|
Plagegeister aller Art und deren Bekämpfung: Ihr PC wurde gesperrt - Ukash - BundespolizeiWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.08.2012, 19:27 | #1 |
| Ihr PC wurde gesperrt - Ukash - Bundespolizei Hallo, hab mir leider auch den Bundespolizei Trojaner gefangen. Hab mich hier schon ein bisschen durchgelesen und die OTM-Files hochgeladen. Bitte beachtet hab eine dønische XP Version drauf und weis nicht ob das einen Unterschied macht. Danke vorab fur eure Hilfe. Gruss |
19.08.2012, 19:47 | #2 |
| Ihr PC wurde gesperrt - Ukash - Bundespolizei Weis nicht, ob ich OTL richtig ausgefåhrt habe. Deswegen nochmal genau nach Anleitung durchgefåhrt und zwei neue Dateien hochgeladen.
__________________ |
19.08.2012, 19:58 | #3 |
/// Helfer-Team | Ihr PC wurde gesperrt - Ukash - BundespolizeiFixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL SRV - (Application Updater) -- C:\Programmer\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) DRV - (WDICA) -- File not found DRV - (viagfx) -- system32\DRIVERS\vtmini.sys File not found DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2123854095-1627011691-481979631-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2123854095-1627011691-481979631-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-2123854095-1627011691-481979631-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programmer\DivX\DivX Player\npDivxPlayerPlugin.dll File not found O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programmer\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Programmer\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.) O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Programmer\Softonic\Softonic\1.6.4.3\bh\Softonic.dll (Softonic.com) O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programmer\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Programmer\Softonic\Softonic\1.6.4.3\SoftonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programmer\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Programmer\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programmer\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-2123854095-1627011691-481979631-500\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programmer\Google\GoogleToolbar1.dll (Google Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\bullguard.exe" -boot File not found O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [SearchSettings] C:\Programmer\Fælles filer\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKU\S-1-5-21-2123854095-1627011691-481979631-500..\Run: [BullGuard] "C:\Programmer\BullGuard Software\BullGuard\BullGuard.exe" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2123854095-1627011691-481979631-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-06-29 01:18:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008-04-22 13:34:12 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ] [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2012-07-30 22:14:56 | 000,000,000 | ---D | C] -- C:\Programmer\YTD Toolbar [2012-07-30 22:14:56 | 000,000,000 | ---D | C] -- C:\Programmer\Fælles filer\Spigot [2012-07-30 22:14:56 | 000,000,000 | ---D | C] -- C:\Programmer\Application Updater [2012-07-30 17:18:19 | 000,000,000 | ---D | C] -- C:\Programmer\Softonic [2012-07-30 17:18:21 | 000,000,297 | ---- | M] () -- C:\user.js [2012-07-30 17:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DX\Application Data\Softonic [2012-08-19 19:33:04 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2123854095-1627011691-481979631-1006UA.job [2012-08-19 18:25:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012-08-19 18:20:06 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{10F5EA7E-8886-467F-8FE4-E3BAD7FF38E0}.job [2012-08-18 16:13:00 | 000,001,012 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2123854095-1627011691-481979631-1006UA.job [2012-08-17 13:33:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2123854095-1627011691-481979631-1006Core.job [2012-08-08 17:13:01 | 000,000,960 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2123854095-1627011691-481979631-1006Core.job [2012-06-22 15:05:39 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0tbpw.pad [2011-10-21 15:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2012-02-28 18:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DX\Application Data\BabylonToolbar :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
19.08.2012, 20:42 | #4 |
| Ihr PC wurde gesperrt - Ukash - Bundespolizei Hat leider nicht geklappt. Nachdem Neustart wurde das Logfile geoeffnet und als ich es kopieren wollte kam wieder der weisse Bildschirm mit dem bekanntem Text. Bin jetzt wieder im abgesicherten Modus und stell mal die Logfile rein. Hoffe ihr koennt mir helfen. Code:
