| |
| |||||||
Log-Analyse und Auswertung: Windows 8, Windows PC-Repair Virus und wohl noch andereWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.05.2014, 13:06
| #15 |
 |  Windows 8, Windows PC-Repair Virus und wohl noch andere Nachstehend die Fixlog.txt zu Schritt 1, Schritte 2 und 3 folgen später Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2014
Ran by Bodo at 2014-05-02 09:44:24 Run:1
Running from C:\Users\Bodo\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Task: {2EE106B8-5CCF-4253-A23C-26866F6BD9C1} - \Plus-HD-1.3-updater No Task File <==== ATTENTION
Task: {4445933D-9960-456A-97EC-D67E119103A6} - \Plus-HD-1.3-enabler No Task File <==== ATTENTION
Task: {8CEBADF6-73BA-4635-95B1-5630C760570B} - \Plus-HD-1.3-codedownloader No Task File <==== ATTENTION
Task: {93DD8BD0-F48E-4FE0-98D3-482CB8AED3E4} - \Plus-HD-1.3-firefoxinstaller No Task File <==== ATTENTION
Task: {BEC9C1C3-AD4E-4354-8F98-A6469B37DE8E} - \Plus-HD-1.3-chromeinstaller No Task File <==== ATTENTION
Task: {BF2088D2-306F-4D9C-9899-7188D50E06E1} - \Re-markit Update No Task File <==== ATTENTION
Task: {DF8990FA-5798-455D-BA2D-60CB8985A4F1} - \Re-markit_wd No Task File <==== ATTENTION
end
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2EE106B8-5CCF-4253-A23C-26866F6BD9C1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EE106B8-5CCF-4253-A23C-26866F6BD9C1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.3-updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4445933D-9960-456A-97EC-D67E119103A6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4445933D-9960-456A-97EC-D67E119103A6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.3-enabler => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8CEBADF6-73BA-4635-95B1-5630C760570B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CEBADF6-73BA-4635-95B1-5630C760570B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.3-codedownloader => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{93DD8BD0-F48E-4FE0-98D3-482CB8AED3E4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93DD8BD0-F48E-4FE0-98D3-482CB8AED3E4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.3-firefoxinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BEC9C1C3-AD4E-4354-8F98-A6469B37DE8E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEC9C1C3-AD4E-4354-8F98-A6469B37DE8E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.3-chromeinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BF2088D2-306F-4D9C-9899-7188D50E06E1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF2088D2-306F-4D9C-9899-7188D50E06E1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Re-markit Update => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DF8990FA-5798-455D-BA2D-60CB8985A4F1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF8990FA-5798-455D-BA2D-60CB8985A4F1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Re-markit_wd => Key deleted successfully.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1f1aa77ba47a4d4a866c8441521ab35c
# engine=18105
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-02 11:06:56
# local_time=2014-05-02 01:06:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode=1799 16775165 100 94 11729 12446978 4471 0
# compatibility_mode=5893 16776574 100 94 4249817 16345113 0 0
# scanned=294426
# found=6
# cleaned=0
# scan_time=10375
sh=1985BA727A081634DF8C8BF337418A20EAD11DE9 ft=1 fh=1df23621d4bad3c2 vn="Variante von Win32/AdWare.AddLyrics.AJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Re-markit\Re-markit_wd.exe.vir"
sh=1C940244383FC28EAF6ECC8A0B8635A9A0A22EBC ft=1 fh=c71c00112acf662a vn="Variante von Win32/AdWare.AddLyrics.AF Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Re-markit\ReMarkit_up.exe.vir"
sh=7243AF2124B24A4C7AE382020320B9AC4E342184 ft=1 fh=736eab52356df221 vn="Win32/AdWare.AddLyrics.AE Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Re-markit\Uninstall.exe.vir"
sh=86FD2D88F3C4675471D14644D2A2D8A0B08BA2F4 ft=1 fh=5d2300031434a965 vn="NSIS/StartPage.CC Trojaner" ac=I fn="C:\Users\Bodo\Downloads\vlc-2.1.2-win64.exe"
sh=99EC1C2A38AE98BCBF42E778E551C2C518C08DFD ft=1 fh=c71c0011d154cc06 vn="Variante von MSIL/Adware.PullUpdate.A Anwendung" ac=I fn="C:\Windows.old\Users\Bodo\AppData\Local\Temp\nsg15E7.tmp\Helper.dll"
sh=B6D3C19766BEAF1CB7A87D94DC48655C4CA22936 ft=1 fh=89e28e52b82c6968 vn="Variante von MSIL/Adware.PullUpdate.A Anwendung" ac=I fn="C:\Windows.old\Users\Bodo\AppData\Local\Temp\nsnEC2E.tmp\Helper.dll"
|
Baum-Darstellung