2010 17:01:14 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602533", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602539", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602545", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602551", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602557", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602563", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602569", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602575", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602581", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602587", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602593", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602599", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602605", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602611", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602617", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602623", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedPollDate129254982599602629", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.FeedTTL129254982599602545", 5);
Deleted : user_pref("CT2613550.FeedTTL129254982599602551", 5);
Deleted : user_pref("CT2613550.FeedTTL129254982599602575", 2);
Deleted : user_pref("CT2613550.FeedTTL129254982599602605", 5);
Deleted : user_pref("CT2613550.FeedTTL129254982599602617", 30);
Deleted : user_pref("CT2613550.FirstServerDate", "5-10-2010");
Deleted : user_pref("CT2613550.FirstTime", true);
Deleted : user_pref("CT2613550.FirstTimeFF3", true);
Deleted : user_pref("CT2613550.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2613550.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2613550.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2613550.HasUserGlobalKeys", true);
Deleted : user_pref("CT2613550.Initialize", true);
Deleted : user_pref("CT2613550.InitializeCommonPrefs", true);
Deleted : user_pref("CT2613550.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2613550.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2613550.InstalledDate", "Tue Oct 05 2010 16:42:33 GMT+0200");
Deleted : user_pref("CT2613550.IsGrouping", false);
Deleted : user_pref("CT2613550.IsMulticommunity", false);
Deleted : user_pref("CT2613550.IsOpenThankYouPage", false);
Deleted : user_pref("CT2613550.IsOpenUninstallPage", true);
Deleted : user_pref("CT2613550.LanguagePackLastCheckTime", "Tue Oct 05 2010 16:42:33 GMT+0200");
Deleted : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2613550.LastLogin_2.7.1.3", "Tue Oct 05 2010 16:42:49 GMT+0200");
Deleted : user_pref("CT2613550.LastLogin_3.12.0.7", "Sun Apr 22 2012 15:53:57 GMT+0200");
Deleted : user_pref("CT2613550.LatestVersion", "3.12.0.7");
Deleted : user_pref("CT2613550.Locale", "de-de");
Deleted : user_pref("CT2613550.LoginCache", 4);
Deleted : user_pref("CT2613550.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2613550.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2613550.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2613550.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2613550.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT261[...]
Deleted : user_pref("CT2613550.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2613550.ServiceMapLastCheckTime", "Sun Apr 22 2012 18:19:44 GMT+0200");
Deleted : user_pref("CT2613550.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2613550.SettingsLastCheckTime", "Tue Oct 05 2010 16:36:51 GMT+0200");
Deleted : user_pref("CT2613550.SettingsLastUpdate", "1285580322");
Deleted : user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Tue Oct 05 2010 16:36:51 GMT+0200");
Deleted : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2613550");
Deleted : user_pref("CT2613550.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2613550.Uninstall", true);
Deleted : user_pref("CT2613550.UserID", "UN17349322164049985");
Deleted : user_pref("CT2613550.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2613550.alertChannelId", "1006347");
Deleted : user_pref("CT2613550.clientLogIsEnabled", false);
Deleted : user_pref("CT2613550.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2613550.components.1000082", false);
Deleted : user_pref("CT2613550.components.1000234", false);
Deleted : user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 353);
Deleted : user_pref("CT2613550.ct2613550.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Sun Apr 22 2012 15:53:56 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.Locale", "de-de");
Deleted : user_pref("CT2613550.ct2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Deleted : user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Sun Apr 22 2012 15:53:56 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Sun Apr 22 2012 15:53:56 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1334650619");
Deleted : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Tue Oct 05 2010 16:42:48 GMT+0200");
Deleted : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2613550.ct2613550.toolbarAppMetaDataLastCheckTime", "Sun Apr 22 2012 15:53:56 GMT+0200"[...]
Deleted : user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2613550.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2613550.initDone", true);
Deleted : user_pref("CT2613550.myStuffEnabled", true);
Deleted : user_pref("CT2613550.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2613550.revertSettingsEnabled", true);
Deleted : user_pref("CT2613550.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2613550.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2613550.testingCtid", "");
Deleted : user_pref("CT2613550.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2613550.usagesFlag", 2);
Deleted : user_pref("CT2736476..clientLogIsEnabled", false);
Deleted : user_pref("CT2736476..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2736476..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2736476.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2736476.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2736476.CTID", "CT2736476");
Deleted : user_pref("CT2736476.CurrentServerDate", "21-4-2012");
Deleted : user_pref("CT2736476.DSInstall", true);
Deleted : user_pref("CT2736476.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2736476.DialogsGetterLastCheckTime", "Sat Apr 21 2012 14:36:54 GMT+0200");
Deleted : user_pref("CT2736476.DownloadReferralCookieData", "");
Deleted : user_pref("CT2736476.FeedLastCount129257621460541612", 20);
Deleted : user_pref("CT2736476.FeedLastCount129257621968979554", 20);
Deleted : user_pref("CT2736476.FeedLastCount129258323135539557", 20);
Deleted : user_pref("CT2736476.FeedPollDate129257621460541612", "Sat Apr 21 2012 14:36:56 GMT+0200");
Deleted : user_pref("CT2736476.FeedPollDate129257621968979554", "Sat Apr 21 2012 14:36:56 GMT+0200");
Deleted : user_pref("CT2736476.FeedPollDate129258323135539557", "Sat Apr 21 2012 14:36:56 GMT+0200");
Deleted : user_pref("CT2736476.FirstServerDate", "29-2-2012");
Deleted : user_pref("CT2736476.FirstTime", true);
Deleted : user_pref("CT2736476.FirstTimeFF3", true);
Deleted : user_pref("CT2736476.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2736476.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2736476.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2736476.HPInstall", true);