ATTFilter All processes killed ========== OTL ========== Service Application Updater stopped successfully! Service Application Updater deleted successfully! C:\Programmer\Application Updater\ApplicationUpdater.exe moved successfully. Service WDICA stopped successfully! Service WDICA deleted successfully! File File not found not found. Service viagfx stopped successfully! Service viagfx deleted successfully! File system32\DRIVERS\vtmini.sys File not found not found. Service USBAAPL stopped successfully! Service USBAAPL deleted successfully! File System32\Drivers\usbaapl.sys File not found not found. Service PDRFRAME stopped successfully! Service PDRFRAME deleted successfully! File File not found not found. Service PDRELI stopped successfully! Service PDRELI deleted successfully! File File not found not found. Service PDFRAME stopped successfully! Service PDFRAME deleted successfully! File File not found not found. Service PDCOMP stopped successfully! Service PDCOMP deleted successfully! File File not found not found. Service PCIDump stopped successfully! Service PCIDump deleted successfully! File File not found not found. Service lbrtfdc stopped successfully! Service lbrtfdc deleted successfully! File File not found not found. Service i2omgmt stopped successfully! Service i2omgmt deleted successfully! File File not found not found. Service Changer stopped successfully! Service Changer deleted successfully! File File not found not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKEY_USERS\S-1-5-21-2123854095-1627011691-481979631-500\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-2123854095-1627011691-481979631-500\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKU\S-1-5-21-2123854095-1627011691-481979631-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully. C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. C:\Programmer\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully. C:\Programmer\uTorrentBar\prxtbuTo0.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully. C:\Programmer\Softonic\Softonic\1.6.4.3\bh\Softonic.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully. C:\Programmer\YTD Toolbar\IE\6.2\ytdToolbarIE.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}\ deleted successfully. C:\Programmer\Softonic\Softonic\1.6.4.3\SoftonicTlbr.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully. C:\Programmer\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found. File C:\Programmer\uTorrentBar\prxtbuTo0.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found. File C:\Programmer\YTD Toolbar\IE\6.2\ytdToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_USERS\S-1-5-21-2123854095-1627011691-481979631-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully. c:\Programmer\Google\GoogleToolbar1.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BullGuard deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSPY2002 deleted successfully. C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully. C:\Programmer\Fælles filer\Spigot\Search Settings\SearchSettings.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-2123854095-1627011691-481979631-500\Software\Microsoft\Windows\CurrentVersion\Run\\BullGuard deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found. Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_USERS\S-1-5-21-2123854095-1627011691-481979631-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\AUTOEXEC.BAT moved successfully. D:\AUTORUN.INF moved successfully. C:\WINDOWS\System32\CONFIG.TMP deleted successfully. C:\WINDOWS\System32\SET1D6.tmp deleted successfully. C:\WINDOWS\System32\SET1D7.tmp deleted successfully. C:\WINDOWS\System32\SET1D8.tmp deleted successfully. C:\WINDOWS\System32\SET1DC.tmp deleted successfully. C:\WINDOWS\System32\SET1DD.tmp deleted successfully. C:\WINDOWS\System32\SET1DE.tmp deleted successfully. C:\WINDOWS\System32\SET1E2.tmp deleted successfully. C:\WINDOWS\System32\SET1E4.tmp deleted successfully. C:\WINDOWS\System32\SET5E.tmp deleted successfully. C:\WINDOWS\System32\SET63.tmp deleted successfully. C:\WINDOWS\System32\SET6A.tmp deleted successfully. C:\WINDOWS\System32\SET73.tmp deleted successfully. C:\WINDOWS\System32\SET74.tmp deleted successfully. C:\WINDOWS\System32\SET75.tmp deleted successfully. C:\WINDOWS\System32\SET78.tmp deleted successfully. C:\Programmer\YTD Toolbar\Res\Lang folder moved successfully. C:\Programmer\YTD Toolbar\Res folder moved successfully. C:\Programmer\YTD Toolbar\IE\6.2 folder moved successfully. C:\Programmer\YTD Toolbar\IE folder moved successfully. C:\Programmer\YTD Toolbar\FF\chrome folder moved successfully. C:\Programmer\YTD Toolbar\FF folder moved successfully. C:\Programmer\YTD Toolbar folder moved successfully. C:\Programmer\Fælles filer\Spigot\wtxpcom\components folder