Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malware: Computer gesperrt! 100 € zahlen.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 15.05.2013, 19:29   #1
managua2
 
Malware: Computer gesperrt! 100 € zahlen. - Pfeil

Malware: Computer gesperrt! 100 € zahlen.



Hallo zusammen!

Gestern wurde der Zugang zu meinem Computer durch ein Malware Program gesperrt.

Es handelt sich um:
Sony Vaio Notebook
OS: Windows Vista 32-bit (englische Version)

Symptome: Nach Windowsstart kommt ein weißer Bildschirm mit der Aufforderung 100 € zu zahlen

Ähnlich:



Ich habe einen Scan mit Farbar Recovery Tool durchgeführt:

FRST.txt Log File:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2013
Ran by SYSTEM on 15-05-2013 20:40:40
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Recovery
The current controlset is ControlSet004
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [701872 2013-01-24] (Cisco Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
HKU\Default\...\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" [x]
HKU\Default User\...\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" [x]
HKU\Teodor\...\Run: [8A8W3CVJUYVV4Y9GOBEWIGKJGDBW] C:\Recycle.Bin\Recycle.Bin.exe [x]
HKU\Teodor\...\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe [x]
HKU\Teodor\...\Run: [Google Update] "C:\Users\Teodor\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2011-11-13] (Google Inc.)
HKU\Teodor\...\Winlogon: [Shell] explorer.exe,C:\Users\Teodor\AppData\Roaming\skype.dat <==== ATTENTION 

========================== Services (Whitelisted) =================

S2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
S2 CVPND; C:\Program Files\Cisco Systems\VPN NN\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [20680 2009-04-09] (ESET)
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [731840 2009-04-09] (ESET)
S2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1435568 2012-12-10] (LogMeIn Inc.)
S2 iTeleportService; C:\Program Files\iTeleport\iTeleport Connect\iTeleportService.exe [20480 2011-04-11] (Microsoft)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2011-11-18] ()
S3 Microsoft SharePoint Workspace Audit Service; C:\OFFICE2010\Office14\GROOVE.EXE [31124344 2010-12-27] (Microsoft Corporation)
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-22] (Sony Corporation)
S2 VCFw; C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [415744 2008-06-20] (Sony Corporation)
S3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation)
S2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [544688 2013-01-24] (Cisco Systems, Inc.)
S2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-22] (Sony Corporation)
S3 msiserver; %systemroot%\system32\msiexec /V [x]
S3 Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService [x]