Deleted : user_pref("CT2736476.HasUserGlobalKeys", true);
Deleted : user_pref("CT2736476.HomePageProtectorEnabled", true);
Deleted : user_pref("CT2736476.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=[...]
Deleted : user_pref("CT2736476.Initialize", true);
Deleted : user_pref("CT2736476.InitializeCommonPrefs", true);
Deleted : user_pref("CT2736476.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2736476.InstallationId", "ConduitNSISIntegration");
Deleted : user_pref("CT2736476.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT2736476.InstalledDate", "Wed Feb 29 2012 14:08:26 GMT+0100");
Deleted : user_pref("CT2736476.InvalidateCache", false);
Deleted : user_pref("CT2736476.IsGrouping", false);
Deleted : user_pref("CT2736476.IsInitSetupIni", true);
Deleted : user_pref("CT2736476.IsMulticommunity", false);
Deleted : user_pref("CT2736476.IsOpenThankYouPage", false);
Deleted : user_pref("CT2736476.IsOpenUninstallPage", true);
Deleted : user_pref("CT2736476.IsProtectorsInit", true);
Deleted : user_pref("CT2736476.LanguagePackLastCheckTime", "Sat Apr 21 2012 14:36:54 GMT+0200");
Deleted : user_pref("CT2736476.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2736476.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2736476.LastLogin_3.10.0.1", "Sat Apr 21 2012 14:36:54 GMT+0200");
Deleted : user_pref("CT2736476.LatestVersion", "3.12.0.7");
Deleted : user_pref("CT2736476.Locale", "de");
Deleted : user_pref("CT2736476.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2736476.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2736476.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2736476.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2736476.OriginalFirstVersion", "3.10.0.1");
Deleted : user_pref("CT2736476.RadioIsPodcast", false);
Deleted : user_pref("CT2736476.RadioLastCheckTime", "Sat Apr 21 2012 14:36:56 GMT+0200");
Deleted : user_pref("CT2736476.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2736476.RadioLastUpdateServer", "129570411865130000");
Deleted : user_pref("CT2736476.RadioMediaID", "21930450");
Deleted : user_pref("CT2736476.RadioMediaType", "Media Player");
Deleted : user_pref("CT2736476.RadioMenuSelectedID", "EBRadioMenu_CT273647621930450");
Deleted : user_pref("CT2736476.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2736476.RadioStationName", "California%20Rock%20-%20Rock");
Deleted : user_pref("CT2736476.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Deleted : user_pref("CT2736476.SavedHomepage", "hxxp://www.shortnews.de/");
Deleted : user_pref("CT2736476.SearchCaption", "Freeware.de Customized Web Search");
Deleted : user_pref("CT2736476.SearchEngineBeforeUnload", "Freeware.de Customized Web Search");
Deleted : user_pref("CT2736476.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2736476.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT273[...]
Deleted : user_pref("CT2736476.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2736476.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2736476.SearchInNewTabLastCheckTime", "Sat Apr 21 2012 14:36:53 GMT+0200");
Deleted : user_pref("CT2736476.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2736476.SearchProtectorEnabled", true);
Deleted : user_pref("CT2736476.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2736476.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2736476.ServiceMapLastCheckTime", "Sat Apr 21 2012 14:36:53 GMT+0200");
Deleted : user_pref("CT2736476.SettingsLastCheckTime", "Sat Apr 21 2012 14:36:53 GMT+0200");
Deleted : user_pref("CT2736476.SettingsLastUpdate", "1334746574");
Deleted : user_pref("CT2736476.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=13");
Deleted : user_pref("CT2736476.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2736476.ThirdPartyComponentsLastCheck", "Sat Apr 21 2012 14:36:53 GMT+0200");
Deleted : user_pref("CT2736476.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2736476.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2736476.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2736476");
Deleted : user_pref("CT2736476.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2736476.Uninstall", true);
Deleted : user_pref("CT2736476.UserID", "UN62097962760378375");
Deleted : user_pref("CT2736476.alertChannelId", "1128724");
Deleted : user_pref("CT2736476.autoDisableScopes", -1);
Deleted : user_pref("CT2736476.backendstorage.2736476a129652188678262596000000paramsgk1", "7B22757064617465526[...]
Deleted : user_pref("CT2736476.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2736476.globalFirstTimeInfoLastCheckTime", "Sat Apr 21 2012 14:36:54 GMT+0200");
Deleted : user_pref("CT2736476.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2736476.initDone", true);
Deleted : user_pref("CT2736476.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2736476.isFirstRadioInstallation", false);
Deleted : user_pref("CT2736476.myStuffEnabled", true);
Deleted : user_pref("CT2736476.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2736476.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2736476.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2736476.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2736476.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2736476.oldAppsList", "129257551953509225,129257551953665476,111,129257617514448028,129[...]
Deleted : user_pref("CT2736476.revertSettingsEnabled", true);
Deleted : user_pref("CT2736476.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2736476.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2736476.testingCtid", "");
Deleted : user_pref("CT2736476.toolbarAppMetaDataLastCheckTime", "Sat Apr 21 2012 14:36:54 GMT+0200");
Deleted : user_pref("CT2736476.toolbarContextMenuLastCheckTime", "Sat Apr 21 2012 14:36:54 GMT+0200");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2613550/CT2613550[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1128724/1124413/DE", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2736476", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2736476",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/6340849712463612[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"b5f[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Ich Selbst\\AppData\\Roaming\\Mozil[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2613550,CT2736476");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550,CT2736476");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2736476");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Oct 05 2010 16:42:34 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "4923c7de-7ef2-496b-a83b-0832e080e693");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2736476");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Feb 29 2012 14:08:2[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Feb 29 2012 14:08:36 GMT+010[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Feb 29 2012 14:08:26 GMT+0100");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "4519897a-4a73-4c2a-a291-2278bc00a606");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.shortnews.de/");

