AKM 50€ Virus eingefangen

gp97 · 30.09.2012, 16:49

Hallo.

Meine Schwester hat sich gestern beim Surfen den AKM Virus, bei dem man zur Entsperrung 50€ zahlen soll, eingefangen (Windows 7-Laptop, 64-Bit).
Der Computer lässt sich weder weder im normalen, noch im Abgesicherten Modus (auch mit Eingabeaufforderung/Netzwerktreibern) benutzen. Nach der Anmeldung erscheint so ein Fenster:

Nun wollte ich die Logfiles in eurem Forum posten.
Habe also OTL-CD gebrannt und auf Laptop gebootet. Wenn ich auf dem Reatogo-X-PE-Desktop auf das OTLPE-Icon doppelklicke, erscheint ein Fenster: "Browse For Folder" (angewählt ist My Computer), bei Klick auf OK, erscheint ein kleines Fenster (mit Überschrift "RunScanner ...): "No windows installations found".

Wie bekomme ich also die Logfiles? Wie kann ich den Virus loswerden bzw. die Daten retten?
Vielen Dank für die Hilfe schon im Voraus!

t'john · 30.09.2012, 18:44

waehle dein Windows-Verzeichniss aus!

gp97 · 30.09.2012, 19:46

Ok danke

Nun hat sich das Notepad geöffnet mit "OTL.Txt". (Aber kein Extras.txt)
Was soll ich als nächstes machen?

t'john · 30.09.2012, 20:05

Haenge die OTL.txt hier an (Bueroklammer-Symbol)

gp97 · 30.09.2012, 20:28

Eine Frage: Ist es gefährlich, das Textfile per USB-Stick vom Laptop auf den 2. Computer zu tun?

Komme mit dem Laptop nicht ins Internet...

t'john · 30.09.2012, 20:34

Nein, das ist hier kein Problem.

gp97 · 30.09.2012, 20:48

Gut. Hier das File.

t'john · 30.09.2012, 21:00

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code:

ATTFilter

:OTL
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ApnUpdater] D:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) 
O4 - HKLM..\Run: [DATAMNGR] File not found 
O4 - HKLM..\Run: [DivXUpdate] D:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKLM..\Run: [facemoods] D:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\facemoodssrv.exe (facemoods.com) 
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found 
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found 
O4 - Startup: D:\Users\Melina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk () 
O4 - Startup: D:\Users\Melina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) 
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found 
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found 
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found 
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found 
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found 
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKU\Melina_ON_D Winlogon: Shell - (C:\Users\Melina\AppData\Roaming\1.exe) - D:\Users\Melina\AppData\Roaming\1.exe () 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] 
O34 - HKLM BootExecute: (autocheck autochk *) - File not found 
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found 
[2012/09/28 09:25:06 | 000,000,693 | ---- | M] () -- D:\Users\Melina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk 
[2012/09/28 09:24:59 | 000,503,824 | ---- | M] () -- D:\Users\Melina\AppData\Roaming\lol.exe 
[2012/09/28 09:24:59 | 000,503,824 | ---- | M] () -- D:\Users\Melina\AppData\Roaming\1.exe 
@Alternate Data Stream - 158 bytes -> D:\ProgramData\Temp:AB689DEA 
@Alternate Data Stream - 153 bytes -> D:\ProgramData\Temp:4D066AD2 
@Alternate Data Stream - 143 bytes -> D:\ProgramData\Temp:4CF61E54 
@Alternate Data Stream - 133 bytes -> D:\ProgramData\Temp:93DE1838 
@Alternate Data Stream - 130 bytes -> D:\ProgramData\Temp:E1F04E8D 
@Alternate Data Stream - 127 bytes -> D:\ProgramData\Temp:0B9176C0 
@Alternate Data Stream - 125 bytes -> D:\ProgramData\Temp:E3C56885 
@Alternate Data Stream - 122 bytes -> D:\ProgramData\Temp:ABE89FFE 
[2011/04/01 19:22:22 | 000,002,047 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml 
[2012/09/24 15:12:41 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Yontoo 
[2012/09/24 15:12:27 | 000,000,000 | ---D | C] -- D:\ProgramData\Tarma Installer 
[2012/09/24 15:12:18 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Softonic 
[2012/09/24 15:12:19 | 000,001,054 | ---- | M] () -- D:\user.js 
[2012/09/17 14:55:57 | 000,000,000 | ---D | C] -- D:\Users\Melina\AppData\Roaming\BabylonToolbar 
[2012/09/17 14:55:55 | 000,000,000 | ---D | C] -- D:\Windows\SysWow64\searchplugins 
[2012/09/17 14:51:50 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\BabylonToolbar 
[2012/09/17 14:50:36 | 000,000,000 | ---D | C] -- D:\ProgramData\Babylon 
[2012/09/17 14:50:35 | 000,000,000 | ---D | C] -- D:\Users\Melina\AppData\Roaming\Babylon 

