Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU Trojaner 2.07 komplett entfernen? Win 7 64bit

GVU Trojaner 2.07 komplett entfernen? Win 7 64bit


Log-Analyse und Auswertung: GVU Trojaner 2.07 komplett entfernen? Win 7 64bit

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 16.07.2012, 18:15   #1
2ndSkin
 
GVU Trojaner 2.07 komplett entfernen? Win 7 64bit - Standard

GVU Trojaner 2.07 komplett entfernen? Win 7 64bit


Hallo,

ich würde mich sehr über eine Hilfe zum o.g. Problem freuen.

Leider hat mir avast Internet Security 7 (Vollversion) den Trojaner zwar angezeigt, aber nicht verhindert, dass er meinen Bildschirm sperren konnte. Ich habe dann mit Malwarebytes eine Löschung vorgenommen.

Log dazu:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.16.08

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Lib :: LIB-PC [Administrator]

16.07.2012 18:04:29
mbam-log-2012-07-16 (18-04-29).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 251409
Laufzeit: 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Lib\AppData\Local\Temp\fest0r_ot.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Danach noch mal einen vollen Scan:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.16.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lib :: LIB-PC [Administrator]

16.07.2012 18:33:31
mbam-log-2012-07-16 (18-33-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 544289
Laufzeit: 35 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL kann ich leider nicht starten, da ich den Fehler erhalte, es sei keine zulässige 32bit Anwendung.

Wie muss ich jetzt weiter vorgehen?

Danke schon mal im Voraus.

Alt 16.07.2012, 19:10   #2
t'john
/// Helfer-Team
 
GVU Trojaner 2.07 komplett entfernen? Win 7 64bit - Standard

GVU Trojaner 2.07 komplett entfernen? Win 7 64bit




Lade OTL von hier:
OTL Download - OTL 3.2.53.1 und erstelle das Log wie hier OTL.exe beschrieben.
__________________

__________________
Alt 16.07.2012, 19:36   #3
2ndSkin
 
GVU Trojaner 2.07 komplett entfernen? Win 7 64bit - Standard

GVU Trojaner 2.07 komplett entfernen? Win 7 64bit


So. Im Anhang die Logs (hoffentlich alles richtig gemacht). Was muss ich jetzt weiter unternehmen?
__________________
Alt 16.07.2012, 19:55   #4
t'john
/// Helfer-Team
 
GVU Trojaner 2.07 komplett entfernen? Win 7 64bit - Standard

GVU Trojaner 2.07 komplett entfernen? Win 7 64bit


Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} 
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=PCAFSI1190 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.defaultenginename: "foxsearch" 
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.order.1: "foxsearch" 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=244506" 
FF - prefs.js..browser.search.selectedEngine: "foxsearch" 
FF - prefs.js..browser.search.suggest.enabled: false 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "about:home" 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 
FF - prefs.js..extensions.enabledItems: widgetruntime@surfsecret.com:1.0 
FF - prefs.js..extensions.enabledItems: activities@kaply.com:0.7.7 
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.6 
FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:1.2 
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66 
FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.7 
FF - prefs.js..extensions.enabledItems: kosa@kallout.com:2.0.1.1 
FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.3 
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.2.44026 
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.8 
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1 
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4 
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7 
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 
FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:1.0 
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49 
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2 
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101 
FF - prefs.js..extensions.enabledItems: rein@notiz.jp:3.6.1 
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81b1}:2.2 
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91 
FF - prefs.js..extensions.enabledItems: {239c61a8-e55f-11db-8314-0800200c9a66}:2.1.4 
FF - prefs.js..extensions.enabledItems: {35f30c76-35d4-56d9-8dbc-000a6e787ef4}:1.2.2 
FF - prefs.js..extensions.enabledItems: {3713a489-0634-4472-8456-dc7abd7eba00}:1.3.1 
FF - prefs.js..extensions.enabledItems: {5c876f30-10ce-11dd-bd0b-0800200c9a66}:3.6.7 
FF - prefs.js..extensions.enabledItems: {6e00410e-1176-11dc-8314-0800200c9a66}:1.6.2 
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.6.7 
FF - prefs.js..extensions.enabledItems: {9998A493-980E-4716-81BC-F0C77001E9B7}:3.13 
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.6.3 
FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" 
FF - prefs.js..network.proxy.http: "212.233.184.189" 
FF - prefs.js..network.proxy.http_port: 3128 
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" 
FF - prefs.js..network.proxy.share_proxy_settings: true 
FF - prefs.js..network.proxy.type: 0 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll 
O4 - HKCU..\Run: [KiesHelper] F:\Kies\KiesHelper.exe /s File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O27:64bit: - HKLM IFEO\hirezgamesdiagandsupport.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\hirezlauncherui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\kies.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\nvstlink.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\nvstview.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\pccompanion.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\setup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\hirezgamesdiagandsupport.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\hirezlauncherui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\kies.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\nvstlink.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\nvstview.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\pccompanion.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{48d1e49d-5989-11e1-911d-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{48d1e49d-5989-11e1-911d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\assetup.exe 

