Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU Interpol Trojaner entfernen? (https://www.trojaner-board.de/144950-gvu-interpol-trojaner-entfernen.html)

Chefkoch1 21.11.2013 12:34
GVU Interpol Trojaner entfernen?
 
Moin Moin, ich habe den GVU Trojaner und möchte Ihn Gerne entfernen.

Das System ist ein W7 Home Prem. 32 bit.

schrauber 21.11.2013 13:32
hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).


Chefkoch1 21.11.2013 14:14

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by SYSTEM on MININT-M6LR0JF on 21-11-2013 12:20:41
Running from G:\
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Marine Aquarium Lite Search Scope Monitor] - C:\Program Files\MarineAquarium3Free_57\bar\1.bin\57SrchMn.exe [44784 2013-11-14] (MindSpark)
HKLM\...\Run: [MarineAquarium3Free_57 Browser Plugin Loader] - C:\Program Files\MarineAquarium3Free_57\bar\1.bin\57brmon.exe [30096 2013-11-14] (VER_COMPANY_NAME)
HKU\Besitzer\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-10-02] (Skype Technologies S.A.)
HKU\Besitzer\...\Run: [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe [ 2013-09-29] (PC Utilities Pro)
HKU\Besitzer\...\Run: [Facebook Update] - C:\Users\Besitzer\AppData\Local\Facebook\Update\FacebookUpdate.exe [ 2013-10-27] (Facebook Inc.)
HKU\Besitzer\...\Run: [Desk 365] - C:\Program Files\Desk 365\desk365.exe [ 2013-10-27] (337 Technology Limited.)
AppInit_DLLs: C:\Program Files\Optimizer Pro\OptProCrash.dll [ 2013-10-17] ()

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
S4 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-15] (APN LLC.)
S2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1358944 2013-09-25] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
S2 ca82e1a5; C:\Program Files\Optimizer Pro\OptProCrash.exe [143488 2013-10-27] ()
S4 desksvc; C:\Program Files\Desk 365\deskSvc.exe [424016 2013-10-27] (337 Technology Limited.)
S2 MarineAquarium3Free_57Service; C:\Program Files\MarineAquarium3Free_57\bar\1.bin\57barsvc.exe [44752 2013-11-14] (COMPANYVERS_NAME)
S2 Update SaltarSmart; C:\Program Files\SaltarSmart\updateSaltarSmart.exe [66336 2013-11-07] ()
S2 Util SaltarSmart; C:\Program Files\SaltarSmart\bin\utilSaltarSmart.exe [66336 2013-11-07] ()
S4 WajamUpdaterV3; C:\Program Files\Wajam\Updater\WajamUpdaterV3.exe [114176 2013-10-22] (Wajam)
S2 Winmgmt; C:\ProgramData\jvrq06j.dss [175616 2013-11-16] (Sato Corporation)

