GVU Interpol Trojaner entfernen?

Chefkoch1 · 21.11.2013, 12:34

Moin Moin, ich habe den GVU Trojaner und möchte Ihn Gerne entfernen.

Das System ist ein W7 Home Prem. 32 bit.

schrauber · 21.11.2013, 13:32

hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Chefkoch1 · 21.11.2013, 14:14

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by SYSTEM on MININT-M6LR0JF on 21-11-2013 12:20:41
Running from G:\
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Marine Aquarium Lite Search Scope Monitor] - C:\Program Files\MarineAquarium3Free_57\bar\1.bin\57SrchMn.exe [44784 2013-11-14] (MindSpark)
HKLM\...\Run: [MarineAquarium3Free_57 Browser Plugin Loader] - C:\Program Files\MarineAquarium3Free_57\bar\1.bin\57brmon.exe [30096 2013-11-14] (VER_COMPANY_NAME)
HKU\Besitzer\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-10-02] (Skype Technologies S.A.)
HKU\Besitzer\...\Run: [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe [ 2013-09-29] (PC Utilities Pro)
HKU\Besitzer\...\Run: [Facebook Update] - C:\Users\Besitzer\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2013-10-27] (Facebook Inc.)
HKU\Besitzer\...\Run: [Desk 365] - C:\Program Files\Desk 365\desk365.exe [ 2013-10-27] (337 Technology Limited.)
AppInit_DLLs: C:\Program Files\Optimizer Pro\OptProCrash.dll [ 2013-10-17] ()

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-15] (APN LLC.)
S2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1358944 2013-09-25] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrash.exe [143488 2013-10-27] ()
S4 desksvc; C:\Program Files\Desk 365\deskSvc.exe [424016 2013-10-27] (337 Technology Limited.)
S2 MarineAquarium3Free_57Service; C:\Program Files\MarineAquarium3Free_57\bar\1.bin\57barsvc.exe [44752 2013-11-14] (COMPANYVERS_NAME)
S2 Update SaltarSmart; C:\Program Files\SaltarSmart\updateSaltarSmart.exe [66336 2013-11-07] ()
S2 Util SaltarSmart; C:\Program Files\SaltarSmart\bin\utilSaltarSmart.exe [66336 2013-11-07] ()
S4 WajamUpdaterV3; C:\Program Files\Wajam\Updater\WajamUpdaterV3.exe [114176 2013-10-22] (Wajam)
S2 Winmgmt; C:\ProgramData\jvrq06j.dss [175616 2013-11-16] (Sato Corporation)

