Startseite http://www.searchnu.com/410 Windows 7

maxcomaro

wow, 153 MB für eine Anti-Malware?

OK, hier kommt erst mal die Log-Datei von AdwCleaner:



# AdwCleaner v1.801 - Logfile created 08/21/2012 at 17:46:40
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Marc - BETREUUNGEN
# Boot Mode : Normal
# Running from : C:\Users\Marc\Documents\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Marc\AppData\Local\Conduit
Folder Deleted : C:\Users\Marc\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Marc\AppData\LocalLow\Winload
Folder Deleted : C:\Users\Marc\AppData\Roaming\loadtbs
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Winload
Folder Deleted : C:\ProgramData\Partner
File Deleted : C:\Users\Marc\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Users\Marc\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\Users\Marc\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
File Deleted : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\r6zndpr1.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Key Deleted : HKLM\SOFTWARE\Winload
[x64] Key Deleted : HKLM\SOFTWARE\DataMngr

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77F2D8EE-4F9C-48AD-B957-468018583131}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4F275C1D-407A-41DF-941E-230C9DAE17F0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D494D9D-1436-41D8-AC95-35AA4F4AEFAF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/410 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Secondary Start Pages] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
hxxp://www.aldi.com --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\r6zndpr1.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "Search Results");
Deleted : user_pref("browser.search.order.1", "Search Results");
Deleted : user_pref("browser.search.selectedEngine", "Search Results");
Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");

-\\ Google Chrome v21.0.1180.79

File : C:\Users\Marc\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "path": "C:\\Program Files (x86)\\Windows Searchqu Toolbar\\Datamngr\\ChromeExtension",

*************************

AdwCleaner[R1].txt - [6943 octets] - [20/08/2012 23:36:20]
AdwCleaner[S1].txt - [5792 octets] - [21/08/2012 17:46:40]

########## EOF - C:\AdwCleaner[S1].txt - [5920 octets] ##########

Nach der Installation von Emisoft Anti-Malware bekomme ich die Meldung, dass die kostenlose Testphase auf dem PC bereits genutzt wurde und ich einen gültigen Lizenzkey eingeben soll. Ich kann mich nicht erinnern, diese Software bereits genutzt zu haben (habe den Rechner erst seit einigen Monaten). Was nun?

Ah, gerade entdeckt: "Freeware-Modus". Logfile folgt...