==================== Drivers (Whitelisted) ====================

S3 ADM8511; C:\Windows\System32\DRIVERS\ADM8511.SYS [24555 2001-02-15] (ADMtek Incorporated)
S3 athr; C:\Windows\System32\DRIVERS\athr.sys [3174912 2013-09-06] (Qualcomm Atheros Communications, Inc.)
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [89376 2013-10-10] (Avira Operations GmbH & Co. KG)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-10-10] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [67680 2013-10-10] (Avira Operations GmbH & Co. KG)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [33640 2010-10-18] (Atheros)
S3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [33616 2011-02-08] (TOSHIBA Corporation)
S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RTSUVSTOR.sys [226408 2010-11-30] (Realtek Semiconductor Corp.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
S3 EverestDriver; \??\F:\Software\Tuning & System\EVEREST Ultimate Edition\kerneld.wnt [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-21 08:35 - 2013-11-21 08:35 - 00000000 ____D C:\FRST
2013-11-19 16:36 - 2013-11-19 16:36 - 00000000 ____D C:\.Trash-999
2013-11-17 12:29 - 2013-11-19 14:26 - 95025368 ____T C:\ProgramData\1jvari.bxx
2013-11-17 12:29 - 2013-11-19 14:26 - 00000000 _____ C:\ProgramData\1jvari.fvv
2013-11-17 12:29 - 2013-11-17 12:29 - 00174592 _____ C:\ProgramData\iravj1.dss
2013-11-16 14:01 - 2013-11-19 15:44 - 95025368 ____T C:\ProgramData\j60qrvj.bxx
2013-11-16 14:01 - 2013-11-19 14:26 - 00000000 _____ C:\ProgramData\j60qrvj.fvv
2013-11-16 14:01 - 2013-11-16 14:02 - 00000279 _____ C:\ProgramData\j60qrvj.reg
2013-11-16 14:01 - 2013-11-16 14:01 - 01595904 ____T C:\ProgramData\j60qrvj.fdd
2013-11-16 14:01 - 2013-11-16 14:01 - 00175616 _____ (Sato Corporation) C:\ProgramData\jvrq06j.dss
2013-11-15 01:33 - 2013-10-12 08:04 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-15 01:33 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-15 01:33 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-15 01:33 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-15 01:33 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-15 01:33 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-14 22:21 - 2013-11-14 22:21 - 00000000 ____D C:\Program Files\MarineAquarium3Free_57
2013-11-14 20:03 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-14 20:03 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-14 20:03 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-14 20:03 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-14 20:03 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-14 20:03 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-14 20:03 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-14 20:03 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-14 20:03 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-14 20:03 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-14 20:03 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-14 20:03 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-14 20:03 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-14 20:03 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-14 20:03 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-14 20:03 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-14 20:03 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-14 20:03 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-10-27 07:01 - 2013-10-27 07:01 - 00000995 _____ C:\Users\Public\Desktop\VideoPlayer.lnk
2013-10-27 06:58 - 2013-11-17 12:29 - 00000000 ____D C:\SoloApp
2013-10-27 06:57 - 2013-10-27 06:57 - 00000556 _____ C:\Windows\KB893803v2.log
2013-10-27 06:56 - 2013-10-27 06:56 - 00000000 ____D C:\Users\Besitzer\AppData\Roaming\SimplyTech
2013-10-27 06:56 - 2013-10-27 06:56 - 00000000 ____D C:\Users\Besitzer\AppData\Roaming\HomeTab
2013-10-27 06:56 - 2013-10-27 06:56 - 00000000 ____D C:\Program Files\HomeTab
2013-10-27 06:56 - 2013-08-13 08:38 - 00032328 _____ C:\Windows\Launcher.exe
2013-10-27 06:55 - 2013-11-05 07:48 - 00000000 ____D C:\ProgramData\eSafe
2013-10-27 06:55 - 2013-10-27 06:55 - 00000000 ____D C:\Users\Besitzer\Documents\Optimizer Pro
2013-10-27 06:55 - 2013-10-27 06:55 - 00000000 ____D C:\Users\Besitzer\AppData\Roaming\Optimizer Pro
2013-10-27 06:54 - 2013-11-01 21:26 - 00000000 ____D C:\Users\Besitzer\AppData\Roaming\Desk 365
2013-10-27 06:54 - 2013-10-27 07:01 - 00000000 ____D C:\Program Files\VideoPlayer
2013-10-27 06:54 - 2013-10-27 06:55 - 00000000 ____D C:\Program Files\Desk 365
2013-10-27 06:54 - 2013-10-27 06:54 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-10-27 06:53 - 2013-10-28 06:54 - 00000000 ____D C:\Program Files\SaltarSmart
2013-10-27 06:52 - 2013-10-27 06:52 - 00000000 ____D C:\Users\Besitzer\AppData\Local\SearchProtect
2013-10-27 06:52 - 2013-10-27 06:52 - 00000000 ____D C:\Program Files\SearchProtect
2013-10-27 06:52 - 2013-10-27 06:52 - 00000000 _____ C:\END
2013-10-27 06:51 - 2013-10-27 06:55 - 00000000 ____D C:\Users\Besitzer\AppData\Local\Facebook
2013-10-26 16:30 - 2013-10-26 16:30 - 04953944 _____ (FLVMPlayer                                                  ) C:\Users\Besitzer\Documents\FLVMPlayer(2).exe
2013-10-26 16:29 - 2013-10-26 16:29 - 00000000 ____D C:\Users\Besitzer\AppData\Local\Smartbar
2013-10-26 16:28 - 2013-10-26 16:28 - 00000000 ____D C:\Users\Besitzer\AppData\Local\Wajam
2013-10-26 16:28 - 2013-10-26 16:28 - 00000000 ____D C:\Program Files\Wajam
2013-10-22 18:13 - 2013-10-22 18:13 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-10-22 18:13 - 2013-10-22 18:13 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-10-22 18:11 - 2013-10-08 06:50 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-10-22 18:11 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-10-22 18:11 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-10-22 18:11 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\Windows\System32\java.exe
2013-10-22 18:10 - 2013-10-22 18:11 - 00004266 _____ C:\Windows\System32\jupdate-1.7.0_45-b18.log

