![]() |
|
Log-Analyse und Auswertung: Polizeiseite verlangt Geld & sperrt den BrowserWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Polizeiseite verlangt Geld & sperrt den Browser Hallo!! wie es aussieht hat meinem Brüder eine Seite geöffnet, der nach Polizei- Seite aussah. Hier wurde ihm Geld verlangt und er konnte diese Seite nicht mehr Schließen. Egal wie oft er es versucht hat. Nach dem aus und einschalten des Laptops. Habe ich mein Avast- Antivirus (leider hat Avast kein Protokolldatei erstellt) und mein Spybot laufen lassen. Beim keine der beiden habe ich Meldungen bekommen, dass es Infiziert ist. Spybot: Code:
ATTFilter Search results from Spybot - Search & Destroy 9/29/2014 9:25:08 PM Scan took 00:39:51. 14 items found. Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done) C:\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YZD59TWP\skype.com\#ui\preferences.sol Properties.size=221 Properties.md5=7868AD4722DC97664CF589AF90F1FE68 Properties.filedate=1410884028 Properties.filedatetext=2014-09-16 18:13:48 MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1562486164-1968951811-4095644148-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1562486164-1968951811-4095644148-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done) HKEY_USERS\S-1-5-21-1562486164-1968951811-4095644148-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-1562486164-1968951811-4095644148-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Cookie: [SBI $49804B54] Browser: Cookie (8) (Browser: Cookie, nothing done) Cache: [SBI $49804B54] Browser: Cache (76) (Browser: Cache, nothing done) Verlauf: [SBI $49804B54] Browser: History (19) (Browser: History, nothing done) Cookie: [SBI $49804B54] Browser: Cookie (28) (Browser: Cookie, nothing done) --- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) --- 2013-09-20 blindman.exe (2.2.18.151) 2013-09-20 explorer.exe (2.2.18.177) 2013-09-20 SDBootCD.exe (2.2.18.109) 2013-09-20 SDCleaner.exe (2.2.18.110) 2013-09-20 SDDelFile.exe (2.2.18.94) 2013-06-18 SDDisableProxy.exe 2013-09-20 SDFiles.exe (2.2.18.135) 2013-09-20 SDFileScanHelper.exe (2.2.16.1) 2013-10-15 SDFSSvc.exe (2.2.25.211) 2013-10-10 SDHookHelper.exe (2.3.30.2) 2013-10-10 SDHookInst32.exe (2.3.30.2) 2013-09-20 SDImmunize.exe (2.2.18.130) 2013-05-16 SDLogReport.exe (2.1.18.107) 2013-10-14 SDOnAccess.exe (2.2.25.4) 2013-09-20 SDPESetup.exe (2.2.18.3) 2013-09-20 SDPEStart.exe (2.2.18.86) 2013-09-20 SDPhoneScan.exe (2.2.18.28) 2013-09-20 SDPRE.exe (2.2.18.22) 2013-09-20 SDPrepPos.exe (2.2.18.10) 2013-09-20 SDQuarantine.exe (2.2.18.103) 2013-09-20 SDRootAlyzer.exe (2.2.18.116) 2013-09-20 SDSBIEdit.exe (2.2.18.39) 2013-09-20 SDScan.exe (2.2.18.177) 2013-09-20 SDScript.exe (2.2.18.53) 2013-10-15 SDSettings.exe (2.2.25.138) 2013-09-20 SDShell.exe (2.2.18.2) 2013-09-20 SDShred.exe (2.2.18.107) 2013-09-20 SDSysRepair.exe (2.2.18.101) 2013-09-20 SDTools.exe (2.2.18.150) 2013-07-25 SDTray.exe (2.1.21.129) 2013-09-20 SDUpdate.exe (2.2.18.91) 2013-09-20 SDUpdSvc.exe (2.2.18.76) 2013-09-20 SDWelcome.exe (2.2.21.129) 2013-09-13 SDWSCSvc.exe (2.2.22.2) 2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0) 2014-07-31 spybotsd2-translation-esx.exe 2013-06-19 spybotsd2-translation-frx.exe 2014-08-25 spybotsd2-translation-hux2.exe 2014-09-10 spybotsd2-translation-nlx.exe 2014-02-12 unins000.exe (51.1052.0.0) 1999-12-02 xcacls.exe 2012-08-23 borlndmm.dll (10.0.2288.42451) 2012-09-05 DelZip190.dll (1.9.0.107) 2012-09-10 libeay32.dll (1.0.0.4) 2012-09-10 libssl32.dll (1.0.0.4) 2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98) 2013-05-16 SDAV.dll 2013-05-16 