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0FF263E8 

[2012.07.16 18:02:21 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad 
[2012.07.16 17:23:09 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.07.2012, 20:14   #5
2ndSkin
 
GVU Trojaner 2.07 komplett entfernen? Win 7 64bit - Standard

GVU Trojaner 2.07 komplett entfernen? Win 7 64bit


Falscher Vorgang (edit)

Geändert von 2ndSkin (16.07.2012 um 20:52 Uhr)

Alt 16.07.2012, 20:19   #6
t'john
/// Helfer-Team
 
GVU Trojaner 2.07 komplett entfernen? Win 7 64bit - Standard

GVU Trojaner 2.07 komplett entfernen? Win 7 64bit


FALSCH!

du hast das MBAM LOG stat des FIX eigegeben!

NOCHMAL: http://www.trojaner-board.de/119655-...tml#post866767
__________________
--> GVU Trojaner 2.07 komplett entfernen? Win 7 64bit

Alt 16.07.2012, 20:50   #7
2ndSkin
 
GVU Trojaner 2.07 komplett entfernen? Win 7 64bit - Standard

GVU Trojaner 2.07 komplett entfernen? Win 7 64bit


Jetzt startet der Rechner nicht mehr richtig. Das Log wurde noch angezeigt, der Bildschirm bleibt schwarz, aber die Kontrolllampe suggeriert Aktivität....

Alt 16.07.2012, 21:03   #8
t'john
/// Helfer-Team
 
GVU Trojaner 2.07 komplett entfernen? Win 7 64bit - Standard

GVU Trojaner 2.07 komplett entfernen? Win 7 64bit


Hast du nun den Fix ausgefuehrt?

Dort muesste das Logfile sein: C:\_OTL\MovedFiles\

Ggf. im abgesichertem Modus starten.

Dein Browser wurde ueber Rumaenien geleitet
Zitat:
prefs.js..network.proxy.http: "212.233.184.189"
war das absichtlich so eingestellt?
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.07.2012, 21:06   #9
2ndSkin
 
GVU Trojaner 2.07 komplett entfernen? Win 7 64bit - Standard

GVU Trojaner 2.07 komplett entfernen? Win 7 64bit


Ja, also gefixed hat er wohl. Wie gesagt, es wurde ein Bericht angezeigt (für ca. 10 Sek.). Ich mache mal ein Hardreset und boote neu.

Mit Rumänien habe ich allerdings nix am Hut und auch keine Ahnung warum das so ist...

Alt 16.07.2012, 21:08   #10
t'john
/// Helfer-Team
 
GVU Trojaner 2.07 komplett entfernen? Win 7 64bit - Standard

GVU Trojaner 2.07 komplett entfernen? Win 7 64bit


Gut,

versuch das Logfile zu finden


danach:

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.07.2012, 21:12   #11
2ndSkin
 
