Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Polizeiseite verlangt Geld & sperrt den Browser

Polizeiseite verlangt Geld & sperrt den Browser


Log-Analyse und Auswertung: Polizeiseite verlangt Geld & sperrt den Browser

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 03.10.2014, 14:48   #1
EveLuA
 
Polizeiseite verlangt Geld & sperrt den Browser - Unglücklich

Polizeiseite verlangt Geld & sperrt den Browser


Hallo!!

wie es aussieht hat meinem Brüder eine Seite geöffnet, der nach Polizei- Seite aussah. Hier wurde ihm Geld verlangt und er konnte diese Seite nicht mehr Schließen. Egal wie oft er es versucht hat.

Nach dem aus und einschalten des Laptops. Habe ich mein Avast- Antivirus (leider hat Avast kein Protokolldatei erstellt) und mein Spybot laufen lassen. Beim keine der beiden habe ich Meldungen bekommen, dass es Infiziert ist.

Spybot:
Code:
ATTFilter
Search results from Spybot - Search & Destroy

9/29/2014 9:25:08 PM
Scan took 00:39:51.
14 items found.

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YZD59TWP\skype.com\#ui\preferences.sol
  Properties.size=221
  Properties.md5=7868AD4722DC97664CF589AF90F1FE68
  Properties.filedate=1410884028
  Properties.filedatetext=2014-09-16 18:13:48

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1562486164-1968951811-4095644148-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1562486164-1968951811-4095644148-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-1562486164-1968951811-4095644148-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-1562486164-1968951811-4095644148-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Cookie: [SBI $49804B54] Browser: Cookie (8) (Browser: Cookie, nothing done)
  

Cache: [SBI $49804B54] Browser: Cache (76) (Browser: Cache, nothing done)
  

Verlauf: [SBI $49804B54] Browser: History (19) (Browser: History, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (28) (Browser: Cookie, nothing done)
  


--- Spybot - Search & Destroy version: 2.1.18.131  DLL (build: 20130516) ---

2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-09-20 SDFiles.exe (2.2.18.135)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-09-10 spybotsd2-translation-nlx.exe
2014-02-12 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-09-24 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-09-24 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-09-17 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-09-24 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-07-09 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2014-09-24 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)

Danach habe ich den FRST laufen lassen.