==================== Drivers (Whitelisted) ====================

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2013-01-24] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2013-01-24] (Cisco Systems, Inc.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.)
S3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-06-05] (DT Soft Ltd)
S2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [113960 2009-04-09] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [107256 2009-04-09] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [93312 2009-04-09] (ESET)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [143328 2008-06-28] (Realtek Semiconductor Corp.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-03-18] (Duplex Secure Ltd.)
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files\CyberLink\PowerDVD8\000.fcl [61424 2008-10-07] (Cyberlink Corp.)
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-15 20:40 - 2013-05-15 20:40 - 00000000 ____D C:\FRST
2013-05-14 22:55 - 2013-05-15 10:54 - 00000004 ____A C:\Users\Teodor\AppData\Roaming\skype.ini
2013-05-11 22:31 - 2013-05-11 23:11 - 336000427 ____A C:\Users\Teodor\Downloads\fl-mega-techno-collection.rar
2013-05-11 22:15 - 2013-05-11 22:15 - 00000000 ____D C:\Users\Teodor\AppData\Local\Native Instruments
2013-05-11 22:11 - 2013-05-11 22:11 - 00000897 ____A C:\Users\Public\Desktop\Massive.lnk
2013-05-11 22:11 - 2013-05-11 22:11 - 00000000 __HDC C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2013-05-11 22:10 - 2013-05-11 22:10 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2013-05-11 22:10 - 2013-05-11 22:10 - 00000000 ____D C:\Program Files\Common Files\Digidesign
2013-05-11 22:09 - 2013-05-11 22:10 - 00000000 ____D C:\Program Files\Native Instruments
2013-05-11 22:09 - 2013-05-11 22:09 - 00000966 ____A C:\Users\Public\Desktop\Service Center.lnk
2013-05-11 22:09 - 2013-05-11 22:09 - 00000000 __HDC C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2013-05-11 22:09 - 2013-05-11 22:09 - 00000000 ____D C:\ProgramData\Native Instruments
2013-05-11 21:38 - 2013-05-11 22:05 - 00000000 ____D C:\Users\Teodor\Desktop\New Folder (2)
2013-05-10 16:15 - 2013-05-10 16:15 - 00000699 ____A C:\Users\Public\Desktop\Poker at bet365.lnk
2013-05-10 16:15 - 2013-05-10 16:15 - 00000000 ____D C:\Poker
2013-05-10 16:14 - 2013-05-10 16:14 - 00580920 ____A (Playtech) C:\Users\Teodor\Downloads\SetupPoker_407fae.exe
2013-05-07 15:22 - 2013-05-07 15:22 - 00137896 ____A C:\Windows\Minidump\Mini050713-01.dmp
2013-05-06 19:11 - 2013-05-06 19:11 - 00137896 ____A C:\Windows\Minidump\Mini050613-01.dmp
2013-05-06 11:15 - 2013-05-06 11:15 - 00338470 ____A C:\Users\Teodor\Downloads\Pricing Derivatives Securities using MATLAB.zip
2013-05-06 11:15 - 2013-05-06 11:15 - 00338470 ____A C:\Users\Teodor\Desktop\Pricing Derivatives Securities using MATLAB.zip
2013-05-06 11:15 - 2013-05-05 21:40 - 00000000 ____D C:\Users\Teodor\Desktop\Pricing Derivatives Securities using MATLAB
2013-05-06 10:40 - 2013-05-06 10:40 - 00003717 ____A C:\Users\Teodor\Downloads\montecarloscriptv1.m
