neue Bundespolizei ransom trojan joypjkbjbvqsgsg

**john.doe** · 27.07.2012, 22:57

Hi Sam,

ok, now i know the reason. Skip step 5 and go on with 6.

bye, andreas

**samjones** · 28.07.2012, 06:09

step 6:

# AdwCleaner v1.703 - Logfile created 07/28/2012 at 07:06:19
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Sam - SAM-PC
# Running from : C:\Users\Sam\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Sam\AppData\Local\Babylon
Folder Deleted : C:\Users\Sam\AppData\Local\Conduit
Folder Deleted : C:\Users\Sam\AppData\Local\TempDir
Folder Deleted : C:\Users\Sam\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sam\AppData\Roaming\Babylon
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
Folder Deleted : C:\Program Files\Conduit
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2431245[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2536373
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Wise Solutions

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5AC7965-7808-4422-9EAA-AF2017BC113A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Opera v12.0.1467.0

File : C:\Users\Sam\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3320 octets] - [27/07/2012 07:35:41]
AdwCleaner[R2].txt - [2819 octets] - [28/07/2012 07:06:07]
AdwCleaner[S1].txt - [2810 octets] - [28/07/2012 07:06:19]

########## EOF - C:\AdwCleaner[S1].txt - [2938 octets] ##########

**john.doe** · 28.07.2012, 07:51

Hi Sam,

now step 7 and 8.

bye, andreas

**samjones** · 28.07.2012, 09:28

Hi Andreas,

Here the logs.

Sam

**john.doe** · 28.07.2012, 09:53

Hi Sam,

the fix will reset the firewall rules, so the windows firewall will ask again.

1.) Fix with OTL

Download (if not already there) OTL by Oldtimer and save it to your Desktop.

Start OTL.exe using doubleclick.
If you have Vista- or Win7 use right mouse button => Run as administrator
Copy the text you see in the box below to the box in OTL named Custom Scans/Fixes

Code:

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D52E103-0250-48CB-B387-B93F64C9CE4B}" =-
"{0F9EC9C5-91B1-41D2-9E4B-9819DD69276C}" =-
"{11EA8364-78DC-4753-87A1-AE05F0FF7B17}" =-
"{1B0E25CC-36B6-4DB0-A16A-3486ECD92390}" =-
"{2B47CB5A-A43A-4C57-8F5A-A0E8579F9618}" =-
"{2DAFF905-6CB9-46B1-8C19-012511318ABB}" =-
"{5975E997-B09B-4D40-A80D-2B55D236DEB8}" =-
"{7A545F4C-6AFA-4FBE-9EEE-C491947FDFE1}" =-
"{7D6BD0DA-BD9C-41C8-A80E-7D35B881968C}" =-
"{82288136-C789-4297-A37C-C4A027D3ED4E}" =-
"{98FE5AD2-96EC-4CC2-9E40-FD9DFA98CE7E}" =-
"{A8831C9A-D28E-4049-A555-8BD6E1008BEA}" =-
"{BFBB9178-0655-4392-9531-5F0887208594}" =-
"{C8C947B1-60F2-4309-9744-8CE935F20D2C}" =-
"{D42014F0-29BF-44C5-B049-8426C98892FF}" =-
"{D627D335-CCA9-426E-B46C-70FB9769301F}" =-
"{D63012B5-959A-49FB-8E25-42775C167A28}" =-
"{F7504A56-2A82-4D5D-A7A6-9D5EE2130EFE}" =-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DB16BA1-A5BF-41CB-9A6A-2ABA14D646CB}" =-
"{1E073F9C-72AC-4F27-A943-D08D92BCB4E4}" =-
"{20F7383F-4E65-420F-919A-6641ED44DC73}" =-
"{246332E7-4926-4B2C-BB7A-E07AA40091CD}" =-
"{2593F3A6-6CA6-4616-908B-0ED63CB21A0B}" =-
"{362DF14A-844E-4D92-9DB3-3428553B2E46}" =-
"{4251C2AE-7498-4BEA-B28E-58A449701935}" =-
"{4569CAA9-92A0-483F-9084-BD5DBAC55186}" =-
"{4F4CB350-E12C-45F3-A612-7F2354CE77AD}" =-
"{5A4D99E6-6355-486A-9517-872B6B059D8B}" =-
"{5B6819E6-A379-4642-98D4-A02C8646A662}" =-
"{61EE3D1B-94CC-4499-864C-B4677AB050B3}" =-
"{6C658881-7B14-4C72-A385-FFD4E7CC7024}" =-
"{7F27AF41-414E-4E90-BCE0-FFA1B4AA2B1C}" =-
"{8A294745-78ED-44BA-A44E-0D1335AD9883}" =-
"{9791541D-BCE3-416C-8683-B7D14C190EF1}" =-
"{AD34D210-DAE2-424A-A2D5-D495C3060B66}" =-
"{B5239D82-3AD3-4A9E-9720-6DD27C07F366}" =-
"{BE37852E-00F1-47AA-B634-554AFDC900C3}" =-
"{C96C6E15-C7E9-4068-AC99-561217D520EA}" =-
"{CBA74DEB-1326-49B8-A319-ACC3FA08914F}" =-
"{D7705F55-4D61-4049-919C-86C34EAEA182}" =-
"{DDBB2704-87CC-4075-ACAE-514D6C8084D3}" =-
"{DEA74565-E974-4875-88B3-77C1C61ADFC1}" =-
"{E062B2E7-F65E-4730-A41D-77CC5FB41D2A}" =-
"{E650AC78-B8A4-45EC-87D4-F691A7A42B1F}" =-
"{F88F6561-FDED-4CA6-9550-856BE52C9CCE}" =-
"TCP Query User{63062737-F520-4E01-8334-AF0EA11DD74F}C:\program files\internet explorer\iexplore.exe" =-
"TCP Query User{92F40E07-A437-4095-9BF2-AE1FF98B7E2D}C:\program files\google\google earth\plugin\geplugin.exe" =-
"TCP Query User{A05FCB58-9496-41F7-B606-B4C493780A9D}C:\users\sam\documents\eclipse-helios-pc[1]\eclipse-helios-pc\eclipse-helios-pc\eclipse.exe" =-
"TCP Query User{AD4A9820-DB3C-45A8-92ED-DD73499A6BFA}C:\program files\internet explorer\iexplore.exe" =-
"TCP Query User{D690681E-D2DC-42DC-9B4E-C21B1B145F57}C:\users\sam\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" =-
"TCP Query User{F3792371-EC85-48C7-B700-4590E1C14F19}C:\program files\google\google earth\client\googleearth.exe" =-
"UDP Query User{384C0261-5FFD-45DD-8B9A-7633E087409D}C:\users\sam\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" =-
"UDP Query User{5F43CF93-4077-4394-BA0B-FB27955C23AA}C:\program files\internet explorer\iexplore.exe" =-
"UDP Query User{634D1918-43B5-47C2-AAD2-F914B278C5DA}C:\program files\google\google earth\client\googleearth.exe" =-
"UDP Query User{87E0F746-11B8-404C-A658-75758A6CF7F8}C:\program files\google\google earth\plugin\geplugin.exe" =-
"UDP Query User{8F074C9E-B6D4-4CB6-9EAC-4E377100A0F6}C:\program files\internet explorer\iexplore.exe" =-
"UDP Query User{D2242240-81E1-4006-96E9-38FD3C1F7F04}C:\users\sam\documents\eclipse-helios-pc[1]\eclipse-helios-pc\eclipse-helios-pc\eclipse.exe" =-

:Commands
[reboot]

Close all programs except OTL.
Click on Fix button.
Your computer will reboot at the end of the fix.
Copy the content of your Logfile to your thread.

You can find a copy of that log
here => C:\_OTL\MovedFiles\< date_number.log >

Important: The script above is only for this user in this situation. Never use it on other computers or situations. It can harm your computer.

2.) How ist your computer running, anything suspicious or any problems?

bye, andreas

**samjones** · 28.07.2012, 10:58

Hi Andreas,

Here the latest logs. Everything is fine on my computer, no problems.

Thanks,

Sam

**john.doe** · 28.07.2012, 11:15

Hi Sam,

glad we could help.

1.) Please run OTL and click on CleanUp button.

2.) Some malware prevention links => http://forums.malwarebytes.org/index...owtopic=104379

Safe surfing.

bye, andreas