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2014
Ran by SYSTEM on MININT-ABK8BQ5 on 03-10-2014 14:48:33
Running from G:\
Platform: Windows 7 Home Premium (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1423904 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] => C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] => "C:\Program Files\Launch Manager\OSDCtrl.exe"
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1225944 2014-03-25] (COMODO)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [AdobeCS4ServiceManager] => C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-13] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => "G:\CS4--06.2014\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => "G:\CS4--06.2014\Acrobat 9.0\Acrobat\Acrotray.exe"
HKLM\...\Run: [Adobe_ID0ENQBO] => C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [osu!install.exe] => C:\Users\User\Downloads\osu!install.exe [69974088 2014-07-14] (ppy Pty. Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\Default\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\Default User\...\RunOnce: [Screensaver] => C:\Windows\Web\Wallpaper\MEDION\start.vbs
HKU\User\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-16] (Hewlett-Packard Co.)
HKU\User\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-28] (Spotify Ltd)
HKU\User\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-14] (Adobe Systems Incorporated)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-02] (AVAST Software)
S2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70864 2014-09-24] (Comodo Security Solutions, Inc.)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-25] (COMODO)
S2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2009-01-13] (Cisco Systems, Inc.)
S2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2094216 2013-05-29] ()
S2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-24] (Comodo Security Solutions, Inc.)
S2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [244904 2010-02-10] ()
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
S2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2009-11-06] (X10)
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-02] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-02] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-02] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-07-02] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-02] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-07] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-02] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [38472 2013-10-22] (The OpenVPN Project)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-07-02] ()
S1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2014-06-25] (Windows (R) Win 7 DDK provider)
S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-04-16] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-16] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-16] (COMODO)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
S2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306811 2009-01-13] (Cisco Systems, Inc.)
S3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131856 2008-08-28] (Deterministic Networks, Inc.)
S1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [15400 2014-06-25] ()
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-16] (COMODO)
S3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 cpuz135; \??\C:\Users\User\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 14:48 - 2014-10-03 14:48 - 00000000 ____D () C:\FRST
2014-10-03 04:42 - 2014-10-03 04:43 - 02109440 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-10-03 04:42 - 2014-10-03 04:42 - 01100800 _____ (Farbar) C:\Users\User\Downloads\FRST (1).exe
2014-10-03 02:45 - 2014-10-03 02:45 - 01100800 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2014-10-03 02:39 - 2014-10-03 02:39 - 00001977 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2014-10-03 02:39 - 2014-10-03 02:39 - 00000000 ____D () C:\Program Files\Common Files\COMODO
2014-09-29 11:31 - 2014-09-29 11:31 - 00000166 _____ () C:\Windows\wininit.ini
2014-09-29 07:35 - 2014-09-29 07:36 - 00000000 ____D () C:\Autodesk
2014-09-29 07:34 - 2014-09-29 07:35 - 10602248 _____ () C:\Users\User\Downloads\Autodesk_Maya_2015_wi_en-US_Setup.exe
2014-09-16 08:13 - 2014-09-16 08:13 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-08 04:28 - 2014-09-08 04:28 - 00000000 ____D () C:\Users\User\Downloads\Neuer Ordner
2014-09-05 02:00 - 2014-09-05 02:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 04:45 - 2009-07-13 20:34 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 04:45 - 2009-07-13 20:34 - 00009696 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 04:44 - 2013-09-17 02:00 - 01682932 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 04:37 - 2013-09-25 06:50 - 00000000 ___RD () C:\Users\User\Dropbox
2014-10-03 04:37 - 2013-09-25 06:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-10-03 04:34 - 2009-07-13 20:39 - 00063179 _____ () C:\Windows\setupact.log
2014-10-03 04:07 - 2010-06-28 14:30 - 01612484 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-09-30 02:55 - 2013-11-14 10:14 - 455231106 _____ () C:\Windows\MEMORY.DMP
2014-09-30 02:55 - 2013-11-14 10:14 - 00000000 ____D () C:\Windows\Minidump
2014-09-30 02:44 - 2013-09-17 01:52 - 00096630 _____ () C:\Windows\PFRO.log
2014-09-29 11:31 - 2014-02-11 14:03 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-29 10:44 - 2009-07-13 18:04 - 00450709 ____R () C:\Windows\System32\Drivers\etc\hosts.20140929-213513.backup
2014-09-29 10:41 - 2014-02-11 14:03 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-29 09:39 - 2014-07-08 12:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
2014-09-29 08:34 - 2014-07-08 12:45 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
2014-09-29 07:57 - 2013-09-27 11:00 - 00000000 ____D () C:\Users\User\Documents\FHD
2014-09-27 13:39 - 2013-10-13 09:48 - 00002085 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 11:06 - 2013-09-25 07:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-09-24 11:06 - 2013-09-25 07:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-09-19 01:49 - 2013-09-25 06:50 - 00001216 _____ () C:\Users\User\Desktop\Dropbox.lnk
2014-09-18 05:34 - 2010-06-28 15:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-09-16 08:56 - 2014-03-26 08:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-16 08:54 - 2013-10-23 07:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-09-16 08:13 - 2014-05-15 13:56 - 00002505 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-16 08:13 - 2014-05-15 13:56 - 00000000 ___RD () C:\Program Files\Skype
2014-09-16 08:13 - 2013-10-23 07:39 - 00000000 ____D () C:\ProgramData\Skype
2014-09-14 23:06 - 2010-06-28 15:04 - 00231568 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-09-11 03:43 - 2013-09-25 07:50 - 00000000 ____D () C:\Windows\System32\MRT
2014-09-11 03:43 - 2010-06-28 15:06 - 98758480 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-09-08 17:19 - 2013-09-19 01:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv7ebha.dll
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxahheh.dll
C:\Users\User\AppData\Local\Temp\ose00000.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (whitelisted) =============


==================== Restore Points  =========================

Restore point made on: 2014-08-31 15:47:00
Restore point made on: 2014-08-31 15:48:59
Restore point made on: 2014-09-01 06:35:08
Restore point made on: 2014-09-04 00:12:04
Restore point made on: 2014-09-11 01:51:52
Restore point made on: 2014-09-11 03:42:06
Restore point made on: 2014-09-16 05:17:35
Restore point made on: 2014-09-16 08:55:26
Restore point made on: 2014-09-24 10:55:09
Restore point made on: 2014-09-27 13:02:48
Restore point made on: 2014-10-03 02:34:28