2013-05-03 16:39 - 2013-05-03 16:39 - 00137896 ____A C:\Windows\Minidump\Mini050313-02.dmp
2013-05-03 14:39 - 2013-05-03 14:40 - 00137896 ____A C:\Windows\Minidump\Mini050313-01.dmp
2013-05-01 18:00 - 2013-05-01 18:00 - 00137896 ____A C:\Windows\Minidump\Mini050113-01.dmp
2013-05-01 11:34 - 2013-05-08 22:52 - 00000000 ____D C:\Users\Teodor\Desktop\Matlab codes
2013-04-24 19:21 - 2013-04-24 19:21 - 00134280 ____A C:\Windows\Minidump\Mini042413-01.dmp
2013-04-23 19:55 - 2013-04-23 19:56 - 00000000 ____D C:\Users\Teodor\AppData\Roaming\vlc
2013-04-23 19:54 - 2013-04-23 19:54 - 00000859 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-04-23 19:51 - 2013-04-23 19:55 - 07738572 ____A C:\Users\Teodor\Downloads\webplugins-0.7.61-win32.exe
2013-04-23 19:51 - 2013-04-23 19:51 - 07737361 ____A C:\Users\Teodor\Downloads\webplugins-0.7.61-win32.exe.part
2013-04-23 19:50 - 2013-04-23 19:52 - 18499623 ____A C:\Users\Teodor\Downloads\vlc-1.0.5-win32.exe
2013-04-23 19:50 - 2013-04-23 19:51 - 18499020 ____A C:\Users\Teodor\Downloads\vlc-1.0.5-win32.exe.part
2013-04-23 18:24 - 2013-04-23 18:24 - 00137896 ____A C:\Windows\Minidump\Mini042313-03.dmp
2013-04-23 18:12 - 2013-04-23 18:13 - 00137896 ____A C:\Windows\Minidump\Mini042313-02.dmp
2013-04-23 17:54 - 2013-04-23 17:54 - 00137896 ____A C:\Windows\Minidump\Mini042313-01.dmp
2013-04-22 09:54 - 2013-01-24 07:13 - 00039888 ___RA (Cisco Systems, Inc.) C:\Windows\System32\Drivers\acsint.sys
2013-04-22 09:50 - 2013-04-22 09:50 - 04239360 ____A C:\Users\Teodor\Downloads\anyconnect-win-3.1.02040-pre-deploy-k9.msi
2013-04-22 09:50 - 2013-04-22 09:50 - 04239360 ____A C:\Users\Teodor\Downloads\anyconnect-win-3.1.02040-pre-deploy-k9(1).msi
2013-04-21 23:26 - 2013-04-21 23:26 - 00000000 ____D C:\Users\Teodor\AppData\Roaming\Subversion
2013-04-21 23:25 - 2013-04-21 23:25 - 00000000 ____D C:\Users\Teodor\AppData\Roaming\MathWorks
2013-04-21 22:16 - 2013-04-21 22:16 - 00001005 ____A C:\Users\Public\Desktop\MATLAB R2013a.lnk
2013-04-21 22:07 - 2013-05-15 10:50 - 00000548 ____A C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job
2013-04-21 22:06 - 2004-09-06 07:05 - 00645120 ____A C:\Windows\System32\config.gms
2013-04-21 22:06 - 2004-03-01 21:05 - 00407104 ____A (Microsoft Corporation) C:\Windows\System32\MSHFLXGD.OCX
2013-04-21 20:22 - 2013-04-21 20:22 - 00000000 ____D C:\Program Files\MATLAB
2013-04-18 16:02 - 2013-04-21 20:20 - 00000000 ____D C:\Users\Teodor\Downloads\Mathworks_Matlab_R2013a-CYGiSO
2013-04-18 15:54 - 2013-04-18 15:54 - 00000000 ____D C:\Program Files\PrivitizeVPN
2013-04-18 15:52 - 2013-04-18 15:52 - 00846248 ____A (PrivitizeVPN) C:\Users\Teodor\Downloads\Mathworks.Matlab.R2013a-CYGiSO_secure.exe
2013-04-18 15:34 - 2013-04-19 10:01 - 00000000 ____D C:\Users\Teodor\Desktop\SoSe13
2013-04-17 18:13 - 2013-04-17 18:13 - 00137896 ____A C:\Windows\Minidump\Mini041713-01.dmp
2013-04-17 10:26 - 2013-04-17 10:26 - 00000238 ____A C:\Users\Teodor\Desktop\New Text Document (9).txt