==================== Drivers (Whitelisted) ====================

S3 ADM8511; C:\Windows\System32\DRIVERS\ADM8511.SYS [24555 2001-02-15] (ADMtek Incorporated)
S3 athr; C:\Windows\System32\DRIVERS\athr.sys [3174912 2013-09-06] (Qualcomm Atheros Communications, Inc.)
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-10] (Avira Operations GmbH & Co. KG)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-10] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [67680 2013-10-10] (Avira Operations GmbH & Co. KG)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [33640 2010-10-18] (Atheros)
S3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [33616 2011-02-08] (TOSHIBA Corporation)
S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RTSUVSTOR.sys [226408 2010-11-30] (Realtek Semiconductor Corp.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
S3 EverestDriver; \??\F:\Software\Tuning & System\EVEREST Ultimate Edition\kerneld.wnt [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-21 08:35 - 2013-11-21 08:35 - 00000000 ____D C:\FRST
2013-11-19 16:36 - 2013-11-19 16:36 - 00000000 ____D C:\.Trash-999
2013-11-17 12:29 - 2013-11-19 14:26 - 95025368 ____T C:\ProgramData\1jvari.bxx
2013-11-17 12:29 - 2013-11-19 14:26 - 00000000 _____ C:\ProgramData\1jvari.fvv
2013-11-17 12:29 - 2013-11-17 12:29 - 00174592 _____ C:\ProgramData\iravj1.dss
2013-11-16 14:01 - 2013-11-19 15:44 - 95025368 ____T C:\ProgramData\j60qrvj.bxx
2013-11-16 14:01 - 2013-11-19 14:26 - 00000000 _____ C:\ProgramData\j60qrvj.fvv
2013-11-16 14:01 - 2013-11-16 14:02 - 00000279 _____ C:\ProgramData\j60qrvj.reg
2013-11-16 14:01 - 2013-11-16 14:01 - 01595904 ____T C:\ProgramData\j60qrvj.fdd
2013-11-16 14:01 - 2013-11-16 14:01 - 00175616 _____ (Sato Corporation) C:\ProgramData\jvrq06j.dss
2013-11-15 01:33 - 2013-10-12 08:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-15 01:33 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-15 01:33 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-15 01:33 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-15 01:33 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-14 22:21 - 2013-11-14 22:21 - 00000000 ____D C:\Program Files\MarineAquarium3Free_57
2013-11-14 20:03 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-14 20:03 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-14 20:03 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-14 20:03 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-14 20:03 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-14 20:03 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-14 20:03 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-14 20:03 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-14 20:03 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-14 20:03 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-14 20:03 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-14 20:03 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-14 20:03 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-14 20:03 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-14 20:03 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-14 20:03 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-14 20:03 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-14 20:03 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-10-27 07:01 - 2013-10-27 07:01 - 00000995 _____ C:\Users\Public\Desktop\VideoPlayer.lnk
2013-10-27 06:58 - 2013-11-17 12:29 - 00000000 ____D C:\SoloApp
2013-10-27 06:57 - 2013-10-27 06:57 - 00000556 _____ C:\Windows\KB893803v2.log
2013-10-27 06:56 - 2013-10-27 06:56 - 00000000 ____D C:\Users\Besitzer\AppData\Roaming\SimplyTech
2013-10-27 06:56 - 2013-10-27 06:56 - 00000000 ____D C:\Users\Besitzer\AppData\Roaming\HomeTab
2013-10-27 06:56 - 2013-10-27 06:56 - 00000000 ____D C:\Program Files\HomeTab
2013-10-27 06:56 - 2013-08-13 08:38 - 00032328 _____ C:\Windows\Launcher.exe
2013-10-27 06:55 - 2013-11-05 07:48 - 00000000 ____D C:\ProgramData\eSafe
2013-10-27 06:55 - 2013-10-27 06:55 - 00000000 ____D C:\Users\Besitzer\Documents\Optimizer Pro
2013-10-27 06:55 - 2013-10-27 06:55 - 00000000 ____D C:\Users\Besitzer\AppData\Roaming\Optimizer Pro
2013-10-27 06:54 - 2013-11-01 21:26 - 00000000 ____D C:\Users\Besitzer\AppData\Roaming\Desk 365
2013-10-27 06:54 - 2013-10-27 07:01 - 00000000 ____D C:\Program Files\VideoPlayer
2013-10-27 06:54 - 2013-10-27 06:55 - 00000000 ____D C:\Program Files\Desk 365
2013-10-27 06:54 - 2013-10-27 06:54 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-10-27 06:53 - 2013-10-28 06:54 - 00000000 ____D C:\Program Files\SaltarSmart
2013-10-27 06:52 - 2013-10-27 06:52 - 00000000 ____D C:\Users\Besitzer\AppData\Local\SearchProtect
2013-10-27 06:52 - 2013-10-27 06:52 - 00000000 ____D C:\Program Files\SearchProtect
2013-10-27 06:52 - 2013-10-27 06:52 - 00000000 _____ C:\END
2013-10-27 06:51 - 2013-10-27 06:55 - 00000000 ____D C:\Users\Besitzer\AppData\Local\Facebook
2013-10-26 16:30 - 2013-10-26 16:30 - 04953944 _____ (FLVMPlayer                                                  ) C:\Users\Besitzer\Documents\FLVMPlayer(2).exe
2013-10-26 16:29 - 2013-10-26 16:29 - 00000000 ____D C:\Users\Besitzer\AppData\Local\Smartbar
2013-10-26 16:28 - 2013-10-26 16:28 - 00000000 ____D C:\Users\Besitzer\AppData\Local\Wajam
2013-10-26 16:28 - 2013-10-26 16:28 - 00000000 ____D C:\Program Files\Wajam
2013-10-22 18:13 - 2013-10-22 18:13 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-10-22 18:13 - 2013-10-22 18:13 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-10-22 18:11 - 2013-10-08 06:50 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-10-22 18:11 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-10-22 18:11 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-10-22 18:11 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-10-22 18:10 - 2013-10-22 18:11 - 00004266 _____ C:\Windows\System32\jupdate-1.7.0_45-b18.log

