Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung

Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung


Log-Analyse und Auswertung: Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 25.05.2016, 15:10   #1
turhan
 
Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung - Standard

Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung


Hallo. Ich habe seit gestern Abend keinen Zugriff auf meine Dateien (Office, pdf, Musik..). Auf dem Startbildschirm erscheint sofort nach dem Hochfahren eine Bilddatei mit dem Hinweis, dass alle meine Dateien verschlüsselt seien und dass eine Bitcoin-Zahlung notwendig sei. Auch ein Browserfenster öffnet sich automatisch mit dem selben Hinweis. Fast alle Ordner beinhalten eine Textdatei namens 'Recovery'. Die Nachricht tippe ich im Moment am infizierten Computer.

Ich habe den Computer mit HitmanPro und Malwarebytes Anti-Malware gescannt. Das Problem ist nicht gelöst. Dann bin ich auf eure Anweisungen gestoßen. Den Systemscan mit FRST habe ich gemacht.

Ich hoffe, ihr könnt mir helfen. Danke im Voraus.
PS: Gebt mir bitte ganz präzise Anweisungen, denn die Computersprache/-welt ist wirklich nicht mein Ding

HitmanPro

Code:
ATTFilter

	
Code: 

 
ATTFilter


  

	
HitmanPro 3.7.14.265
www.hitmanpro.com

   Computer name . . . . : TURHAN-PC
   Windows . . . . . . . : 6.1.1.7601.X64/1
   Safe Mode Boot  . . . : NETWORK
   User name . . . . . . : turhan-PC\turhan
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2016-05-25 09:05:18
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 10m 10s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : Yes

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 277

   Objects scanned . . . : 2.942.117
   Files scanned . . . . : 181.850
   Remnants scanned  . . : 1.313.298 files / 1.446.969 keys

Potential Unwanted Programs _________________________________________________

   C:\Program Files (x86)\Yahoo!\Common\unyt.exe (YahooToolbar) -> Deleted
      Size . . . . . . . : 104.184 bytes
      Age  . . . . . . . : 536.3 days (2014-12-06 01:08:59)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : DC3997D672B09484C4DEE930488271FB541988440A5F3B7E50680D35F4042786
      Publisher  . . . . : Yahoo! Inc.
      Description  . . . : Yahoo! Toolbar Setup
      Version  . . . . . : 2008.11.25.01
      Copyright  . . . . : Copyright (c) 2008 Yahoo! Inc.
      Fuzzy  . . . . . . : -8.0

   C:\Program Files (x86)\Yahoo!\Companion\ (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\ (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_anstip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_anstipg.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_as.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_atb.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_auttip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_auttipg.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_bootip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_catb.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_clutip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_clutipg.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_cnf.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_cotb.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_ctb.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_fantip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_fantipg.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_fintip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_fintipg.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_flktip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_flktipg.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_grptip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_grptipg.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_loctip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_loctipg.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_logtip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_mailatip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_mailtip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_map.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_mlbtip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_mlbtipg.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_movtip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_movtipg.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_msgratip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_msgrtip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_mustip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_mustipg.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_nbatip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_nbatipg.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_newstip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_newstipg.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_newtip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_newtipg.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_nfltip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_nfltipg.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_opt.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_pub.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_shotip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_shotipg.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_srchtip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_tratip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_tratipg.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_upg.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_weatip.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_weatipg.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_wp.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Data\dlg_wp2.html (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\ (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\inyt.exe.manifest (YahooToolbar) -> Deleted
   C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YPUBC.dll (YahooToolbar) -> Deleted
      Size . . . . . . . : 196.096 bytes
      Age  . . . . . . . : 536.3 days (2014-12-06 01:08:53)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : F77591D4F966D22438345FBD718E80EDC1FC447E9CA8CCB2EFEA21706ACDDA58
      Product  . . . . . : Yahoo! Pop-Up Blocker
      Publisher  . . . . : Yahoo! Inc.
      Description  . . . : Companion Pop-Up Blocker DLL
      Version  . . . . . : 2006.12.4.1
      Copyright  . . . . : Copyright © 2003-2006 Yahoo! Inc. All rights reserved.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : -8.0