==================== One Month Modified Files and Folders ========

2013-05-15 20:40 - 2013-05-15 20:40 - 00000000 ____D C:\FRST
2013-05-15 18:34 - 2006-11-02 11:33 - 00694964 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-15 16:54 - 2008-12-26 09:27 - 01572704 ____A C:\Windows\WindowsUpdate.log
2013-05-15 15:48 - 2008-12-26 09:33 - 00002032 ____A C:\Users\Teodor\AppData\Local\d3d9caps.dat
2013-05-15 10:54 - 2013-05-14 22:55 - 00000004 ____A C:\Users\Teodor\AppData\Roaming\skype.ini
2013-05-15 10:51 - 2006-11-02 13:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-15 10:51 - 2006-11-02 13:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-15 10:50 - 2013-04-21 22:07 - 00000548 ____A C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job
2013-05-15 10:50 - 2012-10-11 22:03 - 00000000 ____D C:\Users\Teodor\AppData\Local\LogMeIn Hamachi
2013-05-15 10:48 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-15 03:14 - 2011-08-04 14:28 - 00000000 __AHD C:\Users\Teodor\Desktop\namefa
2013-05-14 22:55 - 2011-11-13 19:21 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1692336181-2024649908-3742851195-1000UA.job
2013-05-14 15:57 - 2012-06-13 12:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-14 06:55 - 2011-11-13 19:21 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1692336181-2024649908-3742851195-1000Core.job
2013-05-13 16:36 - 2009-03-17 19:49 - 00000000 ____D C:\Users\Teodor\AppData\Roaming\Skype
2013-05-11 23:11 - 2013-05-11 22:31 - 336000427 ____A C:\Users\Teodor\Downloads\fl-mega-techno-collection.rar
2013-05-11 22:15 - 2013-05-11 22:15 - 00000000 ____D C:\Users\Teodor\AppData\Local\Native Instruments
2013-05-11 22:11 - 2013-05-11 22:11 - 00000897 ____A C:\Users\Public\Desktop\Massive.lnk
2013-05-11 22:11 - 2013-05-11 22:11 - 00000000 __HDC C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2013-05-11 22:10 - 2013-05-11 22:10 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2013-05-11 22:10 - 2013-05-11 22:10 - 00000000 ____D C:\Program Files\Common Files\Digidesign
2013-05-11 22:10 - 2013-05-11 22:09 - 00000000 ____D C:\Program Files\Native Instruments
2013-05-11 22:09 - 2013-05-11 22:09 - 00000966 ____A C:\Users\Public\Desktop\Service Center.lnk
2013-05-11 22:09 - 2013-05-11 22:09 - 00000000 __HDC C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2013-05-11 22:09 - 2013-05-11 22:09 - 00000000 ____D C:\ProgramData\Native Instruments
2013-05-11 22:05 - 2013-05-11 21:38 - 00000000 ____D C:\Users\Teodor\Desktop\New Folder (2)
2013-05-10 16:15 - 2013-05-10 16:15 - 00000699 ____A C:\Users\Public\Desktop\Poker at bet365.lnk
2013-05-10 16:15 - 2013-05-10 16:15 - 00000000 ____D C:\Poker
2013-05-10 16:14 - 2013-05-10 16:14 - 00580920 ____A (Playtech) C:\Users\Teodor\Downloads\SetupPoker_407fae.exe
2013-05-10 11:00 - 2013-03-04 00:24 - 00000000 ____D C:\Program Files\StarCraft II
2013-05-08 22:52 - 2013-05-01 11:34 - 00000000 ____D C:\Users\Teodor\Desktop\Matlab codes
2013-05-07 15:22 - 2013-05-07 15:22 - 00137896 ____A C:\Windows\Minidump\Mini050713-01.dmp
2013-05-07 15:22 - 2009-03-23 17:42 - 00000000 ____D C:\Windows\Minidump
2013-05-07 15:21 - 2011-12-27 22:18 - 288155424 ____A C:\Windows\MEMORY.DMP
2013-05-06 19:11 - 2013-05-06 19:11 - 00137896 ____A C:\Windows\Minidump\Mini050613-01.dmp
2013-05-06 11:15 - 2013-05-06 11:15 - 00338470 ____A C:\Users\Teodor\Downloads\Pricing Derivatives Securities using MATLAB.zip
2013-05-06 11:15 - 2013-05-06 11:15 - 00338470 ____A C:\Users\Teodor\Desktop\Pricing Derivatives Securities using MATLAB.zip