==================== One Month Modified Files and Folders =======

2013-11-21 08:35 - 2013-11-21 08:35 - 00000000 ____D C:\FRST
2013-11-21 08:33 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-11-19 16:36 - 2013-11-19 16:36 - 00000000 ____D C:\.Trash-999
2013-11-19 15:44 - 2013-11-16 14:01 - 95025368 ____T C:\ProgramData\j60qrvj.bxx
2013-11-19 14:26 - 2013-11-17 12:29 - 95025368 ____T C:\ProgramData\1jvari.bxx
2013-11-19 14:26 - 2013-11-17 12:29 - 00000000 _____ C:\ProgramData\1jvari.fvv
2013-11-19 14:26 - 2013-11-16 14:01 - 00000000 _____ C:\ProgramData\j60qrvj.fvv
2013-11-19 14:26 - 2009-07-14 05:39 - 00031440 _____ C:\Windows\setupact.log
2013-11-19 09:09 - 2009-07-14 05:34 - 00015104 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-19 09:09 - 2009-07-14 05:34 - 00015104 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-19 09:07 - 2013-09-06 15:32 - 01869797 _____ C:\Windows\WindowsUpdate.log
2013-11-18 17:17 - 2013-09-06 19:54 - 00000000 ____D C:\Users\Besitzer\AppData\Roaming\Skype
2013-11-17 12:29 - 2013-11-17 12:29 - 00174592 _____ C:\ProgramData\iravj1.dss
2013-11-17 12:29 - 2013-10-27 06:58 - 00000000 ____D C:\SoloApp
2013-11-17 09:37 - 2013-09-06 18:00 - 00000000 ____D C:\ProgramData\MFAData
2013-11-17 09:25 - 2013-09-06 15:32 - 00000000 ____D C:\users\Besitzer
2013-11-16 14:02 - 2013-11-16 14:01 - 00000279 _____ C:\ProgramData\j60qrvj.reg
2013-11-16 14:01 - 2013-11-16 14:01 - 01595904 ____T C:\ProgramData\j60qrvj.fdd
2013-11-16 14:01 - 2013-11-16 14:01 - 00175616 _____ (Sato Corporation) C:\ProgramData\jvrq06j.dss
2013-11-15 20:06 - 2013-09-06 15:34 - 01612484 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-15 03:41 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-11-15 01:36 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-11-15 01:35 - 2013-09-06 18:30 - 00116432 _____ C:\Windows\PFRO.log
2013-11-15 01:33 - 2013-10-20 23:08 - 00000000 ____D C:\Windows\System32\MRT
2013-11-15 01:31 - 2013-10-20 23:08 - 80340640 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-14 22:21 - 2013-11-14 22:21 - 00000000 ____D C:\Program Files\MarineAquarium3Free_57
2013-11-05 07:48 - 2013-10-27 06:55 - 00000000 ____D C:\ProgramData\eSafe
2013-11-01 21:26 - 2013-10-27 06:54 - 00000000 ____D C:\Users\Besitzer\AppData\Roaming\Desk 365
2013-10-30 20:47 - 2013-09-18 06:13 - 00000000 ____D C:\Program Files\LyriXeeker-1
2013-10-28 19:35 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-28 19:21 - 2013-09-06 19:53 - 00000000 ___RD C:\Program Files\Skype