==================== One Month Modified Files and Folders =======

2013-11-21 08:35 - 2013-11-21 08:35 - 00000000 ____D C:\FRST
2013-11-21 08:33 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-11-19 16:36 - 2013-11-19 16:36 - 00000000 ____D C:\.Trash-999
2013-11-19 15:44 - 2013-11-16 14:01 - 95025368 ____T C:\ProgramData\j60qrvj.bxx
2013-11-19 14:26 - 2013-11-17 12:29 - 95025368 ____T C:\ProgramData\1jvari.bxx
2013-11-19 14:26 - 2013-11-17 12:29 - 00000000 _____ C:\ProgramData\1jvari.fvv
2013-11-19 14:26 - 2013-11-16 14:01 - 00000000 _____ C:\ProgramData\j60qrvj.fvv
2013-11-19 14:26 - 2009-07-14 05:39 - 00031440 _____ C:\Windows\setupact.log
2013-11-19 09:09 - 2009-07-14 05:34 - 00015104 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-19 09:09 - 2009-07-14 05:34 - 00015104 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-19 09:07 - 2013-09-06 15:32 - 01869797 _____ C:\Windows\WindowsUpdate.log
2013-11-18 17:17 - 2013-09-06 19:54 - 00000000 ____D C:\Users\Besitzer\AppData\Roaming\Skype
2013-11-17 12:29 - 2013-11-17 12:29 - 00174592 _____ C:\ProgramData\iravj1.dss
2013-11-17 12:29 - 2013-10-27 06:58 - 00000000 ____D C:\SoloApp
2013-11-17 09:37 - 2013-09-06 18:00 - 00000000 ____D C:\ProgramData\MFAData
2013-11-17 09:25 - 2013-09-06 15:32 - 00000000 ____D C:\users\Besitzer
2013-11-16 14:02 - 2013-11-16 14:01 - 00000279 _____ C:\ProgramData\j60qrvj.reg
2013-11-16 14:01 - 2013-11-16 14:01 - 01595904 ____T C:\ProgramData\j60qrvj.fdd
2013-11-16 14:01 - 2013-11-16 14:01 - 00175616 _____ (Sato Corporation) C:\ProgramData\jvrq06j.dss
2013-11-15 20:06 - 2013-09-06 15:34 - 01612484 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-15 03:41 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-11-15 01:36 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-11-15 01:35 - 2013-09-06 18:30 - 00116432 _____ C:\Windows\PFRO.log
2013-11-15 01:33 - 2013-10-20 23:08 - 00000000 ____D C:\Windows\System32\MRT
2013-11-15 01:31 - 2013-10-20 23:08 - 80340640 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-14 22:21 - 2013-11-14 22:21 - 00000000 ____D C:\Program Files\MarineAquarium3Free_57
2013-11-05 07:48 - 2013-10-27 06:55 - 00000000 ____D C:\ProgramData\eSafe
2013-11-01 21:26 - 2013-10-27 06:54 - 00000000 ____D C:\Users\Besitzer\AppData\Roaming\Desk 365
2013-10-30 20:47 - 2013-09-18 06:13 - 00000000 ____D C:\Program Files\LyriXeeker-1
2013-10-28 19:35 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-28 19:21 - 2013-09-06 19:53 - 00000000 ___RD C:\Program Files\Skype
