| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC Optimizer ProWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.01.2014, 21:28
| #1 |
| |  PC Optimizer Pro Hallo Ich habe mir leider auch den PC Optimizer Pro "eingefangen". Habe danach gegoogelt und auch hier im Forum einen Thread bzgl. des Problems gefunden. Das Forum Mitglied : cosinus , hat einem anderen Betroffenen bei der Beseitigung geholfen. Ich benutze einen Toshiba Satellite Pro mit Windows 8. Ich habe den ersten Schritt der Anleitung gemacht und habe das JRT - Junkware Removal Tool installiert und einen scan damit gemacht. Den Logfile habe ich auf meinem Desktop. Kann mir Bitte jemand Weiterhelfen...das wäre echt Spitze. Schon mal ein dickes : Danke Schön im voraus. LG boti Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 8 x64
Ran by dagobert on 03.01.2014 at 21:09:37,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] addonshelper
Failed to delete: [Service] addonshelper
Successfully stopped: [Service] cltmngsvc
Failed to delete: [Service] cltmngsvc
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3541415397-2149579106-852229368-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\bonanzadealslive.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bonanzadeals
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bonanzadealslive
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\somoto
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3541415397-2149579106-852229368-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadeals
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadealslive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealslive.oneclickctrl.9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealslive.oneclickprocesslaunchermachine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealslive.oneclickprocesslaunchermachine.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealslive.update3webcontrol.3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.cocreateasync
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.cocreateasync.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.coreclass
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.coreclass.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.coremachineclass
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.coremachineclass.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.credentialdialogmachine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.credentialdialogmachine.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.ondemandcomclassmachine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.ondemandcomclassmachine.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.ondemandcomclassmachinefallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.ondemandcomclassmachinefallback.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.ondemandcomclasssvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.ondemandcomclasssvc.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.processlauncher
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.processlauncher.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3comclassservice
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3comclassservice.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3webmachine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3webmachine.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3webmachinefallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3webmachinefallback.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3websvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bonanzadealsliveupdate.update3websvc.1.0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\bonanza deals
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\filesfrog update checker
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{d85ffe92-bf14-4e9b-bccd-e5c16069e65f}_is1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0041856.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0041856.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0041856.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0041856.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110411181156}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422182256}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455185556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466186656}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444184456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110411181156}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422182256}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550455185556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466186656}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444184456}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0041856.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0041856.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0041856.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0041856.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455185556}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466186656}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444184456}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411181156}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411181156}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550455185556}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466186656}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444184456}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411181156}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
~~~ Files
Successfully deleted: [File] C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
Successfully deleted: [File] C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\bonanzadealslive"
Successfully deleted: [Folder] "C:\ProgramData\dsearchlink"
Successfully deleted: [Folder] "C:\Users\dagobert\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\dagobert\appdata\local\bonanzadealslive"
Successfully deleted: [Folder] "C:\Users\dagobert\appdata\local\filesfrog update checker"
Successfully deleted: [Folder] "C:\Users\dagobert\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\bonanzadeals"
Successfully deleted: [Folder] "C:\Program Files (x86)\bonanzadealslive"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\Users\dagobert\AppData\Roaming\microsoft\windows\start menu\programs\bonanzadeals"
Successfully deleted: [Folder] "C:\Users\dagobert\AppData\Roaming\microsoft\windows\start menu\programs\filesfrog update checker"
Successfully deleted: [Folder] "C:\Users\dagobert\documents\optimizer pro"
~~~ FireFox
Successfully deleted: [File] C:\Users\dagobert\AppData\Roaming\mozilla\firefox\profiles\ufdk0uqw.default\invalidprefs.js
Successfully deleted: [Folder] C:\Users\dagobert\AppData\Roaming\mozilla\firefox\profiles\ufdk0uqw.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.bdupdater.com/bonanzadealslive update;version=3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.bdupdater.com/bonanzadealslive update;version=9
Successfully deleted the following from C:\Users\dagobert\AppData\Roaming\mozilla\firefox\profiles\ufdk0uqw.default\prefs.js
user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3317740&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SPC2563704-DD91-45AB-9F47-63B60B469F
user_pref("browser.search.defaultenginename", "Conduit Search");
user_pref("browser.search.selectedEngine", "Conduit Search");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3317740&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPC2563704-DD91-45AB-9F47-63B60B469F7A&SSP
user_pref("extensions.helperbar.SmartbarDisabled", false);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
user_pref("extensions.helperbar.downloadprovider", "somoto");
user_pref("extensions.helperbar.publisher", "somoto");
user_pref("iminent.LayoutId", "1");
user_pref("iminent.ShowThankyouPixel", "0");
user_pref("iminent.registerToolbarEvent101", "1383250273510");
user_pref("iminent.registerToolbarEvent140", "1383260583806");
user_pref("iminent.version", "7.43.4.1");
user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.43.4.1\",\"InstallEventCTime\":1383091714481,\"InstallEvent\":\"True\"}");
Emptied folder: C:\Users\dagobert\AppData\Roaming\mozilla\firefox\profiles\ufdk0uqw.default\minidumps [8 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\dagobert\appdata\local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.01.2014 at 21:17:12,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
| Themen zu PC Optimizer Pro |
| andere, anderen, anleitung, appdatalow, beseitigung, conduit search, dickes, eingefangen, gefangen, installier, installiert, junkware, leitung, mitglied, mobogenie, mobogenie entfernen, optimizer, pup.optional.bundleinstaller.a, pup.optional.domaiq, removal, satellite, schritt, schön, thread, toshiba, windows |
Baum-Darstellung