Ich hab den Trojaner "Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"

Hammy1982

Hallo,

ich habe auf meinen PC einen Trojaner der beim Starten des PC´s sofort den Bildschirm blockiert und wo dann steht: Aus Sicherheitsgründen wurde Ihr System blockiert. Und dann soll man bezahlen.

Hier der Inhalt der Shell Datei:

WIN_7 X64 Service Pack 1
Running from I:\

HKLM\..\Winlogon; Shell = explorer.exe [ Microsoft Corporation ]
.
.
.
HKCU\..\Winlogon; Shell not found
.


[System Process]
System
smss.exe
csrss.exe
wininit.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
cmd.exe
conhost.exe
ctfmon.exe
svchost.exe
srep.exe


HKLM\..\Run [NUSB3MON] = "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
HKLM\..\Run [IAStorIcon] = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
HKLM\..\Run [BCU] = "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
HKLM\..\Run [ASUS ShellProcess Execute] = C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
HKLM\..\Run [avgnt] = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\..\Run [Adobe Reader Speed Launcher] = "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\..\Run [APSDaemon] = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\..\Run [iTunesHelper] = "F:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\..\Run [StartCCC] = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\..\Run [BCSSync] = "F:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

HKCU\..\Run [EADM] = "F:\Program Files (x86)\Origin\Origin.exe" -AutoStart
HKCU\..\Run [Steam] = "F:\Program Files (x86)\Steam\steam.exe" -silent
HKCU\..\Run [{510AAA52-1924-11E1-A649-806E6F6E6963}] = C:\Users\Hammy\AppData\Roaming\Microsoft\saletoc.exe
HKCU\..\Run [DAEMON Tools Pro Agent] = "F:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun

HKU\.DEFAULT\..\Winlogon; Shell =
HKU\S-1-5-19\..\Winlogon; Shell =
HKU\S-1-5-20\..\Winlogon; Shell =
HKU\S-1-5-21-253381423-2066752085-3532225023-1000\..\Winlogon; Shell =
HKU\S-1-5-21-253381423-2066752085-3532225023-1000_Classes\..\Winlogon; Shell =
HKU\S-1-5-18\..\Winlogon; Shell =

HKU\S-1-5-19\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-253381423-2066752085-3532225023-1000\..\Run [EADM] = "F:\Program Files (x86)\Origin\Origin.exe" -AutoStart
HKU\S-1-5-21-253381423-2066752085-3532225023-1000\..\Run [Steam] = "F:\Program Files (x86)\Steam\steam.exe" -silent
HKU\S-1-5-21-253381423-2066752085-3532225023-1000\..\Run [{510AAA52-1924-11E1-A649-806E6F6E6963}] = C:\Users\Hammy\AppData\Roaming\Microsoft\saletoc.exe
HKU\S-1-5-21-253381423-2066752085-3532225023-1000\..\Run [DAEMON Tools Pro Agent] = "F:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun


x64
HKLMx64\..\Winlogon; Shell = explorer.exe [ 2871808- ]
No action taken
HKCUx6464\..\Winlogon; Shell =
No action taken
HKLMx64\..\Winlogon, Shell = explorer.exe
HKCUx64\..\Winlogon, Shell =

==== FINISH 19.02-13.10 ====



Was muss ich nun machen??

Vielen Dank

Gruß
Stefan