GVU Trojaner 2.07 komplett entfernen? Win 7 64bit - Standard

GVU Trojaner 2.07 komplett entfernen? Win 7 64bit


Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "foxsearch" removed from browser.search.defaultenginename
Prefs.js: "MyAshampoo Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "foxsearch" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&type=244506" removed from browser.search.param.yahoo-fr
Prefs.js: "foxsearch" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "about:home" removed from browser.startup.homepage
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: widgetruntime@surfsecret.com:1.0 removed from extensions.enabledItems
Prefs.js: activities@kaply.com:0.7.7 removed from extensions.enabledItems
Prefs.js: autopager@mozilla.org:0.6.2.6 removed from extensions.enabledItems
Prefs.js: bettergmail2@ginatrapani.org:1.2 removed from extensions.enabledItems
Prefs.js: de-DE@dictionaries.addons.mozilla.org:2.0.2 removed from extensions.enabledItems
Prefs.js: DeviceDetection@logitech.com:1.20.0.66 removed from extensions.enabledItems
Prefs.js: extension@virtusdesigns.com:3.6.7 removed from extensions.enabledItems
Prefs.js: kosa@kallout.com:2.0.1.1 removed from extensions.enabledItems
Prefs.js: max@subfighter.com:1.0.3 removed from extensions.enabledItems
Prefs.js: personas@christopher.beard:1.6.2 removed from extensions.enabledItems
Prefs.js: piclens@cooliris.com:1.12.2.44026 removed from extensions.enabledItems
Prefs.js: smarterwiki@wikiatic.com:4.1.8 removed from extensions.enabledItems
Prefs.js: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1 removed from extensions.enabledItems
Prefs.js: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4 removed from extensions.enabledItems
Prefs.js: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7 removed from extensions.enabledItems
Prefs.js: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 removed from extensions.enabledItems
Prefs.js: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908 removed from extensions.enabledItems
Prefs.js: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 removed from extensions.enabledItems
Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 removed from extensions.enabledItems
Prefs.js: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:1.0 removed from extensions.enabledItems
Prefs.js: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 removed from extensions.enabledItems
Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 removed from extensions.enabledItems
Prefs.js: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49 removed from extensions.enabledItems
Prefs.js: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 removed from extensions.enabledItems
Prefs.js: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 removed from extensions.enabledItems
Prefs.js: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2 removed from extensions.enabledItems
Prefs.js: wrc@avast.com:20110101 removed from extensions.enabledItems
Prefs.js: rein@notiz.jp:3.6.1 removed from extensions.enabledItems
Prefs.js: {07b2a769-ed19-4483-87ce-c643914c81b1}:2.2 removed from extensions.enabledItems
Prefs.js: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91 removed from extensions.enabledItems
Prefs.js: {239c61a8-e55f-11db-8314-0800200c9a66}:2.1.4 removed from extensions.enabledItems
Prefs.js: {35f30c76-35d4-56d9-8dbc-000a6e787ef4}:1.2.2 removed from extensions.enabledItems
Prefs.js: {3713a489-0634-4472-8456-dc7abd7eba00}:1.3.1 removed from extensions.enabledItems
Prefs.js: {5c876f30-10ce-11dd-bd0b-0800200c9a66}:3.6.7 removed from extensions.enabledItems
Prefs.js: {6e00410e-1176-11dc-8314-0800200c9a66}:1.6.2 removed from extensions.enabledItems
Prefs.js: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.6.7 removed from extensions.enabledItems
Prefs.js: {9998A493-980E-4716-81BC-F0C77001E9B7}:3.13 removed from extensions.enabledItems
Prefs.js: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.6.3 removed from extensions.enabledItems
Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
Prefs.js: "212.233.184.189" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: "localhost, 127.0.0.1, stealthy.co" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
File C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KiesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hirezgamesdiagandsupport.exe\ deleted successfully.
C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hirezlauncherui.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kies.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvstlink.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvstview.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccompanion.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hirezgamesdiagandsupport.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hirezlauncherui.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kies.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvstlink.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvstview.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccompanion.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48d1e49d-5989-11e1-911d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48d1e49d-5989-11e1-911d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48d1e49d-5989-11e1-911d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48d1e49d-5989-11e1-911d-806e6f6e6963}\ not found.
File D:\Bin\assetup.exe not found.
ADS C:\ProgramData\TEMP:0FF263E8 deleted successfully.
C:\ProgramData\to_r0tsef.pad moved successfully.
File C:\ProgramData\to_r0tsef.pad not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 111188 bytes
->Temporary Internet Files folder emptied: 323961 bytes
->Java cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 25889766 bytes
->Temporary Internet Files folder emptied: 885138 bytes
->Java cache emptied: 2771705 bytes
->FireFox cache emptied: 61491035 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 567 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1824 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 47770674 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 133,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: ***
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07162012_212450
Code:
ATTFilter
# AdwCleaner v1.702 - Logfile created 07/16/2012 at 22:13:03
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : *** - ***-PC
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\Conduit
Folder Found : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\ConduitEngine
Folder Found : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\WinampToolbarData
Folder Found : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
File Found : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\searchplugins\Conduit.xml