SDECon32.dll (2.1.18.113) 2013-04-05 SDEvents.dll (2.1.16.2) 2013-10-14 SDFileScanLibrary.dll (2.2.25.14) 2013-10-10 SDHook32.dll (2.3.30.2) 2013-05-16 SDImmunizeLibrary.dll (2.1.18.2) 2013-05-16 SDLicense.dll (2.1.18.0) 2013-05-16 SDLists.dll (2.1.18.4) 2013-05-16 SDResources.dll (2.1.18.7) 2013-05-16 SDScanLibrary.dll (2.1.18.131) 2013-05-16 SDTasks.dll (2.1.18.15) 2013-05-16 SDWinLogon.dll (2.1.18.0) 2012-08-23 sqlite3.dll 2012-09-10 ssleay32.dll (1.0.0.4) 2013-05-16 Tools.dll (2.1.18.36) 2014-03-05 Includes\Adware-000.sbi (*) 2014-01-08 Includes\Adware-001.sbi (*) 2014-09-24 Includes\Adware-C.sbi (*) 2014-01-13 Includes\Adware.sbi (*) 2014-01-13 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2014-01-08 Includes\Dialer-000.sbi (*) 2014-01-08 Includes\Dialer-001.sbi (*) 2014-01-08 Includes\Dialer-C.sbi (*) 2014-01-13 Includes\Dialer.sbi (*) 2014-01-13 Includes\DialerC.sbi (*) 2014-01-09 Includes\Fraud-000.sbi (*) 2014-01-09 Includes\Fraud-001.sbi (*) 2014-03-31 Includes\Fraud-002.sbi (*) 2014-01-09 Includes\Fraud-003.sbi (*) 2012-11-14 Includes\HeavyDuty.sbi (*) 2014-01-08 Includes\Hijackers-000.sbi (*) 2014-01-08 Includes\Hijackers-001.sbi (*) 2014-01-08 Includes\Hijackers-C.sbi (*) 2014-01-13 Includes\Hijackers.sbi (*) 2014-01-13 Includes\HijackersC.sbi (*) 2014-01-08 Includes\iPhone-000.sbi (*) 2014-01-08 Includes\iPhone.sbi (*) 2014-01-08 Includes\Keyloggers-000.sbi (*) 2014-09-24 Includes\Keyloggers-C.sbi (*) 2014-01-13 Includes\Keyloggers.sbi (*) 2014-01-13 Includes\KeyloggersC.sbi (*) 2014-01-09 Includes\Malware-001.sbi (*) 2014-01-09 Includes\Malware-002.sbi (*) 2014-02-05 Includes\Malware-003.sbi (*) 2014-01-28 Includes\Malware-004.sbi (*) 2014-04-15 Includes\Malware-005.sbi (*) 2014-02-26 Includes\Malware-006.sbi (*) 2014-01-09 Includes\Malware-007.sbi (*) 2014-09-17 Includes\Malware-C.sbi (*) 2014-01-13 Includes\Malware.sbi (*) 2013-12-23 Includes\MalwareC.sbi (*) 2014-01-15 Includes\PUPS-000.sbi (*) 2014-01-15 Includes\PUPS-001.sbi (*) 2014-01-15 Includes\PUPS-002.sbi (*) 2014-09-24 Includes\PUPS-C.sbi (*) 2012-11-14 Includes\PUPS.sbi (*) 2014-01-07 Includes\PUPSC.sbi (*) 2014-01-08 Includes\Security-000.sbi (*) 2014-01-08 Includes\Security-C.sbi (*) 2014-01-21 Includes\Security.sbi (*) 2014-01-21 Includes\SecurityC.sbi (*) 2014-01-08 Includes\Spyware-000.sbi (*) 2014-01-08 Includes\Spyware-001.sbi (*) 2014-01-08 Includes\Spyware-C.sbi (*) 2014-01-21 Includes\Spyware.sbi (*) 2014-01-21 Includes\SpywareC.sbi (*) 2011-06-07 Includes\Tracks.sbi (*) 2012-11-19 Includes\Tracks.uti (*) 2014-01-15 Includes\Trojans-000.sbi (*) 2014-01-15 Includes\Trojans-001.sbi (*) 2014-01-15 Includes\Trojans-002.sbi (*) 2014-01-15 Includes\Trojans-003.sbi (*) 2014-01-15 Includes\Trojans-004.sbi (*) 2014-03-19 Includes\Trojans-005.sbi (*) 2014-07-09 Includes\Trojans-006.sbi (*) 2014-01-15 Includes\Trojans-007.sbi (*) 2014-07-09 Includes\Trojans-008.sbi (*) 2014-07-09 Includes\Trojans-009.sbi (*) 2014-09-24 Includes\Trojans-C.sbi (*) 2014-01-15 Includes\Trojans-OG-000.sbi (*) 2014-01-15 Includes\Trojans-TD-000.sbi (*) 2014-01-15 Includes\Trojans-VM-000.sbi (*) 2014-01-15 Includes\Trojans-VM-001.sbi (*) 2014-01-15 Includes\Trojans-VM-002.sbi (*) 2014-01-15 Includes\Trojans-VM-003.sbi (*) 2014-01-15 Includes\Trojans-VM-004.sbi (*) 2014-01-15 Includes\Trojans-VM-005.sbi (*) 2014-01-15 Includes\Trojans-VM-006.sbi (*) 2014-01-15 Includes\Trojans-VM-007.sbi (*) 2014-01-15 Includes\Trojans-VM-008.sbi (*) 2014-01-15 Includes\Trojans-VM-009.sbi (*) 2014-01-15 Includes\Trojans-VM-010.sbi (*) 2014-01-15 Includes\Trojans-VM-011.sbi (*) 2014-01-15 Includes\Trojans-VM-012.sbi (*) 2014-01-15 Includes\Trojans-VM-013.sbi (*) 2014-01-15 Includes\Trojans-VM-014.sbi (*) 2014-01-15 Includes\Trojans-VM-015.sbi (*) 2014-01-15 Includes\Trojans-VM-016.sbi (*) 2014-01-15 Includes\Trojans-VM-017.sbi (*) 2014-01-15 Includes\Trojans-VM-018.sbi (*) 2014-01-15 Includes\Trojans-VM-019.sbi (*) 2014-01-15 Includes\Trojans-VM-020.sbi (*) 2014-01-15 Includes\Trojans-VM-021.sbi (*) 2014-01-15 Includes\Trojans-VM-022.sbi (*) 2014-01-15 Includes\Trojans-VM-023.sbi (*) 2014-01-15 Includes\Trojans-VM-024.sbi (*) 2014-01-15 Includes\Trojans-ZB-000.sbi (*) 2014-01-15 Includes\Trojans-ZL-000.sbi (*) 2014-01-09 Includes\Trojans.sbi (*) 2014-01-16 Includes\TrojansC-01.sbi (*) 2014-01-16 Includes\TrojansC-02.sbi (*) 2014-01-16 Includes\TrojansC-03.sbi (*) 2014-01-16 Includes\TrojansC-04.sbi (*) 2014-01-16 Includes\TrojansC-05.sbi (*) 2014-01-09 Includes\TrojansC.sbi (*) Danach habe ich den FRST laufen lassen. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2014 Ran by SYSTEM on MININT-ABK8BQ5 on 03-10-2014 14:48:33 Running from G:\ Platform: Windows 7 Home Premium (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-23] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1423904 2010-04-23] (Realtek Semiconductor) HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron) HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.) HKLM\...\Run: [LMgrOSD] => "C:\Program Files\Launch Manager\OSDCtrl.exe" HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated) HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1225944 2014-03-25] (COMODO) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-29] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-11] (Adobe Systems Incorporated) HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM\...\Run: [AdobeCS4ServiceManager] => C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-13] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe Acrobat Speed Launcher] => "G:\CS4--06.2014\Acrobat 9.0\Acrobat\Acrobat_sl.exe" HKLM\...\Run: [] => [X] HKLM\...\Run: [Acrobat Assistant 8.0] => "G:\CS4--06.2014\Acrobat 9.0\Acrobat\Acrotray.exe" HKLM\...\Run: [Adobe_ID0ENQBO] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-14] (Adobe Systems Incorporated) HKLM\...\Run: [osu!install.exe] => C:\Users\User\Downloads\osu!install.exe [69974088 2014-07-14] (ppy Pty. Ltd.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.) Winlogon\Notify\igfxcui: igfxdev.dll [X] Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\Default\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs HKU\Default User\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs HKU\User\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-16] (Hewlett-Packard Co.) HKU\User\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-28] (Spotify Ltd) HKU\User\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.) Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) BootExecute: autocheck autochk * sdnclean.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-14] (Adobe Systems Incorporated) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-02] (AVAST Software) S2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70864 2014-09-24] (Comodo Security Solutions, Inc.) S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-16] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-25] (COMODO) S2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2009-01-13] (Cisco Systems, Inc.) S2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2094216 2013-05-29] () S2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.) S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] () S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.) S2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-06] (X10) S3 WinHttpAutoProxySvc; winhttp.