2013-10-28 19:21 - 2013-09-06 19:53 - 00000000 ____D C:\ProgramData\Skype
2013-10-28 06:54 - 2013-10-27 06:53 - 00000000 ____D C:\Program Files\SaltarSmart
2013-10-27 20:15 - 2013-10-15 15:49 - 00002016 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-27 19:43 - 2013-10-09 12:03 - 00000000 ____D C:\Program Files\LyricsSay-1
2013-10-27 07:01 - 2013-10-27 07:01 - 00000995 _____ C:\Users\Public\Desktop\VideoPlayer.lnk
2013-10-27 07:01 - 2013-10-27 06:54 - 00000000 ____D C:\Program Files\VideoPlayer
2013-10-27 06:57 - 2013-10-27 06:57 - 00000556 _____ C:\Windows\KB893803v2.log
2013-10-27 06:56 - 2013-10-27 06:56 - 00000000 ____D C:\Users\Besitzer\AppData\Roaming\SimplyTech
2013-10-27 06:56 - 2013-10-27 06:56 - 00000000 ____D C:\Users\Besitzer\AppData\Roaming\HomeTab
2013-10-27 06:56 - 2013-10-27 06:56 - 00000000 ____D C:\Program Files\HomeTab
2013-10-27 06:55 - 2013-10-27 06:55 - 00000000 ____D C:\Users\Besitzer\Documents\Optimizer Pro
2013-10-27 06:55 - 2013-10-27 06:55 - 00000000 ____D C:\Users\Besitzer\AppData\Roaming\Optimizer Pro
2013-10-27 06:55 - 2013-10-27 06:54 - 00000000 ____D C:\Program Files\Desk 365
2013-10-27 06:55 - 2013-10-27 06:51 - 00000000 ____D C:\Users\Besitzer\AppData\Local\Facebook
2013-10-27 06:54 - 2013-10-27 06:54 - 00000000 ____D C:\Program Files\Optimizer Pro
2013-10-27 06:52 - 2013-10-27 06:52 - 00000000 ____D C:\Users\Besitzer\AppData\Local\SearchProtect
2013-10-27 06:52 - 2013-10-27 06:52 - 00000000 ____D C:\Program Files\SearchProtect
2013-10-27 06:52 - 2013-10-27 06:52 - 00000000 _____ C:\END
2013-10-26 16:30 - 2013-10-26 16:30 - 04953944 _____ (FLVMPlayer                                                  ) C:\Users\Besitzer\Documents\FLVMPlayer(2).exe
2013-10-26 16:29 - 2013-10-26 16:29 - 00000000 ____D C:\Users\Besitzer\AppData\Local\Smartbar
2013-10-26 16:28 - 2013-10-26 16:28 - 00000000 ____D C:\Users\Besitzer\AppData\Local\Wajam
2013-10-26 16:28 - 2013-10-26 16:28 - 00000000 ____D C:\Program Files\Wajam
2013-10-24 16:13 - 2013-09-06 18:01 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-22 18:13 - 2013-10-22 18:13 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-10-22 18:13 - 2013-10-22 18:13 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2013-10-22 18:11 - 2013-10-22 18:10 - 00004266 _____ C:\Windows\System32\jupdate-1.7.0_45-b18.log
2013-10-22 18:11 - 2013-09-14 17:39 - 00000000 ____D C:\ProgramData\Oracle
2013-10-22 18:11 - 2013-09-14 17:38 - 00000000 ____D C:\Program Files\Java