***** [Registry] *****

Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
[x64] Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Type***\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Type***\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\prefs.js

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/868510/864310/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874426/870225/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874430/870228/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874431/870229/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874435/870233/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874437/870235/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874438/870236/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874439/870237/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874440/870238/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874441/870239/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874443/870241/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2475029", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2481020", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2475029/CT2475029[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2481020/CT2475029[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/1344951.xml", "\"6c43e594350b8cbfad8e[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16887175.xml", "\"834ad08fb6b554b5c7e[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/17151925.xml", "\"0fd81af39cadfc7507c[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20536157.xml", "\"d6739014f847336d8fa[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/30261067.xml", "\"33826f9181124e5a81e[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/34655603.xml", "\"141c9c47d8bfd93153e[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/759251.xml", "\"3b537a8dedd7323a76ac6[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/816653.xml", "\"3310b3d566d4bd39f603d[...]
Found : user_pref("CommunityToolbar.EngineOwner", "");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2475029");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "myashampoo");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=panda&[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
Found : user_pref("CommunityToolbar.ToolbarsList2", "");
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jan 27 2011 02:43:20 GMT+0100");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jan 26 2011 23:51:33 GMT+0100");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "439c7628-8e08-47d6-b3ff-b4ee51cf9051");
Found : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Wed Jan 26 2011 23:51:38 GMT+0100"[...]
Found : user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Wed Jan 26 2011 23:51:38 GMT+0100[...]
Found : user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Wed Jan 26 2011 23:51:38 GMT+0100[...]
Found : user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Wed Jan 26 2011 23:51:38 GMT+0100[...]
Found : user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Wed Jan 26 2011 23:51:38 GMT+0100[...]
Found : user_pref("CommunityToolbar.twitter.user_34655603.LastCheckTime", "Wed Jan 26 2011 23:51:38 GMT+0100[...]
Found : user_pref("CommunityToolbar.twitter.user_759251.LastCheckTime", "Wed Jan 26 2011 23:51:38 GMT+0100")[...]
Found : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Wed Jan 26 2011 23:51:38 GMT+0100")[...]
Found : user_pref("ConduitEngine.FirstServerDate", "01/27/2011 01");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Wed Jan 26 2011 23:51:34 GMT+0100");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Jan 26 2011 23:51:34 GMT+0100");
Found : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Thu Jan 27 2011 16:25:50 GMT+0100");
Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Jan 27 2011 16:25:46 GMT+0100");
Found : user_pref("ConduitEngine.UserID", "UN15566717195960056");
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Jan 26 2011 23:51:34 GMT+0100");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("bettergmail2.enabled.inboxcount", true);
Found : user_pref("bettergmail2.enabled.inboxcountfirst", true);
Found : user_pref("easygestures.customizations.searchQuery1", "hxxp://www.google.de/search?q=%s&ie=UTF-8&hl=[...]
Found : user_pref("easygestures.customizations.searchQuery2", "hxxp://de.wikipedia.org/wiki/Spezial:Search?s[...]
Found : user_pref("easygestures.customizations.searchQuery3", "");
Found : user_pref("easygestures.customizations.searchQuery4", "");
Found : user_pref("easygestures.customizations.searchQuery5", "");
Found : user_pref("easygestures.customizations.searchQuery6", "");
Found : user_pref("easygestures.customizations.translateQuery", "hxxp://info.babylon.com/cgi-bin/info.cgi?ot[...]

-\\ Google Chrome v20.0.1132.57

File : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found :          "name": "Winamp Application Detector",
Found :          "name": "Winamp Application Detector"

-\\ Opera v [Unable to get version]

File : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [11946 octets] - [16/07/2012 22:13:03]

########## EOF - C:\AdwCleaner[R1].txt - [12075 octets] ##########

Alt 16.07.2012, 21:34   #12
t'john
/// Helfer-Team
 
GVU Trojaner 2.07 komplett entfernen? Win 7 64bit - Standard

GVU Trojaner 2.07 komplett entfernen? Win 7 64bit


Sehr gut!

Wie laeuft der Rechner?


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.07.2012, 21:35   #13
2ndSkin
 
GVU Trojaner 2.07 komplett entfernen? Win 7 64bit - Standard

GVU Trojaner 2.07 komplett entfernen? Win 7 64bit


So far - so good

Melde mich gleich noch mal.