==================== Memory info =========================== 

Percentage of memory in use: 16%
Total physical RAM: 2934.6 MB
Available physical RAM: 2448.07 MB
Total Pagefile: 2932.88 MB
Available Pagefile: 2443.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.6 MB

==================== Drives ================================

Drive c: (BOOT) (Fixed) (Total:424.66 GB) (Free:334.64 GB) NTFS
Drive e: (Recover) (Fixed) (Total:40 GB) (Free:22.04 GB) NTFS
Drive g: (USB DISK) (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 884D7A8E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=424.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)


LastRegBack: 2014-08-27 14:30

==================== End Of Log ============================
Ich bedanke mich in voraus.

Eve

 

Themen zu Polizeiseite verlangt Geld & sperrt den Browser
adobe, antivirus, browser gesperrt, fehlercode 0x5, fehlercode 0x81000006, fehlercode 0xc0000005, fehlercode 22, fehlercode windows, flash player, geld forderung, helper.exe, infiziert, install.exe, installation, launch, microsoft, mozilla, polizei trojaner, polizei virus, realtek, registry, registry key, services.exe, software, spotify web helper, svchost.exe, this device is disabled. (code 22), windows xp, winlogon.exe


« Win 7 Home Premium 64bit: Audiostream ohne entsprechend geöffnetes Fenster (Browser: Chrome) | FRST Log, kurzer Check! »


Ähnliche Themen: Polizeiseite verlangt Geld & sperrt den Browser


  1. Bundespolizei sperrt mein Mozilla Browser
    Plagegeister aller Art und deren Bekämpfung - 12.02.2015 (10)
  2. Bundespolizei sperrt ihren Browser. PC funktioniert noch und habe ich Trojaner aufm PC?
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (11)
  3. Polizeiseite
    Plagegeister aller Art und deren Bekämpfung - 07.12.2013 (3)
  4. Polizei Seite verlangt nach Geld, Schadsoftware installiert?
    Plagegeister aller Art und deren Bekämpfung - 06.12.2013 (14)
  5. Bundespolizei-Trojaner "Light" - sperrt nur Browser, aber wie?
    Alles rund um Windows - 22.09.2013 (9)
  6. Windows 8 mit polizeiseite gesperrt
    Plagegeister aller Art und deren Bekämpfung - 21.09.2013 (5)
  7. Bundestrojaner (vermutl.) will Geld von mir...
    Log-Analyse und Auswertung - 14.11.2012 (10)
  8. UVA Trojaner sperrt meinen PC und will Geld von mir
    Log-Analyse und Auswertung - 21.09.2012 (7)
  9. GVU - Trojaner sperrt PC / Ukash Zahlung verlangt / W7 64bit / Malwarebytes erledigt
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (33)
  10. GEMA verlangt Geld und im offline Modus alles weiß, da keine Internetverbindung:(
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (2)
  11. Polizei verlangt 100 Euro - Trojaner sperrt PC
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (8)
  12. Bundespolizei sperrt my Laptop-Verlangt 100Euro
    Log-Analyse und Auswertung - 10.06.2012 (2)
  13. Trojaner (chatfenster öffnet sich, person verlangt geld und hat meine facebook login daten...)
    Log-Analyse und Auswertung - 04.06.2012 (3)
  14. Trojaner sperrt Windows XP und möchte Geld für Freigabe
    Log-Analyse und Auswertung - 22.01.2012 (10)
  15. Spyware verlangt Geld und Sperrt mein PC
    Log-Analyse und Auswertung - 02.12.2011 (3)
  16. Geld für E-mails
    Mülltonne - 30.12.2005 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Polizeiseite verlangt Geld & sperrt den Browser - Hallo!! wie es aussieht hat meinem Brüder eine Seite geöffnet, der nach Polizei- Seite aussah. Hier wurde ihm Geld verlangt und er konnte diese Seite nicht mehr Schließen. Egal wie - Polizeiseite verlangt Geld & sperrt den Browser...
Archiv
Du betrachtest: Polizeiseite verlangt Geld & sperrt den Browser auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131