   C:\ProgramData\Yahoo! Companion\ (YahooToolbar) -> Deleted
   C:\Users\turhan\AppData\Roaming\OpenCandy\ (Conduit) -> Deleted
   C:\Users\turhan\AppData\Roaming\Yahoo!\Companion\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\yt.DLL\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\YTBM.DLL\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{38552F25-8DED-4206-BB21-041EF53328F9}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\YCAPlugin.DLL\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\YMERemote.DLL\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\YPUBC.DLL\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\yt.DLL\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\YTabBar.DLL\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\ytbbroker.EXE\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\YTBM.DLL\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\YTMsgr.DLL\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\YTNavAssist.DLL\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\YTSingleInstance.DLL\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{7D831388-D405-4272-9511-A07440AD2927}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{38552F25-8DED-4206-BB21-041EF53328F9}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}\ (YahooToolbar) -> PendingDelete
   HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YPUBC.DataStore.1\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YPUBC.DataStore\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YPUBC.StringList.1\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YPUBC.StringList\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\yt.CacheLoader.1\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\yt.CacheLoader\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\yt.Clickstream.1\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\yt.Clickstream\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\yt.YTHelper.2\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\yt.YTHelper\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\yt.YToolbarBand\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YTBM.YTBMButton\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin.1\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance.1\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar\ (YahooToolbar) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Systweak\ (AdvSysProtector) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Systweak\RegClean Pro\ (RegClean Pro)
   HKLM\SOFTWARE\Wow6432Node\Yahoo\Companion\ (YahooToolbar) -> Deleted
   HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\Software\AppDataLow\Software\Yahoo\Companion\ (YahooToolbar) -> Deleted
   HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\Software\Softonic\ (Softonic) -> Deleted
   HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\Software\Yahoo\Companion\ (YahooToolbar) -> Deleted
   HKU\S-1-5-21-3466485993-4211878275-2006075751-1000\Software\Yahoo\YFriendsBar\ (YahooToolbar) -> Deleted

Cookies _____________________________________________________________________

   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\0CX7KLLV.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\0P6GE8ZP.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\1QJA61OE.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\24B3C1QP.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\2PQ8U18O.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\4DHC43JX.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\5QL0M20B.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\5RN8CG5B.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\72F9JD8L.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\8GB4KC0C.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\AUS8B2TG.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\BV3IDG6X.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\FS1PKKDF.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\NWRETTMF.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\O070DBS0.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\P2U96N15.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\R4DZVYMZ.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\T1P1MVD7.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\TBB1YLJG.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\TT7C58T0.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\UHEF5PDX.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\V704W346.txt
   C:\Users\turhan\AppData\Roaming\Microsoft\Windows\Cookies\X2D10H2L.txt
Malwarebytes Anti-Malware

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 25.05.2016
Suchlaufzeit: 13:01
Protokolldatei: malware.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.05.25.04
Rootkit-Datenbank: v2016.05.20.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: turhan