2013-10-28 19:21 - 2013-09-06 19:53 - 00000000 ____D C:\ProgramData\Skype
2013-10-28 06:54 - 2013-10-27 06:53 - 00000000 ____D C:\Program Files\SaltarSmart
2013-10-27 20:15 - 2013-10-15 15:49 - 00002016 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-27 19:43 - 2013-10-09 12:03 - 00000000 ____D C:\Program Files\LyricsSay-1
2013-10-27 07:01 - 2013-10-27 07:01 - 00000995 _____ C:\Users\Public\Desktop\VideoPlayer.lnk
2013-10-27 07:01 - 2013-10-27 06:54 - 00000000 ____D C:\Program Files\VideoPlayer
2013-10-27 06:57 - 2013-10-27 06:57 - 00000556 _____ C:\Windows\KB893803v2.log
2013-10-27 06:56 - 2013-10-27 06:56 - 00000000 ____D C:\Users\Besitzer\AppData\Roaming\SimplyTech
2013-10-27 06:56 - 2013-10-27 06:56 - 00000000 ____D C:\Users\Besitzer\AppData\Roaming\HomeTab
2013-10-27 06:56 - 2013-10-27 06:56 - 00000000 ____D C:\Program Files\HomeTab
2013-10-27 06:55 - 2013-10-27 06:55 - 00000000 ____D C:\Users\Besitzer\Documents\Optimizer Pro
2013-10-27 06:55 - 2013-10-27 06:55 - 00000000 ____D C:\Users\Besitzer\AppData\Roaming\Optimizer Pro
2013-10-27 06:55 - 2013-10-27 06:54 - 00000000 ____D C:\Program Files\Desk 365
2013-10-27 06:55 - 2013-10-27 06:51 - 00000000 ____D C:\Users\Besitzer\AppData\Local\Facebook
2013-10-27 06:54 - 2013-10-27 06:54 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-10-27 06:52 - 2013-10-27 06:52 - 00000000 ____D C:\Users\Besitzer\AppData\Local\SearchProtect
2013-10-27 06:52 - 2013-10-27 06:52 - 00000000 ____D C:\Program Files\SearchProtect
2013-10-27 06:52 - 2013-10-27 06:52 - 00000000 _____ C:\END
2013-10-26 16:30 - 2013-10-26 16:30 - 04953944 _____ (FLVMPlayer                                                  ) C:\Users\Besitzer\Documents\FLVMPlayer(2).exe
2013-10-26 16:29 - 2013-10-26 16:29 - 00000000 ____D C:\Users\Besitzer\AppData\Local\Smartbar
2013-10-26 16:28 - 2013-10-26 16:28 - 00000000 ____D C:\Users\Besitzer\AppData\Local\Wajam
2013-10-26 16:28 - 2013-10-26 16:28 - 00000000 ____D C:\Program Files\Wajam
2013-10-24 16:13 - 2013-09-06 18:01 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-22 18:13 - 2013-10-22 18:13 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-10-22 18:13 - 2013-10-22 18:13 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-10-22 18:11 - 2013-10-22 18:10 - 00004266 _____ C:\Windows\System32\jupdate-1.7.0_45-b18.log
2013-10-22 18:11 - 2013-09-14 17:39 - 00000000 ____D C:\ProgramData\Oracle
2013-10-22 18:11 - 2013-09-14 17:38 - 00000000 ____D C:\Program Files\Java