Files to move or delete:
====================
C:\ProgramData\1jvari.bxx
C:\ProgramData\1jvari.fvv
C:\ProgramData\iravj1.dss
C:\ProgramData\j60qrvj.bxx
C:\ProgramData\j60qrvj.fvv
C:\ProgramData\j60qrvj.reg
C:\ProgramData\jvrq06j.dss
C:\Users\Public\AlexaNSISPlugin.2204.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

7
Restore point made on: 2013-11-05 04:31:06
Restore point made on: 2013-11-05 06:19:21
Restore point made on: 2013-11-05 06:19:33
Restore point made on: 2013-11-12 23:20:27
Restore point made on: 2013-11-15 01:31:31
Restore point made on: 2013-11-17 12:30:39
Restore point made on: 2013-11-17 12:36:18

==================== Memory info ===========================

Percentage of memory in use: 6%
Total physical RAM: 8173.86 MB
Available physical RAM: 7640.21 MB
Total Pagefile: 8172.14 MB
Available Pagefile: 7651.15 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:421.8 GB) NTFS
Drive g: (OHNE TITEL) (Removable) (Total:29.69 GB) (Free:0.86 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B00FB00F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 30 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=30 GB) - (Type=07 NTFS)


LastRegBack: 2013-11-10 04:47

==================== End Of Log ============================
--- --- ---

schrauber 22.11.2013 10:47
Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\Besitzer\...\Run: [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe [ 2013-09-29] (PC Utilities Pro)
AppInit_DLLs: C:\Program Files\Optimizer Pro\OptProCrash.dll [ 2013-10-17] ()
S2 Winmgmt; C:\ProgramData\jvrq06j.dss [175616 2013-11-16] (Sato Corporation)
2013-11-17 12:29 - 2013-11-19 14:26 - 95025368 ____T C:\ProgramData\1jvari.bxx
2013-11-17 12:29 - 2013-11-19 14:26 - 00000000 _____ C:\ProgramData\1jvari.fvv
2013-11-17 12:29 - 2013-11-17 12:29 - 00174592 _____ C:\ProgramData\iravj1.dss
2013-11-16 14:01 - 2013-11-19 15:44 - 95025368 ____T C:\ProgramData\j60qrvj.bxx
2013-11-16 14:01 - 2013-11-19 14:26 - 00000000 _____ C:\ProgramData\j60qrvj.fvv
2013-11-16 14:01 - 2013-11-16 14:02 - 00000279 _____ C:\ProgramData\j60qrvj.reg
2013-11-16 14:01 - 2013-11-16 14:01 - 01595904 ____T C:\ProgramData\j60qrvj.fdd
2013-11-16 14:01 - 2013-11-16 14:01 - 00175616 _____ (Sato Corporation) C:\ProgramData\jvrq06j.dss
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.



Rechner normal starten.

Chefkoch1 25.11.2013 13:14
hier das Log, Vielen Dank an dieser Stelle schonmal. :-)


Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-11-2013
Ran by SYSTEM at 2013-11-25 11:40:02 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\Besitzer\...\Run: [Optimizer Pro] - C:\Program Files\Optimizer Pro\OptProLauncher.exe [ 2013-09-29] (PC Utilities Pro)
AppInit_DLLs: C:\Program Files\Optimizer Pro\OptProCrash.dll [ 2013-10-17] ()
S2 Winmgmt; C:\ProgramData\jvrq06j.dss [175616 2013-11-16] (Sato Corporation)
2013-11-17 12:29 - 2013-11-19 14:26 - 95025368 ____T C:\ProgramData\1jvari.bxx
2013-11-17 12:29 - 2013-11-19 14:26 - 00000000 _____ C:\ProgramData\1jvari.fvv
2013-11-17 12:29 - 2013-11-17 12:29 - 00174592 _____ C:\ProgramData\iravj1.dss
2013-11-16 14:01 - 2013-11-19 15:44 - 95025368 ____T C:\ProgramData\j60qrvj.bxx
2013-11-16 14:01 - 2013-11-19 14:26 - 00000000 _____ C:\ProgramData\j60qrvj.fvv
2013-11-16 14:01 - 2013-11-16 14:02 - 00000279 _____ C:\ProgramData\j60qrvj.reg
2013-11-16 14:01 - 2013-11-16 14:01 - 01595904 ____T C:\ProgramData\j60qrvj.fdd
2013-11-16 14:01 - 2013-11-16 14:01 - 00175616 _____ (Sato Corporation) C:\ProgramData\jvrq06j.dss
       
*****************

HKU\Besitzer\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\1jvari.bxx => Moved successfully.
C:\ProgramData\1jvari.fvv => Moved successfully.
C:\ProgramData\iravj1.dss => Moved successfully.
C:\ProgramData\j60qrvj.bxx => Moved successfully.
C:\ProgramData\j60qrvj.fvv => Moved successfully.
C:\ProgramData\j60qrvj.reg => Moved successfully.
C:\ProgramData\j60qrvj.fdd => Moved successfully.
C:\ProgramData\jvrq06j.dss => Moved successfully.

==== End of Fixlog ====

schrauber 26.11.2013 09:41
Startet der REchner normal?


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:16 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19