Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung

Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung


Plagegeister aller Art und deren Bekämpfung: Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.02.2012, 21:58   #1
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung - Standard

Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
IE - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360310h9c6l0490z135f4431y248
IE - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.defaultthis.engineName: "SparkleBox Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT340574&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.8&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.8&q="
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
[2012.01.31 16:15:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.15 07:37:22 | 000,000,000 | ---D | M] (SparkleBox Community Toolbar) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{ca4eedb3-5719-4e27-a478-8d13f761c28d}
[2011.08.22 11:47:48 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.04.28 10:24:15 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.02.05 17:09:44 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\welcome@toolmin.com
[2011.06.06 13:15:00 | 000,000,921 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\conduit.xml
[2012.02.14 19:56:46 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-1.xml
[2010.12.10 22:54:16 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-10.xml
[2011.03.11 20:35:45 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-11.xml
[2011.03.26 11:03:35 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-12.xml
[2011.04.30 07:26:28 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-13.xml
[2011.05.08 18:49:00 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-14.xml
[2011.06.16 04:58:27 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-15.xml
[2011.06.22 06:40:07 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-16.xml
[2012.02.04 12:45:09 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-17.xml
[2012.02.05 17:09:58 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-18.xml
[2010.06.24 09:10:28 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-2.xml
[2010.06.28 17:10:23 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-3.xml
[2010.07.21 16:51:30 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-4.xml
[2010.07.24 19:49:05 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-5.xml
[2010.09.09 20:31:45 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-6.xml
[2010.09.16 19:35:53 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-7.xml
[2010.10.22 16:22:57 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-8.xml
[2010.10.30 07:03:46 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-9.xml
[2012.01.31 16:15:03 | 000,000,168 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin.gif
[2012.01.31 16:15:03 | 000,000,618 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin.src
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin.xml
[2011.08.22 11:47:44 | 000,003,915 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\sweetim.xml
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e6047cce-bb59-11e0-9ccf-00262d7ce3bb}\Shell - "" = AutoRun
O33 - MountPoints2\{e6047cce-bb59-11e0-9ccf-00262d7ce3bb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:444C53BA

:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.02.2012, 19:58   #2
Franzi87
 
Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung - Standard

Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung


Ok hier der OTL Log nach dem Fix.

Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named Program Files was found!
HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2419196944-2182543560-2901153853-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2419196944-2182543560-2901153853-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Prefs.js: "Search the web" removed from browser.search.defaultenginename
Prefs.js: "SparkleBox Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT340574&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search the web" removed from browser.search.order.1
Prefs.js: "Search the web" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.8&q=" removed from keyword.URL
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.8&q=" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\Franzi\AppData\Roaming\Mozilla\FireFox\Profiles\9l632w5o.default\user.js moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{ca4eedb3-5719-4e27-a478-8d13f761c28d}\searchplugin folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{ca4eedb3-5719-4e27-a478-8d13f761c28d}\modules folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{ca4eedb3-5719-4e27-a478-8d13f761c28d}\META-INF folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{ca4eedb3-5719-4e27-a478-8d13f761c28d}\defaults folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{ca4eedb3-5719-4e27-a478-8d13f761c28d}\components folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{ca4eedb3-5719-4e27-a478-8d13f761c28d}\chrome folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{ca4eedb3-5719-4e27-a478-8d13f761c28d} folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\nl-NL folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\it-IT folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\fr-FR folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\es-ES folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\en-US folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\de-DE folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\en-GB@dictionaries.addons.mozilla.org\dictionaries folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\en-GB@dictionaries.addons.mozilla.org folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\welcome@toolmin.com\chrome\content folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\welcome@toolmin.com\chrome folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\welcome@toolmin.com folder moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\conduit.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin.src moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\sweetim.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}\ deleted successfully.
C:\Program Files (x86)\icq\Internet Explorer\icq.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ deleted successfully.
C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ deleted successfully.
File WebPrint EX\ewpexhlp.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-89AF-189327213627} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-2419196944-2182543560-2901153853-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6047cce-bb59-11e0-9ccf-00262d7ce3bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6047cce-bb59-11e0-9ccf-00262d7ce3bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6047cce-bb59-11e0-9ccf-00262d7ce3bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6047cce-bb59-11e0-9ccf-00262d7ce3bb}\ not found.
File F:\LaunchU3.exe -a not found.
ADS C:\ProgramData\Temp:444C53BA deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Franzi
->Temp folder emptied: 807188 bytes
->Temporary Internet Files folder emptied: 9045333 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 134359380 bytes
->Flash cache emptied: 803 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19814366 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 32038746 bytes
 
Total Files Cleaned = 187,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02182012_195132

Files\Folders moved on Reboot...
C:\Users\Franzi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
__________________
Antwort

Themen zu Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung
adobe, alternate, antivir, autorun, avg, avira, bho, bonjour, canon, error, excel, explorer, firefox, format, home, launch, logfile, mozilla, packard bell, photoshop, plug-in, realtek, registry, scan, search the web, security, security scan, software, temp, version=1.0, virus, windows


« Anitvir Virus? ; Aufforderung zur Zahlung von 50 € | win32/spy banker wbu trojaner »


Ähnliche Themen: Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung


  1. Neuer Rechner; Neuer Virenschutz & Windows 8 Secure-Einstellungen
    Antiviren-, Firewall- und andere Schutzprogramme - 12.10.2014 (21)
  2. Hunderte E-Mails nach Sperr-Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (7)
  3. Sperr-Trojaner
    Log-Analyse und Auswertung - 05.10.2012 (6)
  4. E-mail sperr trojaner
    Log-Analyse und Auswertung - 16.07.2012 (12)
  5. Sperr-Trojaner eingefangen!
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (23)
  6. Windows Sperr Trojaner WinXP
    Log-Analyse und Auswertung - 03.05.2012 (3)
  7. Ein weiterer Fall: 50 € Virus - Windows gesperrt
    Log-Analyse und Auswertung - 11.04.2012 (22)
  8. (2x) Computer-Sperr-Trojaner entfernen
    Mülltonne - 30.03.2012 (3)
  9. Ein neuer Fall von TR\Crypt.XPACK.Gen.3
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (43)
  10. Windows Security Center Bezahlaufforderung von 100 €
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (1)
  11. XP Bezahlaufforderung Microsoft, Kaspersky... OTL schon laufen lassen...
    Plagegeister aller Art und deren Bekämpfung - 22.12.2011 (3)
  12. Hilfe zwecks Viruses!
    Log-Analyse und Auswertung - 13.11.2010 (22)
  13. Danger! Harmful viruses detected on your computer.
    Plagegeister aller Art und deren Bekämpfung - 13.04.2010 (5)
  14. Warning!!! Your computer contains various signs of viruses and malware..
    Plagegeister aller Art und deren Bekämpfung - 17.08.2009 (70)
  15. Probleme mit mir unbekanntem HDD-Sperr-Virus
    Plagegeister aller Art und deren Bekämpfung - 16.02.2008 (3)
  16. Escan: Total Viruses Found: 4
    Plagegeister aller Art und deren Bekämpfung - 14.09.2005 (2)
  17. e-scan viruses
    Plagegeister aller Art und deren Bekämpfung - 05.01.2005 (19)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung - Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert - Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung...
Archiv
Du betrachtest: Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131