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-02] () S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-02] (AVAST Software) S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-02] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-07-02] () S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-02] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-07] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-02] (AVAST Software) S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [38472 2013-10-22] (The OpenVPN Project) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-07-02] () S1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2014-06-25] (Windows (R) Win 7 DDK provider) S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-04-16] (COMODO) S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-16] (COMODO) S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-16] (COMODO) S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) S2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306811 2009-01-13] (Cisco Systems, Inc.) S3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131856 2008-08-28] (Deterministic Networks, Inc.) S1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [15400 2014-06-25] () S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-16] (COMODO) S3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.) S3 cpuz135; \??\C:\Users\User\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-03 14:48 - 2014-10-03 14:48 - 00000000 ____D () C:\FRST 2014-10-03 04:42 - 2014-10-03 04:43 - 02109440 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2014-10-03 04:42 - 2014-10-03 04:42 - 01100800 _____ (Farbar) C:\Users\User\Downloads\FRST (1).exe 2014-10-03 02:45 - 2014-10-03 02:45 - 01100800 _____ (Farbar) C:\Users\User\Downloads\FRST.exe 2014-10-03 02:39 - 2014-10-03 02:39 - 00001977 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk 2014-10-03 02:39 - 2014-10-03 02:39 - 00000000 ____D () C:\Program Files\Common Files\COMODO 2014-09-29 11:31 - 2014-09-29 11:31 - 00000166 _____ () C:\Windows\wininit.ini 2014-09-29 07:35 - 2014-09-29 07:36 - 00000000 ____D () C:\Autodesk 2014-09-29 07:34 - 2014-09-29 07:35 - 10602248 _____ () C:\Users\User\Downloads\Autodesk_Maya_2015_wi_en-US_Setup.exe 2014-09-16 08:13 - 2014-09-16 08:13 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-09-08 04:28 - 2014-09-08 04:28 - 00000000 ____D () C:\Users\User\Downloads\Neuer Ordner 2014-09-05 02:00 - 2014-09-05 02:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-03 04:45 - 2009-07-13 20:34 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-03 04:45 - 2009-07-13 20:34 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-03 04:44 - 2013-09-17 02:00 - 01682932 _____ () C:\Windows\WindowsUpdate.log 2014-10-03 04:37 - 2013-09-25 06:50 - 00000000 ___RD () C:\Users\User\Dropbox 2014-10-03 04:37 - 2013-09-25 06:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox 2014-10-03 04:34 - 2009-07-13 20:39 - 00063179 _____ () C:\Windows\setupact.log 2014-10-03 04:07 - 2010-06-28 14:30 - 01612484 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-09-30 02:55 - 2013-11-14 10:14 - 455231106 _____ () C:\Windows\MEMORY.DMP 2014-09-30 02:55 - 2013-11-14 10:14 - 00000000 ____D () C:\Windows\Minidump 2014-09-30 02:44 - 2013-09-17 01:52 - 00096630 _____ () C:\Windows\PFRO.log 2014-09-29 11:31 - 2014-02-11 14:03 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-09-29 10:44 - 