moved successfully. C:\Programmer\Fælles filer\Spigot\wtxpcom\chrome\content folder moved successfully. C:\Programmer\Fælles filer\Spigot\wtxpcom\chrome folder moved successfully. C:\Programmer\Fælles filer\Spigot\wtxpcom folder moved successfully. C:\Programmer\Fælles filer\Spigot\Search Settings\Res folder moved successfully. C:\Programmer\Fælles filer\Spigot\Search Settings\Lang folder moved successfully. C:\Programmer\Fælles filer\Spigot\Search Settings folder moved successfully. C:\Programmer\Fælles filer\Spigot folder moved successfully. C:\Programmer\Application Updater folder moved successfully. C:\Programmer\Softonic\Softonic\1.6.4.3\bh folder moved successfully. C:\Programmer\Softonic\Softonic\1.6.4.3 folder moved successfully. C:\Programmer\Softonic\Softonic folder moved successfully. C:\user.js moved successfully. C:\Documents and Settings\DX\Application Data\Softonic\Softonic folder moved successfully. C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2123854095-1627011691-481979631-1006UA.job moved successfully. C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully. C:\WINDOWS\tasks\User_Feed_Synchronization-{10F5EA7E-8886-467F-8FE4-E3BAD7FF38E0}.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2123854095-1627011691-481979631-1006UA.job moved successfully. C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2123854095-1627011691-481979631-1006Core.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2123854095-1627011691-481979631-1006Core.job moved successfully. C:\Documents and Settings\All Users\Application Data\0tbpw.pad moved successfully. C:\Documents and Settings\All Users\Application Data\boost_interprocess\F0B51252F18FCC01 folder moved successfully. C:\Documents and Settings\All Users\Application Data\boost_interprocess folder moved successfully. C:\Documents and Settings\DX\Application Data\BabylonToolbar\BabylonToolbar folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP-konfiguration DNS Resolver Cache blev tømt. C:\Documents and Settings\Administrator\Skrivebord\cmd.bat deleted successfully. C:\Documents and Settings\Administrator\Skrivebord\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 5965709 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 623 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 479 bytes User: DX ->Temp folder emptied: 667301296 bytes ->Temporary Internet Files folder emptied: 401497795 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 64572251 bytes ->Google Chrome cache emptied: 330833184 bytes ->Flash cache emptied: 643 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 521728 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 105100040 bytes RecycleBin emptied: 200730 bytes Total Files Cleaned = 1.503,00 mb OTL by OldTimer - Version 3.2.58.0 log created on 08192012_210454 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\DX\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\VCY0LUXO\fig_core.io_core.json_core.legacy_core.log_core.prefs_core.util_globals_l10n-en-US_opensocial-data_rpc_shindig.auth_yahoo.internal.urlrewrite_yahoo.l10n.api_yap_yap.feature[1].classic not found! File\Folder C:\Documents and Settings\DX\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\EDQAK9QV\_compressed_dda7aa8e3b172b4d8f4d9948bb91dcfb79658c70_js_css_optimizerdda7aa8e3b172b4d8f4d9948bb91dcfb79658c70_6e477a8a7086fa1be4db61e0ab6e7e33_bundled_cssFiles[1].css not found! PendingFileRenameOperations files... File C:\Documents and Settings\DX\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\VCY0LUXO\fig_core.io_core.json_core.legacy_core.log_core.prefs_core.util_globals_l10n-en-US_opensocial-data_rpc_shindig.auth_yahoo.internal.urlrewrite_yahoo.l10n.api_yap_yap.feature[1].classic not found! File C:\Documents and Settings\DX\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\EDQAK9QV\_compressed_dda7aa8e3b172b4d8f4d9948bb91dcfb79658c70_js_css_optimizerdda7aa8e3b172b4d8f4d9948bb91dcfb79658c70_6e477a8a7086fa1be4db61e0ab6e7e33_bundled_cssFiles[1].css not found! Registry entries deleted on Reboot... |
19.08.2012, 20:59 | #5 |
/// Helfer-Team | Ihr PC wurde gesperrt - Ukash - Bundespolizei Sehr gut! Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
19.08.2012, 21:48 | #6 |
| Ihr PC wurde gesperrt - Ukash - Bundespolizei Bis jetyt laeufts noch gut. Hier ist die File: |
19.08.2012, 21:57 | #7 |
/// Helfer-Team | Ihr PC wurde gesperrt - Ukash - Bundespolizei Bitte das Malwarebytes Logfile posten! (Reiter Logberichte) |
29.09.2012, 21:01 | #8 |
/// Helfer-Team | Ihr PC wurde gesperrt - Ukash - Bundespolizei Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
Themen zu Ihr PC wurde gesperrt - Ukash - Bundespolizei |
bundespolizei, bundespolizei trojaner, gesperrt, pc wurde gesperrt, troja, trojaner, ukash, unterschied, version |