Files to move or delete:
====================
C:\ProgramData\1jvari.bxx
C:\ProgramData\1jvari.fvv
C:\ProgramData\iravj1.dss
C:\ProgramData\j60qrvj.bxx
C:\ProgramData\j60qrvj.fvv
C:\ProgramData\j60qrvj.reg
C:\ProgramData\jvrq06j.dss
C:\Users\Public\AlexaNSISPlugin.2204.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

7
Restore point made on: 2013-11-05 04:31:06
Restore point made on: 2013-11-05 06:19:21
Restore point made on: 2013-11-05 06:19:33
Restore point made on: 2013-11-12 23:20:27
Restore point made on: 2013-11-15 01:31:31
Restore point made on: 2013-11-17 12:30:39
Restore point made on: 2013-11-17 12:36:18

==================== Memory info =========================== 

Percentage of memory in use: 6%
Total physical RAM: 8173.86 MB
Available physical RAM: 7640.21 MB
Total Pagefile: 8172.14 MB
Available Pagefile: 7651.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:421.8 GB) NTFS
Drive g: (OHNE TITEL) (Removable) (Total:29.69 GB) (Free:0.86 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B00FB00F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 30 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=30 GB) - (Type=07 NTFS)


LastRegBack: 2013-11-10 04:47

==================== End Of Log ============================

--- --- ---

schrauber · 22.11.2013, 10:47

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\Besitzer\...\Run: [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe [ 2013-09-29] (PC Utilities Pro)
AppInit_DLLs: C:\Program Files\Optimizer Pro\OptProCrash.dll [ 2013-10-17] ()
S2 Winmgmt; C:\ProgramData\jvrq06j.dss [175616 2013-11-16] (Sato Corporation)
2013-11-17 12:29 - 2013-11-19 14:26 - 95025368 ____T C:\ProgramData\1jvari.bxx
2013-11-17 12:29 - 2013-11-19 14:26 - 00000000 _____ C:\ProgramData\1jvari.fvv
2013-11-17 12:29 - 2013-11-17 12:29 - 00174592 _____ C:\ProgramData\iravj1.dss
2013-11-16 14:01 - 2013-11-19 15:44 - 95025368 ____T C:\ProgramData\j60qrvj.bxx
2013-11-16 14:01 - 2013-11-19 14:26 - 00000000 _____ C:\ProgramData\j60qrvj.fvv
2013-11-16 14:01 - 2013-11-16 14:02 - 00000279 _____ C:\ProgramData\j60qrvj.reg
2013-11-16 14:01 - 2013-11-16 14:01 - 01595904 ____T C:\ProgramData\j60qrvj.fdd
2013-11-16 14:01 - 2013-11-16 14:01 - 00175616 _____ (Sato Corporation) C:\ProgramData\jvrq06j.dss

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Rechner normal starten.

Chefkoch1 · 25.11.2013, 13:14

hier das Log, Vielen Dank an dieser Stelle schonmal. :-)

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-11-2013
Ran by SYSTEM at 2013-11-25 11:40:02 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\Besitzer\...\Run: [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe [ 2013-09-29] (PC Utilities Pro)
AppInit_DLLs: C:\Program Files\Optimizer Pro\OptProCrash.dll [ 2013-10-17] ()
S2 Winmgmt; C:\ProgramData\jvrq06j.dss [175616 2013-11-16] (Sato Corporation)
2013-11-17 12:29 - 2013-11-19 14:26 - 95025368 ____T C:\ProgramData\1jvari.bxx
2013-11-17 12:29 - 2013-11-19 14:26 - 00000000 _____ C:\ProgramData\1jvari.fvv
2013-11-17 12:29 - 2013-11-17 12:29 - 00174592 _____ C:\ProgramData\iravj1.dss
2013-11-16 14:01 - 2013-11-19 15:44 - 95025368 ____T C:\ProgramData\j60qrvj.bxx
2013-11-16 14:01 - 2013-11-19 14:26 - 00000000 _____ C:\ProgramData\j60qrvj.fvv
2013-11-16 14:01 - 2013-11-16 14:02 - 00000279 _____ C:\ProgramData\j60qrvj.reg
2013-11-16 14:01 - 2013-11-16 14:01 - 01595904 ____T C:\ProgramData\j60qrvj.fdd
2013-11-16 14:01 - 2013-11-16 14:01 - 00175616 _____ (Sato Corporation) C:\ProgramData\jvrq06j.dss
         
*****************

HKU\Besitzer\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\1jvari.bxx => Moved successfully.
C:\ProgramData\1jvari.fvv => Moved successfully.
C:\ProgramData\iravj1.dss => Moved successfully.
C:\ProgramData\j60qrvj.bxx => Moved successfully.
C:\ProgramData\j60qrvj.fvv => Moved successfully.
C:\ProgramData\j60qrvj.reg => Moved successfully.
C:\ProgramData\j60qrvj.fdd => Moved successfully.
C:\ProgramData\jvrq06j.dss => Moved successfully.

==== End of Fixlog ====

schrauber · 26.11.2013, 09:41

Startet der REchner normal?

26.11.2013, 09:41	#6
schrauber /// the machine /// TB-Ausbilder	GVU Interpol Trojaner entfernen? Startet der REchner normal? __________________ --> GVU Interpol Trojaner entfernen?

GVU Interpol Trojaner entfernen?

Log-Analyse und Auswertung: GVU Interpol Trojaner entfernen?