2013-05-06 10:40 - 2013-05-06 10:40 - 00003717 ____A C:\Users\Teodor\Downloads\montecarloscriptv1.m
2013-05-05 21:40 - 2013-05-06 11:15 - 00000000 ____D C:\Users\Teodor\Desktop\Pricing Derivatives Securities using MATLAB
2013-05-03 16:39 - 2013-05-03 16:39 - 00137896 ____A C:\Windows\Minidump\Mini050313-02.dmp
2013-05-03 14:40 - 2013-05-03 14:39 - 00137896 ____A C:\Windows\Minidump\Mini050313-01.dmp
2013-05-02 19:11 - 2012-09-11 16:46 - 00000000 ____D C:\Program Files\Warcraft III
2013-05-01 18:00 - 2013-05-01 18:00 - 00137896 ____A C:\Windows\Minidump\Mini050113-01.dmp
2013-05-01 11:38 - 2008-08-08 04:43 - 00003204 ____A C:\Windows\bthservsdp.dat
2013-05-01 11:38 - 2006-11-02 14:01 - 00032588 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-04-24 19:21 - 2013-04-24 19:21 - 00134280 ____A C:\Windows\Minidump\Mini042413-01.dmp
2013-04-23 19:56 - 2013-04-23 19:55 - 00000000 ____D C:\Users\Teodor\AppData\Roaming\vlc
2013-04-23 19:55 - 2013-04-23 19:51 - 07738572 ____A C:\Users\Teodor\Downloads\webplugins-0.7.61-win32.exe
2013-04-23 19:54 - 2013-04-23 19:54 - 00000859 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-04-23 19:52 - 2013-04-23 19:50 - 18499623 ____A C:\Users\Teodor\Downloads\vlc-1.0.5-win32.exe
2013-04-23 19:51 - 2013-04-23 19:51 - 07737361 ____A C:\Users\Teodor\Downloads\webplugins-0.7.61-win32.exe.part
2013-04-23 19:51 - 2013-04-23 19:50 - 18499020 ____A C:\Users\Teodor\Downloads\vlc-1.0.5-win32.exe.part
2013-04-23 18:24 - 2013-04-23 18:24 - 00137896 ____A C:\Windows\Minidump\Mini042313-03.dmp
2013-04-23 18:13 - 2013-04-23 18:12 - 00137896 ____A C:\Windows\Minidump\Mini042313-02.dmp
2013-04-23 17:54 - 2013-04-23 17:54 - 00137896 ____A C:\Windows\Minidump\Mini042313-01.dmp
2013-04-22 09:54 - 2008-12-26 09:33 - 00000000 ____D C:\users\Teodor
2013-04-22 09:53 - 2010-11-14 17:58 - 00000000 ____D C:\ProgramData\Cisco
2013-04-22 09:53 - 2008-08-26 00:35 - 00000000 ____D C:\Program Files\Cisco
2013-04-22 09:50 - 2013-04-22 09:50 - 04239360 ____A C:\Users\Teodor\Downloads\anyconnect-win-3.1.02040-pre-deploy-k9.msi
2013-04-22 09:50 - 2013-04-22 09:50 - 04239360 ____A C:\Users\Teodor\Downloads\anyconnect-win-3.1.02040-pre-deploy-k9(1).msi
2013-04-21 23:26 - 2013-04-21 23:26 - 00000000 ____D C:\Users\Teodor\AppData\Roaming\Subversion
2013-04-21 23:25 - 2013-04-21 23:25 - 00000000 ____D C:\Users\Teodor\AppData\Roaming\MathWorks
2013-04-21 22:16 - 2013-04-21 22:16 - 00001005 ____A C:\Users\Public\Desktop\MATLAB R2013a.lnk
2013-04-21 20:26 - 2009-03-17 22:47 - 00000000 ____D C:\Users\Teodor\AppData\Roaming\uTorrent
2013-04-21 20:22 - 2013-04-21 20:22 - 00000000 ____D C:\Program Files\MATLAB
2013-04-21 20:20 - 2013-04-18 16:02 - 00000000 ____D C:\Users\Teodor\Downloads\Mathworks_Matlab_R2013a-CYGiSO
2013-04-19 10:01 - 2013-04-18 15:34 - 00000000 ____D C:\Users\Teodor\Desktop\SoSe13
2013-04-18 15:54 - 2013-04-18 15:54 - 00000000 ____D C:\Program Files\PrivitizeVPN
2013-04-18 15:52 - 2013-04-18 15:52 - 00846248 ____A (PrivitizeVPN) C:\Users\Teodor\Downloads\Mathworks.Matlab.R2013a-CYGiSO_secure.exe
2013-04-18 15:34 - 2012-08-30 02:06 - 00000000 ____D C:\Users\Teodor\Desktop\WiSe 12-13
2013-04-17 18:13 - 2013-04-17 18:13 - 00137896 ____A C:\Windows\Minidump\Mini041713-01.dmp
2013-04-17 10:26 - 2013-04-17 10:26 - 00000238 ____A C:\Users\Teodor\Desktop\New Text Document (9).txt
2013-04-17 10:17 - 2012-06-13 12:55 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-04-17 10:17 - 2012-06-13 12:55 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-04-17 10:17 - 2008-08-08 06:17 - 00000000 ____D C:\ProgramData\Adobe