Code:
ATTFilter
# AdwCleaner v1.702 - Logfile created 07/16/2012 at 22:36:44
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : *** - ***-PC
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\Conduit
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\ConduitEngine
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\WinampToolbarData
Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
File Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\searchplugins\Conduit.xml

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Type***\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\prefs.js

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\user.js ... Deleted !

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/868510/864310/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874426/870225/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874430/870228/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874431/870229/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874435/870233/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874437/870235/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874438/870236/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874439/870237/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874440/870238/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874441/870239/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/874443/870241/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2475029", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2481020", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2475029/CT2475029[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2481020/CT2475029[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/1344951.xml", "\"6c43e594350b8cbfad8e[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16887175.xml", "\"834ad08fb6b554b5c7e[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/17151925.xml", "\"0fd81af39cadfc7507c[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20536157.xml", "\"d6739014f847336d8fa[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/30261067.xml", "\"33826f9181124e5a81e[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/34655603.xml", "\"141c9c47d8bfd93153e[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/759251.xml", "\"3b537a8dedd7323a76ac6[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/816653.xml", "\"3310b3d566d4bd39f603d[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2475029");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "myashampoo");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=panda&[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "");
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jan 27 2011 02:43:20 GMT+0100");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jan 26 2011 23:51:33 GMT+0100");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "439c7628-8e08-47d6-b3ff-b4ee51cf9051");
Deleted : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Wed Jan 26 2011 23:51:38 GMT+0100"[...]
Deleted : user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Wed Jan 26 2011 23:51:38 GMT+0100[...]
Deleted : user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Wed Jan 26 2011 23:51:38 GMT+0100[...]
Deleted : user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Wed Jan 26 2011 23:51:38 GMT+0100[...]
Deleted : user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Wed Jan 26 2011 23:51:38 GMT+0100[...]
Deleted : user_pref("CommunityToolbar.twitter.user_34655603.LastCheckTime", "Wed Jan 26 2011 23:51:38 GMT+0100[...]
Deleted : user_pref("CommunityToolbar.twitter.user_759251.LastCheckTime", "Wed Jan 26 2011 23:51:38 GMT+0100")[...]
Deleted : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Wed Jan 26 2011 23:51:38 GMT+0100")[...]
Deleted : user_pref("ConduitEngine.FirstServerDate", "01/27/2011 01");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Wed Jan 26 2011 23:51:34 GMT+0100");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Jan 26 2011 23:51:34 GMT+0100");
Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Thu Jan 27 2011 16:25:50 GMT+0100");
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Jan 27 2011 16:25:46 GMT+0100");
Deleted : user_pref("ConduitEngine.UserID", "UN15566717195960056");
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Jan 26 2011 23:51:34 GMT+0100");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("bettergmail2.enabled.inboxcount", true);
Deleted : user_pref("bettergmail2.enabled.inboxcountfirst", true);
Deleted : user_pref("easygestures.customizations.searchQuery1", "hxxp://www.google.de/search?q=%s&ie=UTF-8&hl=[...]
Deleted : user_pref("easygestures.customizations.searchQuery2", "hxxp://de.wikipedia.org/wiki/Spezial:Search?s[...]
Deleted : user_pref("easygestures.customizations.searchQuery3", "");
Deleted : user_pref("easygestures.customizations.searchQuery4", "");
Deleted : user_pref("easygestures.customizations.searchQuery5", "");
Deleted : user_pref("easygestures.customizations.searchQuery6", "");
Deleted : user_pref("easygestures.customizations.translateQuery", "hxxp://info.babylon.com/cgi-bin/info.cgi?ot[...]

-\\ Google Chrome v20.0.1132.57

File : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :          "name": "Winamp Application Detector",
Deleted :          "name": "Winamp Application Detector"

-\\ Opera v [Unable to get version]

File : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12071 octets] - [16/07/2012 22:13:03]
AdwCleaner[S1].txt - [12114 octets] - [16/07/2012 22:36:44]

########## EOF - C:\AdwCleaner[S1].txt - [12243 octets] ##########
Geändert von 2ndSkin (16.07.2012 um 21:46 Uhr)

Alt 16.07.2012, 21:46   #14
t'john
/// Helfer-Team
 
GVU Trojaner 2.07 komplett entfernen? Win 7 64bit - Standard

GVU Trojaner 2.07 komplett entfernen? Win 7 64bit


Sehr gut!

zur Kontrolle:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.07.2012, 22:07   #15
2ndSkin
 
GVU Trojaner 2.07 komplett entfernen? Win 7 64bit - Standard

GVU Trojaner 2.07 komplett entfernen? Win 7 64bit


Scan bei 50%. Zwei Funde so weit. Als Laie sage ich mal "unkritisch"...

Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 16.07.2012 22:52:19

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, E:\, F:\, G:\, H:\, I:\, J:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	16.07.2012 22:52:27

Key: hkey_current_user\software\microsoft\wab 	gefunden: Trace.Registry.win32.zbot!E1
E:\Old\Users\Crash\Desktop\arc\files\zergRush 	gefunden: Exploit.Linux.Lotoor!E2
F:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe 	gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1
H:\Users\Crash\Desktop\arc\files\zergRush 	gefunden: Exploit.Linux.Lotoor!E2

Gescannt	730236
Gefunden	4

Scan Ende:	17.07.2012 00:45:26
Scan Zeit:	1:52:59
Was Rumänien angeht: Ich könnte mir vorstellen, dass das mit dem Firefox Addon Stealthy zu tun hat...

Antwort
Seite 1 von 2 1 2

Themen zu GVU Trojaner 2.07 komplett entfernen? Win 7 64bit
administrator, anti-malware, appdata, autostart, avast, bildschirm, ctfmon.lnk, dateien, entfernen, explorer, fehler, gelöscht, heuristiks/extra, heuristiks/shuriken, internet, komplett entfernen, log, malwarebytes, microsoft, problem, quarantäne, roaming, security, speicher, starten, temp, trojaner, win, win 7 64bit


« WinXP GVU Trojaner 2.07 | EXP/Pidief.def und insb. TR/Crypt.ZPACK.Gen8 Befall »


Ähnliche Themen: GVU Trojaner 2.07 komplett entfernen? Win 7 64bit


  1. GVU Trojaner unter Win7 64bit entfernen
    Log-Analyse und Auswertung - 28.06.2014 (3)
  2. PC Performer komplett entfernen
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (11)
  3. GVU Trojaner komplett entfernen?
    Plagegeister aller Art und deren Bekämpfung - 16.07.2013 (15)
  4. Hola Search komplett entfernen
    Log-Analyse und Auswertung - 13.07.2013 (13)
  5. GVU-Virus komplett entfernen
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (13)
  6. Bundestrojaner komplett entfernen
    Log-Analyse und Auswertung - 30.09.2012 (12)
  7. GVU Trojaner 2.07 komplett entfernen
    Log-Analyse und Auswertung - 06.09.2012 (11)
  8. GVU Trojaner komplett entfernen
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (17)
  9. GVU Trojaner komplett entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (24)
  10. Guv Trojaner 2.7 komplett entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.09.2012 (20)
  11. GUV-Trojaner komplett entfernen
    Log-Analyse und Auswertung - 15.08.2012 (37)
  12. GVU-Trojaner entfernen Windows7 64bit
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (7)
  13. Windows 7 64Bit -Komplett Neuer Rechner- Crasht nach 3minuten
    Netzwerk und Hardware - 01.06.2012 (3)
  14. Windows 7 64bit komplett neu installiert und schon wieder infiziert ?
    Log-Analyse und Auswertung - 21.08.2011 (3)
  15. BKA Virus komplett entfernen
    Log-Analyse und Auswertung - 23.07.2011 (13)
  16. System tool komplett entfernen.
    Log-Analyse und Auswertung - 26.02.2011 (5)
  17. My Web Search komplett entfernen
    Plagegeister aller Art und deren Bekämpfung - 25.10.2008 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner 2.07 komplett entfernen? Win 7 64bit - Hallo, ich würde mich sehr über eine Hilfe zum o.g. Problem freuen. Leider hat mir avast Internet Security 7 (Vollversion) den Trojaner zwar angezeigt, aber nicht verhindert, dass er meinen - GVU Trojaner 2.07 komplett entfernen? Win 7 64bit...
Archiv
Du betrachtest: GVU Trojaner 2.07 komplett entfernen? Win 7 64bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132