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 319799
Abgelaufene Zeit: 46 Min., 11 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 16
PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\MICROSOFT ANTIMALWARE\EXCLUSIONS\EXTENSIONS|*.exe, 0, In Quarantäne, [0e0a2dad5a3fae88505406af63a0d22e]
PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\MICROSOFT ANTIMALWARE\EXCLUSIONS\EXTENSIONS|*.tmp, 0, In Quarantäne, [43d5fae06d2c4de93372b10454aff30d]
PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\MICROSOFT ANTIMALWARE\EXCLUSIONS\EXTENSIONS|*.dll, 0, In Quarantäne, [c6526b6f2a6f6acc0b981f9660a37b85]
PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\MICROSOFT ANTIMALWARE\EXCLUSIONS\PROCESSES|rgjdu.exe, 0, In Quarantäne, [d147f3e7cacfe05602e47e3aa161b14f]
PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\MICROSOFT ANTIMALWARE\EXCLUSIONS\PROCESSES|explorer.exe, 0, In Quarantäne, [4ace706ad2c776c03f684f6637cc60a0]
PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\MICROSOFT ANTIMALWARE\EXCLUSIONS\PROCESSES|spoolsv.exe, 0, In Quarantäne, [ce4a3d9d435664d2e5c4169ff211a45c]
PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\MICROSOFT ANTIMALWARE\EXCLUSIONS\PROCESSES|rundll32.exe, 0, In Quarantäne, [31e78c4ec9d080b6feaa318453b0c739]
PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\MICROSOFT ANTIMALWARE\EXCLUSIONS\PROCESSES|svchost.exe, 0, In Quarantäne, [160230aacbce39fdc0eac5f0739027d9]
PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\EXTENSIONS|*.exe, 0, Löschen bei Neustart, [8197805a6c2dc96d9616b7fe32d1926e]
PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\EXTENSIONS|*.dll, 0, Löschen bei Neustart, [0711fddd5346181ee5c64b6a63a0e41c]
PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\EXTENSIONS|*.tmp, 0, Löschen bei Neustart, [4bcddbffaaefad895855f4c1ae5524dc]
PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PROCESSES|rgjdu.exe, 0, Löschen bei Neustart, [1800409adfbab28420c811a7c33fb44c]
PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PROCESSES|explorer.exe, 0, Löschen bei Neustart, [d93f2eacc3d614222f80b005c142847c]
PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PROCESSES|spoolsv.exe, 0, Löschen bei Neustart, [c751c218425784b24b66466fba4903fd]
PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PROCESSES|rundll32.exe, 0, Löschen bei Neustart, [c454c3177326f3438927f8bda36031cf]
PUM.Optional.MSExclusion, HKLM\SOFTWARE\MICROSOFT\WINDOWS DEFENDER\EXCLUSIONS\PROCESSES|svchost.exe, 0, Löschen bei Neustart, [2bede7f3f4a596a001b1a60fb74c7789]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 1
Trojan.Agent.Gen, C:\Users\turhan\AppData\Local\Temp\svchost.exe, In Quarantäne, [fd1ba7334158102681a85bf1e320e21e], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

 

Themen zu Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung
antimalware, automatisch, bildschirm, boot, dateien, defender, explorer, infizierte, internet explorer, log, löschen, malwarebytes, microsoft, neustart, office, ordner, pdf, problem, software, temp, verschlüsselung, virus, websites, win7, windows, windows7, yahoo, öffnet


« Windows 10 Home: Relativ neuer Laptop ist sehr langsam, Browser hängt sich oft auf | Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an »


Ähnliche Themen: Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung


  1. Wie verschlüsselte Dateien wiederherstellen
    Alles rund um Windows - 31.05.2017 (10)
  2. Bundestrojaner und verschlüsselte Dateien
    Plagegeister aller Art und deren Bekämpfung - 22.04.2014 (5)
  3. Win7 Home Premium - Verdacht Rootkit - Nutzung für Bitcoin-Botnet?
    Log-Analyse und Auswertung - 14.02.2014 (9)
  4. Verschlüsselte Dateien
    Plagegeister aller Art und deren Bekämpfung - 22.07.2013 (5)
  5. DirtyDecrypt.exe - Verschlüsselte Dateien entschlüsseln
    Plagegeister aller Art und deren Bekämpfung - 02.06.2013 (7)
  6. ScareUncrypt - Tool für verschlüsselte Dateien
    Diskussionsforum - 22.04.2013 (147)
  7. Weißer Bildschirm BKA und hinweis zur Zahlung
    Log-Analyse und Auswertung - 17.03.2013 (8)
  8. Polizei Trojaner - verschlüsselte Dateien
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (1)
  9. Verschlüsselte Dateien entschlüsseln
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (1)
  10. Verschlüsselte Dateien durch Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (1)
  11. Verschlüsselte Dateien
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (3)
  12. verschlüsselte audio.wav dateien wiederherstellen
    Plagegeister aller Art und deren Bekämpfung - 17.06.2012 (0)
  13. Windows Update Virus verschlüsselte Dateien
    Log-Analyse und Auswertung - 08.06.2012 (3)
  14. Verschlüsselte Dateien entschlüsseln
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)
  15. Verschlüsselte Dateien entschlüsseln
    Plagegeister aller Art und deren Bekämpfung - 05.05.2012 (3)
  16. Virensuche und verschlüsselte Dateien
    Plagegeister aller Art und deren Bekämpfung - 19.02.2007 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung - Hallo. Ich habe seit gestern Abend keinen Zugriff auf meine Dateien (Office, pdf, Musik..). Auf dem Startbildschirm erscheint sofort nach dem Hochfahren eine Bilddatei mit dem Hinweis, dass alle meine - Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung...
Archiv
Du betrachtest: Win7: Verschlüsselte Dateien - Hinweis auf Bitcoin-Zahlung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19