| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computer gesperrt durch die "Bundespolizei", entsperrung durch GeldWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.07.2012, 12:01
| #16 |
| /// Helfer-Team  |  Computer gesperrt durch die "Bundespolizei", entsperrung durch Geld Du hast Dein OTL-Log ins Fenster eingefuegt. Das war falsch!!! Bitte den Fix wie beschrieben anwenden: http://www.trojaner-board.de/119211-...tml#post862621 Virenscanner ausschalten! |
|
12.07.2012, 13:20
| #17 |
 | Computer gesperrt durch die "Bundespolizei", entsperrung durch Geld verstehe ich nicht
__________________ genau so habe ich es doch gemacht???? deinen text hab ich kopiert und in OTL ganz unten eingefügt wo steht: benuzerdefinierte scans/fixes und dann auf FIX geklickt... ??? habs jetzt nochmal gemacht und den virenscan auch deaktiviert gehabt und hoffe das war nun richtig  ( diesmal hat otl auch nen neustart verlangt, was vorher nicht so war ) hier mal das logfile: All processes killed ========== OTL ========== No active process named Program Files was found! Process ExtensionUpdaterService.exe killed successfully! No active process named Program Files was found! No active process named Program Files was found! Service Web Assistant Updater stopped successfully! Service Web Assistant Updater deleted successfully! C:\Programme\Web Assistant\ExtensionUpdaterService.exe moved successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{990af1c2-5a27-4460-8149-ecc6bc122af3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{990af1c2-5a27-4460-8149-ecc6bc122af3}\ deleted successfully. C:\Program Files (x86)\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll moved successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6F197B23-9843-504A-3B26-1755F86AC030}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F197B23-9843-504A-3B26-1755F86AC030}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Backup.Old.Start Page| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully. C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully. File move failed. c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll scheduled to be moved on reboot. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{990af1c2-5a27-4460-8149-ecc6bc122af3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{990af1c2-5a27-4460-8149-ecc6bc122af3}\ not found. File C:\Program Files (x86)\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6F197B23-9843-504A-3B26-1755F86AC030}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F197B23-9843-504A-3B26-1755F86AC030}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CA205997-9AE8-451C-AEFA-F42B5FBC13A1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA205997-9AE8-451C-AEFA-F42B5FBC13A1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully. C:\Programme\Web Assistant\Extension64.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully. C:\Programme\Web Assistant\Extension32.dll moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully. C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully. C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator deleted successfully. C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616} C:\Windows\Downloaded Program Files\DivXPlugin.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a64a32e7-2e4f-11e1-82a4-3860775e8f00}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a64a32e7-2e4f-11e1-82a4-3860775e8f00}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a64a32e7-2e4f-11e1-82a4-3860775e8f00}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a64a32e7-2e4f-11e1-82a4-3860775e8f00}\ not found. File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL M:\Start.hta not found. C:\ProgramData\SweetIM\Messenger\update folder moved successfully. C:\ProgramData\SweetIM\Messenger\logs folder moved successfully. C:\ProgramData\SweetIM\Messenger\data\packages\FailDialog folder moved successfully. C:\ProgramData\SweetIM\Messenger\data\packages folder moved successfully. C:\ProgramData\SweetIM\Messenger\data\contentdb folder moved successfully. C:\ProgramData\SweetIM\Messenger\data\Bars\Default\400 folder moved successfully. C:\ProgramData\SweetIM\Messenger\data\Bars\Default\200 folder moved successfully. C:\ProgramData\SweetIM\Messenger\data\Bars\Default\100 folder moved successfully. C:\ProgramData\SweetIM\Messenger\data\Bars\Default folder moved successfully. C:\ProgramData\SweetIM\Messenger\data\Bars folder moved successfully. C:\ProgramData\SweetIM\Messenger\data folder moved successfully. C:\ProgramData\SweetIM\Messenger\conf\users folder moved successfully. C:\ProgramData\SweetIM\Messenger\conf folder moved successfully. C:\ProgramData\SweetIM\Messenger folder moved successfully. C:\ProgramData\SweetIM\Communicator\Logs folder moved successfully. C:\ProgramData\SweetIM\Communicator\conf folder moved successfully. C:\ProgramData\SweetIM\Communicator folder moved successfully. C:\ProgramData\SweetIM folder moved successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange folder moved successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green folder moved successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue folder moved successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources folder moved successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT folder moved successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf folder moved successfully. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer folder moved successfully. C:\Program Files (x86)\SweetIM\Toolbars folder moved successfully. C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite folder moved successfully. C:\Program Files (x86)\SweetIM\Messenger\resources\images folder moved successfully. C:\Program Files (x86)\SweetIM\Messenger\resources folder moved successfully. C:\Program Files (x86)\SweetIM\Messenger folder moved successfully. C:\Program Files (x86)\SweetIM\Communicator\resources\sqlite folder moved successfully. C:\Program Files (x86)\SweetIM\Communicator\resources folder moved successfully. C:\Program Files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT folder moved successfully. C:\Program Files (x86)\SweetIM\Communicator folder moved successfully. C:\Program Files (x86)\SweetIM folder moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found. File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found. ========== COMMANDS ========== Error: Unable to interpret <ipconfig /flushdns /c> in the current context! [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Henry ->Temp folder emptied: 13404638 bytes ->Temporary Internet Files folder emptied: 749375640 bytes ->Java cache emptied: 218013 bytes ->Flash cache emptied: 429305154 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 17297 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 1418841226 bytes Total Files Cleaned = 2.490,00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Henry ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.53.1 log created on 07122012_142158 Files\Folders moved on Reboot... File move failed. c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll scheduled to be moved on reboot. File\Folder C:\Users\Henry\AppData\Local\Temp\OICE_AD5319B1-9709-4C16-B7C9-5AC235C514C6.0\9A38B99F. not found! File\Folder C:\Users\Henry\AppData\Local\Temp\OICE_ABF87DFA-1376-439B-97FE-76872219B4EC.0\190D9E3E. not found! File\Folder C:\Users\Henry\AppData\Local\Temp\OICE_7F66B802-6E44-4752-83D2-3BC98330B1F5.0\D0B115E. not found! File\Folder C:\Users\Henry\AppData\Local\Temp\OICE_72FB1E57-B5D7-44AE-88DD-352FC06AFA01.0\EF7E9CEE. not found! File\Folder C:\Users\Henry\AppData\Local\Temp\OICE_4349181E-EDEF-47E7-B86E-971FA1D1E03F.0\D127B0F0. not found! File\Folder C:\Users\Henry\AppData\Local\Temp\OICE_1F20967A-6442-466C-96E5-EDD1657EBEAE.0\4B315289. not found! C:\Users\Henry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... [2012.02.17 11:20:28 | 000,281,600 | ---- | M] (McAfee, Inc.) c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll : MD5=7B17107D054A88C6D1ECC285B502D2D9 File C:\Users\Henry\AppData\Local\Temp\OICE_AD5319B1-9709-4C16-B7C9-5AC235C514C6.0\9A38B99F. not found! File C:\Users\Henry\AppData\Local\Temp\OICE_ABF87DFA-1376-439B-97FE-76872219B4EC.0\190D9E3E. not found! File C:\Users\Henry\AppData\Local\Temp\OICE_7F66B802-6E44-4752-83D2-3BC98330B1F5.0\D0B115E. not found! File C:\Users\Henry\AppData\Local\Temp\OICE_72FB1E57-B5D7-44AE-88DD-352FC06AFA01.0\EF7E9CEE. not found! File C:\Users\Henry\AppData\Local\Temp\OICE_4349181E-EDEF-47E7-B86E-971FA1D1E03F.0\D127B0F0. not found! File C:\Users\Henry\AppData\Local\Temp\OICE_1F20967A-6442-466C-96E5-EDD1657EBEAE.0\4B315289. not found! File C:\Users\Henry\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot... is der computer jetzt wieder sauber oder muss noch was gemacht werden?? |
|
12.07.2012, 19:37
| #18 |
| /// Helfer-Team | Computer gesperrt durch die "Bundespolizei", entsperrung durch Geld Jetzt hast du es richtig gemacht!
__________________Sehr gut!  Der Rechner muss noch entmuellt werden! naechster Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
|
13.07.2012, 18:30
| #19 |
| | Computer gesperrt durch die "Bundespolizei", entsperrung durch Geld hier mal die log, hab malware nochmal drüber laufen lassen...waren immer noch viele infezierte dateien? leider kann ich die anderen schritte erst in 2 wochen durchführen weil wir jetzt im urlaub fliegen. Ich melde mich dann zurück. Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.13.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Henry :: HENRY-PC [Administrator] Schutz: Aktiviert 13.07.2012 18:38:12 ggg Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 359493 Laufzeit: 46 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 30 HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.funmoodsHlpr.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.funmoodsHlpr (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\escort.escortIEPane (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoods.dskBnd (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCR\f (PUP.Funmoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods Web Search (PUP.FunMoods) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PDF Reader (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 7 C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Program Files (x86)\PDFReader\Uninstall\Uninstall.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt. (Ende) |
|
13.07.2012, 19:26
| #20 |
| /// Helfer-Team | Computer gesperrt durch die "Bundespolizei", entsperrung durch Geld Warum ENTEFRNST du die Funde nicht??? |
|
10.08.2012, 19:25
| #21 |
| /// Helfer-Team | Computer gesperrt durch die "Bundespolizei", entsperrung durch Geld Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________ --> Computer gesperrt durch die "Bundespolizei", entsperrung durch Geld |
|
13.08.2012, 16:07
| #22 |
| /// Helfer-Team | Computer gesperrt durch die "Bundespolizei", entsperrung durch Geld 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. |
|
27.09.2012, 13:38
| #23 |
| /// Helfer-Team | Computer gesperrt durch die "Bundespolizei", entsperrung durch Geld Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Computer gesperrt durch die "Bundespolizei", entsperrung durch Geld |
| cftmon.lnk, code, computer, formatieren, gefahren, geld, gesperrt, go_0molg.pad, großes, gvu trojaner, gvu trojaner entfernen, gvu trojaner mit webcam, installieren, karte, meldung, neu, online banking, panik, sperrbildschirm, sperrung, vater, webcam gvu trojaner, webcamfenster, wpbt0.dll, zugriff |
Linear-Darstellung