[2012/08/12 15:31:25 | 000,000,000 | ---D | M] -- D:\ProgramData\boost_interprocess 
[2010/08/04 05:20:11 | 000,000,000 | ---D | M] -- D:\ProgramData\Partner 
:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Melina\*.tmp
C:\Users\Melina\AppData\Local\{*}
C:\Users\Melina\AppData\Local\Temp\*.exe
C:\Users\Melina\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

2. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

4. Schritt

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

gp97 · 01.10.2012, 20:01

Und das alles (die Bereinigung) auf der OTLPE-CD des Laptops? Oder funktioniert der normale Modus wieder?

t'john · 02.10.2012, 05:20

Schritt 1 unter OTLPE

danach normal starten und weitermachen!

gp97 · 02.10.2012, 18:42

Beim staren von otl: OTL.exe - This application has failed to start because framedyn.dll was not found. Reinstalling the application may fix this problem. Überschrift: Unable to locate Component.

Bei der suche nach framedyn.dll gibt es aber mehrere treffer: in System 32, sysWOW64 etc.

t'john · 02.10.2012, 22:05

Schritt 1 unter OTLPE (von CD booten)

danach normal starten und weitermachen!

http://www.trojaner-board.de/124928-...tml#post928429

gp97 · 03.10.2012, 15:19

Sorry, wusste nicht dass OTL und OTLPE dasselbe ist..

Schritt 1 ausgeführt, beim Normalstarten kommt nun die Meldung, dass Windows nicht gestartet werden konnte. Starthilfe (Systemstartreparatur) ist auch nicht erfolgreich.

-> Nachdem bei OTL der Neustart beim Klicken von "Neu starten" nicht funktioniert hat (Status vom Fix war Abgeschlossen), habe ich manuell (per Startknopf) ausgeschaltet und neu gestartet.

Inhalt des Logfiles:

Code:

