Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?

Hilfe343 · 10.07.2013, 19:22

Super vielen Dank!

Hier das ASW Log

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-10 20:14:00
-----------------------------
20:14:00.707    OS Version: Windows x64 6.1.7600 
20:14:00.707    Number of processors: 8 586 0x2A07
20:14:00.707    ComputerName: HORST-PC  UserName: horst
20:14:02.829    Initialize success
20:14:30.223    AVAST engine defs: 13071001
20:15:01.438    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:15:01.454    Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 3
20:15:01.563    Disk 0 MBR read successfully
20:15:01.579    Disk 0 MBR scan
20:15:01.579    Disk 0 Windows 7 default MBR code
20:15:01.594    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    25600 MB offset 2048
20:15:01.610    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       244189 MB offset 52430848
20:15:01.626    Disk 0 Partition - 00     0F Extended LBA            340688 MB offset 552531968
20:15:01.657    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       340687 MB offset 552534016
20:15:01.797    Disk 0 scanning C:\Windows\system32\drivers
20:15:13.014    Service scanning
20:15:45.727    Modules scanning
20:15:45.727    Disk 0 trace - called modules:
20:15:45.774    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys 
20:15:45.774    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005142060]
20:15:45.774    3 CLASSPNP.SYS[fffff880013b943f] -> nt!IofCallDriver -> [0xfffffa8004b1e910]
20:15:45.789    5 ACPI.sys[fffff88000f93781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b22050]
20:15:47.162    AVAST engine scan C:\Windows
20:15:51.093    AVAST engine scan C:\Windows\system32
20:18:43.789    AVAST engine scan C:\Windows\system32\drivers
20:18:55.579    AVAST engine scan C:\Users\horst
20:20:16.884    AVAST engine scan C:\ProgramData
20:21:07.210    Scan finished successfully
20:21:54.572    Disk 0 MBR has been saved successfully to "C:\Users\horst\Desktop\MBR.dat"
20:21:54.572    The log file has been saved successfully to "C:\Users\horst\Desktop\aswMBR.txt"

Eset Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=126085e05a7e9f489e169c3e91428410
# engine=13257
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-28 08:25:44
# local_time=2013-02-28 09:25:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=5893 16776574 66 85 40520270 113669794 0 0
# scanned=36228
# found=0
# cleaned=0
# scan_time=4699
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=126085e05a7e9f489e169c3e91428410
# engine=13259
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-28 11:55:47
# local_time=2013-02-28 12:55:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=5893 16776574 66 85 40532873 113682397 0 0
# scanned=413279
# found=1
# cleaned=0
# scan_time=10431
sh=FE5AA6537A7AF2AD5A7268973DB825F5CF07DE0D ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\HORST-PC\Backup Set 2013-02-18 131410\Backup Files 2013-02-18 131410\Backup files 1.zip"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=126085e05a7e9f489e169c3e91428410
# engine=14346
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-10 08:23:30
# local_time=2013-07-10 10:23:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=5893 16776574 66 85 51971736 125117660 0 0
# scanned=403013
# found=2
# cleaned=0
# scan_time=7139
sh=91995D94CB0B57F540C98CF0F34FC599C7376C68 ft=1 fh=ba222c6d0688f8dd vn="a variant of Win32/Kryptik.AVXQ trojan" ac=I fn="C:\_OTL\MovedFiles\07092013_212057\C_Users\horst\AppData\Roaming\userj.exe"
sh=FE5AA6537A7AF2AD5A7268973DB825F5CF07DE0D ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="D:\HORST-PC\Backup Set 2013-02-18 131410\Backup Files 2013-02-18 131410\Backup files 1.zip"

Security Check

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.68  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!! 
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Trend Micro Titanium Internet Security   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 Out of date Malwarebytes Anti-Malware installed! 
 Java(TM) 6 Update 21  
 Java(TM) 7 Update 5  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox 11.0 Firefox out of Date!  
 Google Chrome 25.0.1364.97  
 Google Chrome 28.0.1500.71  
````````Process Check: objlist.exe by Laurent````````  
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?

Plagegeister aller Art und deren Bekämpfung: Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?

Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?

Ähnliche Themen: Trojan-Ransom.Win32.Foreign.abjw - alle Daten verschlüsselt, was tun?