Other Malware:
===========
C:\Users\Teodor\FL10SETUP.exe
C:\Users\Teodor\superwave_p8.exe
C:\Users\Teodor\AppData\Roaming\skype.dat
C:\Users\Teodor\AppData\Roaming\skype.ini
C:\Users\Teodor\Application Data\skype.dat
C:\Users\Teodor\Application Data\skype.ini

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 12%
Total physical RAM: 4062.12 MB
Available physical RAM: 3562.98 MB
Total Pagefile: 3818.59 MB
Available Pagefile: 3661.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.31 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:451.49 GB) (Free:4.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Recovery) (Fixed) (Total:14.27 GB) (Free:0.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:0.24 GB) (Free:0.12 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 2537FC8D)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=451 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 251 MB) (Disk ID: 69737369)
Partition 1: (Not Active) - (Size=80 GB) - (Type=69)
Partition 2: (Not Active) - (Size=892 GB) - (Type=73)
Partition 3: (Not Active) - (Size=0) - (Type=74)
Partition 4: (Not Active) - (Size=-440245157888) - (Type=00)


Last Boot: 2013-05-15 16:00

==================== End Of Log ============================
         
Ich wäre sehr dankbar sein wenn Sie mir einen Rat geben, wie ich mit diesem Problem umgehe

 

Themen zu Malware: Computer gesperrt! 100 € zahlen.
.dll, adobe flash player, antivirus, association, bildschirm, computer, desktop, eset nod32, explorer, farbar, farbar recovery scan tool, file, flash player, gesperrt, google, home, log file, malware, minidump, msiexec, photoshop, problem, realtek, recycle.bin, registry, safer networking, scan, services.exe, svchost.exe, system, vista, windows, winlogon.exe




Ähnliche Themen: Malware: Computer gesperrt! 100 € zahlen.


  1. Computer wurde gesperrt laut interpol soll ich 100 Euro strafe zahlen
    Log-Analyse und Auswertung - 08.02.2014 (7)
  2. Computer gesperrt und 100 Euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (19)
  3. GVU - Trojaner Computer Gesperrt- 100€ zahlen
    Log-Analyse und Auswertung - 22.12.2012 (13)
  4. GVU Computer gesperrt / 100 € zahlen / webcam
    Plagegeister aller Art und deren Bekämpfung - 10.12.2012 (17)
  5. Trojaner: GVU - Ihr Computer wurde gesperrt / 100 € zahlen / Zugriff auf ebcam
    Plagegeister aller Art und deren Bekämpfung - 06.12.2012 (4)
  6. Ihr Computer wurde gesperrt 100€ zu zahlen
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (2)
  7. Computer wurde gesperrt zahlen sie 100€ bei Ukash
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (5)
  8. Computer wurde gesperrt zahlen sie 100€ bei Ukash
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (20)
  9. Computer gesperrt durch BKA o.Ä. Trojaner, 100€ zahlen etc.
    Log-Analyse und Auswertung - 01.08.2012 (17)
  10. Windows Security Center - Achtung Ihr Computer wurde gesperrt - 100€ zahlen
    Log-Analyse und Auswertung - 16.04.2012 (5)
  11. Ihr Computer wurde gesperrt - Zahlen Sie EUR 100 über Ukash
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (3)
  12. computer gesperrt 100 € zahlen? problem!
    Log-Analyse und Auswertung - 19.03.2012 (31)
  13. Windows Security Center (100 euro zahlen) Achtung Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 14.03.2012 (1)
  14. ich auch: windows security center: computer gesperrt!100€ zahlen. absoluter Laie
    Log-Analyse und Auswertung - 22.02.2012 (12)
  15. Windows Security System - Computer wird gesperrt - 100€ zahlen
    Log-Analyse und Auswertung - 15.02.2012 (1)
  16. Windows Security-Drohung - Computer gesperrt - 100€ zahlen
    Plagegeister aller Art und deren Bekämpfung - 08.02.2012 (15)
  17. Computer gesperrt - 50€ Zahlen/Daten gelöscht - 2. mal
    Log-Analyse und Auswertung - 08.02.2012 (5)

Zum Thema Malware: Computer gesperrt! 100 € zahlen. - Hallo zusammen! Gestern wurde der Zugang zu meinem Computer durch ein Malware Program gesperrt. Es handelt sich um: Sony Vaio Notebook OS: Windows Vista 32-bit (englische Version) Symptome: Nach Windowsstart - Malware: Computer gesperrt! 100 € zahlen....
Archiv
Du betrachtest: Malware: Computer gesperrt! 100 € zahlen. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.