ATTFilter

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
D:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
D:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\facemoods deleted successfully.
D:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\facemoodssrv.exe moved successfully.
Registry key HKEY_USERS\LocalService_ON_D\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\NetworkService_ON_D\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce not found.
D:\Users\Melina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk moved successfully.
D:\Users\Melina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry key HKEY_USERS\Melina_ON_D\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon not found.
D:\Users\Melina\AppData\Roaming\1.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
File D:\Users\Melina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk not found.
D:\Users\Melina\AppData\Roaming\lol.exe moved successfully.
File D:\Users\Melina\AppData\Roaming\1.exe not found.
ADS D:\ProgramData\Temp:AB689DEA deleted successfully.
ADS D:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS D:\ProgramData\Temp:4CF61E54 deleted successfully.
ADS D:\ProgramData\Temp:93DE1838 deleted successfully.
ADS D:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS D:\ProgramData\Temp:0B9176C0 deleted successfully.
ADS D:\ProgramData\Temp:E3C56885 deleted successfully.
ADS D:\ProgramData\Temp:ABE89FFE deleted successfully.
D:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
D:\Program Files (x86)\Yontoo folder moved successfully.
D:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache folder moved successfully.
D:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} folder moved successfully.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache folder moved successfully.
D:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} folder moved successfully.
D:\ProgramData\Tarma Installer folder moved successfully.
D:\Program Files (x86)\Softonic\Softonic\1.6.7.4\bh folder moved successfully.
D:\Program Files (x86)\Softonic\Softonic\1.6.7.4 folder moved successfully.
D:\Program Files (x86)\Softonic\Softonic folder moved successfully.
D:\user.js moved successfully.
D:\Users\Melina\AppData\Roaming\BabylonToolbar\Shared folder moved successfully.
D:\Users\Melina\AppData\Roaming\BabylonToolbar\IE folder moved successfully.
D:\Users\Melina\AppData\Roaming\BabylonToolbar\FF folder moved successfully.
D:\Users\Melina\AppData\Roaming\BabylonToolbar\CR folder moved successfully.
D:\Users\Melina\AppData\Roaming\BabylonToolbar folder moved successfully.
D:\Windows\SysWow64\searchplugins folder moved successfully.
D:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh folder moved successfully.
D:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12 folder moved successfully.
D:\Program Files (x86)\BabylonToolbar\BabylonToolbar folder moved successfully.
D:\ProgramData\Babylon folder moved successfully.
D:\Users\Melina\AppData\Roaming\Babylon folder moved successfully.
D:\ProgramData\boost_interprocess\93969F2C7078CD01 folder moved successfully.
D:\ProgramData\boost_interprocess folder moved successfully.
D:\ProgramData\Partner folder moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\Melina\*.tmp not found.
File\Folder C:\Users\Melina\AppData\Local\{*} not found.
File\Folder C:\Users\Melina\AppData\Local\Temp\*.exe not found.
File\Folder C:\Users\Melina\AppData\LocalLow\Sun\Java\Deployment\cache not found.
< ipconfig /flushdns /c >
Windows IP Configuration
D:\cmd.bat deleted successfully.
D:\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
 
User: Default User
 
User: Gast
 
User: Melina
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 284862126 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 200209 bytes
 
Total Files Cleaned = 272.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 10032012_201633

t'john · 03.10.2012, 17:57

Geht der normale Modus?
Geht der abgesicherte Modus?

gp97 · 03.10.2012, 19:36

Beides geht nicht. (auch nicht Eingabeaufforderung/mit Netzwerktreibern)

Kurzer Bluescreen, dann Windows-Fehlerbehebung-Bildschirm.

30.09.2012, 18:44	#2
t'john /// Helfer-Team	AKM 50€ Virus eingefangen waehle dein Windows-Verzeichniss aus! __________________ __________________

30.09.2012, 20:05	#4
t'john /// Helfer-Team	AKM 50€ Virus eingefangen Haenge die OTL.txt hier an (Bueroklammer-Symbol) __________________ Mfg, t'john Das TB unterstützen

30.09.2012, 20:34	#6
t'john /// Helfer-Team	AKM 50€ Virus eingefangen Nein, das ist hier kein Problem. __________________ --> AKM 50€ Virus eingefangen

02.10.2012, 05:20	#10
t'john /// Helfer-Team	AKM 50€ Virus eingefangen Schritt 1 unter OTLPE danach normal starten und weitermachen! __________________ Mfg, t'john Das TB unterstützen

02.10.2012, 22:05	#12
t'john /// Helfer-Team	AKM 50€ Virus eingefangen Schritt 1 unter OTLPE (von CD booten) danach normal starten und weitermachen! http://www.trojaner-board.de/124928-...tml#post928429 __________________ Mfg, t'john Das TB unterstützen

AKM 50€ Virus eingefangen

Plagegeister aller Art und deren Bekämpfung: AKM 50€ Virus eingefangen