*************************

AdwCleaner[R1].txt - [24376 octets] - [24/07/2012 14:44:58]
AdwCleaner[S1].txt - [24373 octets] - [25/07/2012 06:37:27]

########## EOF - C:\AdwCleaner[S1].txt - [24502 octets] ##########

Und das Log vom Emsisoft:

Code:

ATTFilter

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 25.07.2012 06:47:33

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\, F:\, G:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	25.07.2012 13:23:57

C:\Users\Ich Selbst\Desktop\VideotoGIF.exe 	gefunden: Riskware.Win32.Keylogger!E1
C:\Users\Ich Selbst\AppData\Local\Mozilla\Firefox\Profiles\ad9lm4uu.default\Cache\2\A4\A66D9d01 	gefunden: Attached PE/Script!E2
E:\Eigene Dateien\mirc616.exe 	gefunden: Riskware.Client-IRC.Win32.mIRC!E2
E:\Eigene Dateien\mirc621.exe -> $INSTDIR\mirc.exe 	gefunden: not-a-virus:Client-IRC.Win32.mIRC!E2
E:\Eigene Dateien\mirc631.exe -> $TEMP\mirc631.exe -> $INSTDIR\mirc.exe 	gefunden: not-a-virus:Client-IRC.Win32.mIRC!E2
E:\Eigene Dateien\mirc631.exe -> $TEMP\mirc631.exe 	gefunden: not-a-virus:Client-IRC.Win32.mIRC!E2
E:\Eigene Dateien\News.File.Grabber.4.6.0.1.keygen-SND\News File Grabber 4.6.0.1.Keygen.exe 	gefunden: Trojan.Crypt!E2

Gescannt	666201
Gefunden	7

Scan Ende:	25.07.2012 14:32:31
Scan Zeit:	1:08:34

E:\Eigene Dateien\News.File.Grabber.4.6.0.1.keygen-SND\News File Grabber 4.6.0.1.Keygen.exe	Quarantäne Trojan.Crypt!E2
E:\Eigene Dateien\mirc621.exe -> $INSTDIR\mirc.exe	Quarantäne not-a-virus:Client-IRC.Win32.mIRC!E2
E:\Eigene Dateien\mirc631.exe -> $TEMP\mirc631.exe -> $INSTDIR\mirc.exe	Quarantäne not-a-virus:Client-IRC.Win32.mIRC!E2
E:\Eigene Dateien\mirc616.exe	Quarantäne Riskware.Client-IRC.Win32.mIRC!E2
C:\Users\Ich Selbst\AppData\Local\Mozilla\Firefox\Profiles\ad9lm4uu.default\Cache\2\A4\A66D9d01	Quarantäne Attached PE/Script!E2
C:\Users\Ich Selbst\Desktop\VideotoGIF.exe	Quarantäne Riskware.Win32.Keylogger!E1

Quarantäne	6

Während des Scans mit Emsisoft bekam ich noch folgende Meldung (wohl ein Fehlalarm) :

Ich finde es schon komisch, das nach zig Scans mit verschiedenen Antivirus und Anti-Malware Programmen jetzt immer noch befallene Dateien auf dem Rechner sind. Das spricht nicht gerade für die Qualität der verwendeten Programme.

GVU Trojaner Win7 64bit

Log-Analyse und Auswertung: GVU Trojaner Win7 64bit

GVU Trojaner Win7 64bit

Ähnliche Themen: GVU Trojaner Win7 64bit