2009-07-13 18:04 - 00450709 ____R () C:\Windows\System32\Drivers\etc\hosts.20140929-213513.backup 2014-09-29 10:41 - 2014-02-11 14:03 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2014-09-29 09:39 - 2014-07-08 12:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify 2014-09-29 08:34 - 2014-07-08 12:45 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify 2014-09-29 07:57 - 2013-09-27 11:00 - 00000000 ____D () C:\Users\User\Documents\FHD 2014-09-27 13:39 - 2013-10-13 09:48 - 00002085 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-09-24 11:06 - 2013-09-25 07:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2014-09-24 11:06 - 2013-09-25 07:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2014-09-19 01:49 - 2013-09-25 06:50 - 00001216 _____ () C:\Users\User\Desktop\Dropbox.lnk 2014-09-18 05:34 - 2010-06-28 15:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2014-09-16 08:56 - 2014-03-26 08:00 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-16 08:54 - 2013-10-23 07:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype 2014-09-16 08:13 - 2014-05-15 13:56 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-09-16 08:13 - 2014-05-15 13:56 - 00000000 ___RD () C:\Program Files\Skype 2014-09-16 08:13 - 2013-10-23 07:39 - 00000000 ____D () C:\ProgramData\Skype 2014-09-14 23:06 - 2010-06-28 15:04 - 00231568 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2014-09-11 03:43 - 2013-09-25 07:50 - 00000000 ____D () C:\Windows\System32\MRT 2014-09-11 03:43 - 2010-06-28 15:06 - 98758480 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-09-08 17:19 - 2013-09-19 01:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv7ebha.dll C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxahheh.dll C:\Users\User\AppData\Local\Temp\ose00000.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE Association (whitelisted) ============= ==================== Restore Points ========================= Restore point made on: 2014-08-31 15:47:00 Restore point made on: 2014-08-31 15:48:59 Restore point made on: 2014-09-01 06:35:08 Restore point made on: 2014-09-04 00:12:04 Restore point made on: 2014-09-11 01:51:52 Restore point made on: 2014-09-11 03:42:06 Restore point made on: 2014-09-16 05:17:35 Restore point made on: 2014-09-16 08:55:26 Restore point made on: 2014-09-24 10:55:09 Restore point made on: 2014-09-27 13:02:48 Restore point made on: 2014-10-03 02:34:28 ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 2934.6 MB Available physical RAM: 2448.07 MB Total Pagefile: 2932.88 MB Available Pagefile: 2443.81 MB Total Virtual: 2047.88 MB Available Virtual: 1943.6 MB ==================== Drives ================================ Drive c: (BOOT) (Fixed) (Total:424.66 GB) (Free:334.64 GB) NTFS Drive e: (Recover) (Fixed) (Total:40 GB) (Free:22.04 GB) NTFS Drive g: (USB DISK) (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 884D7A8E) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=424.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=3.7 GB) - (Type=0B) LastRegBack: 2014-08-27 14:30 ==================== End Of Log ============================ Eve |
Themen zu Polizeiseite verlangt Geld & sperrt den Browser |
adobe, antivirus, browser gesperrt, fehlercode 0x5, fehlercode 0x81000006, fehlercode 0xc0000005, fehlercode 22, fehlercode windows, flash player, geld forderung, helper.exe, infiziert, install.exe, installation, launch, microsoft, mozilla, polizei trojaner, polizei virus, realtek, registry, registry key, services.exe, software, spotify web helper, svchost.exe, this device is disabled. (code 22), windows xp, winlogon.exe |