Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Dldr.Agent.17383 - Verschlüsselungstrojaner

TR/Dldr.Agent.17383 - Verschlüsselungstrojaner


Plagegeister aller Art und deren Bekämpfung: TR/Dldr.Agent.17383 - Verschlüsselungstrojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.06.2012, 20:43   #1
PapitoPancho
 
TR/Dldr.Agent.17383 - Verschlüsselungstrojaner - Icon17

TR/Dldr.Agent.17383 - Verschlüsselungstrojaner


Hallo.

Zunächstmal hoffe ich, dass ich bei der Erstellung des Themas und bei der Schilderung des Problems alles richtig gemacht habe...

Ich weiß nicht, was über mich gekommen ist, aber ich habe heute mittag den Anhang der von Euch in einem anderen Post (Achtung: dnet24.de / FOTO Thun Spam, angebliche Mahnung bringt Verschlüsselungs Trojaner) beschriebenen Mail ausgeführt und meinen PC mit einem Verschlüsselungstrojaner infiziert.
Der Infektionshergang ist ja hinlänglich bekannt. Nach einer Weile hat der PC von alleine neu gestartet, kam aber nicht bis zum Desktop, vorher erschien die bekannte Nachricht mit der Zahlungsaufforderung.
Irgendwie bin ich dann reingekommen und habe festgestellt, dass sämtliche Mediendateien (mp3, avi, m4a... usw.) und alle Dokumente, die in einem Zusammenhang oder einer Verknüpfung mit dem Desktop standen oder sich direkt auf dem Desktop oder in einem Ordner auf dem Desktop befanden, nach dem Schema "gTDpreTQXsXpJpeQNDlpg" (ohne Dateiendung) umbenannt und deren Inhalt verschlüsselt wurde. Das Zurückbenennen hat bei mir noch bekannten Dateien nichts gebracht.
Weiterhin sind alle Bilder und Fotos verändert bzw. verschlüsselt worden, so dass sie sich nicht mehr öffnen/ansehen lassen. Allerdings fand hier keine Umbenennung statt, die Dateinamen sind unverändert.

Ich habe dann folgendes gemacht:

1. Systemwiederherstellung auf den letzten Wiederherstellungspunkt
2. Komplett-Scan mit Avira Antivir (3 Funde, jeweils TR/Dldr.Agent.17383 - Logdatei anbei)
... oder umgekehrt, ich weiß es nicht mehr

3. wild gegoogelt, Trojaner-Board.de gefunden, ohne Erfolg einige der 8 Entschlüsselungstools probiert, bis ich weiter gelesen habe, dass es sich hier wahrscheinlich um eine andere/neue Version eines solchen Trojaners handelt, die Dateien also nicht nach dem Schema "locked-...usw." umbenannt und auch anders verschlüsselt wurden.

4. Quickscan mit OTL und anschließend Fix (was sicher nicht richtig wahr, keine Ahnung)

5. weiter gelesen und zu dem Schluss gekommen, dass ich gerne die individuelle Hilfe in Anspruch nehmen würde, da mein Maßnahmendurcheinander und meine fehlende Ahnung das Problem nicht lösen.

6. mit Defogger die CD/DVD-Emulatoren deaktiviert

7. Vollständiger Scan mit Malwarebytes Anti-Malware (Logdatei anbei)

8. Nochmal Quickscan mit OTL


Ich würde mich freuen, wenn sich jemand des Problems individuell annehmen könnte. Ich bin mir im Klaren darüber, dass es sicher noch eine Weile dauert, bis die Dateien wieder entschlüsselbar sind. Deshalb wäre ich schon froh, wenn wenigstens mein System wieder vollständig sauber bekommen würde.

Vielen Dank schon einmal im Voraus.

Gruß, Papito.


Hier mein OTL-Log, wie gefordert direkt (eine extra.txt wurde nach dem Scan irgendwie nicht erzeugt), alle anderen als Anhang:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12/06/2012 20:34:46 - Run 2
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Papito\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd/MM/yyyy
 
3,98 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 46,38% Memory free
7,95 Gb Paging File | 5,52 Gb Available in Paging File | 69,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 545,07 Gb Total Space | 300,44 Gb Free Space | 55,12% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 29,72 Gb Free Space | 59,45% Space Free | Partition Type: NTFS
 
Computer Name: PAPITO-PC | User Name: Papito | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/06/12 15:52:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Papito\Desktop\OTL.exe
PRC - [2012/05/24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Papito\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/11 20:47:52 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2012/05/08 19:25:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 19:25:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 19:25:35 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/19 13:38:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/03/19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/03/19 13:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/01/22 16:15:32 | 002,230,416 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2012/01/22 16:15:16 | 003,735,680 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/29 21:36:12 | 002,482,176 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
PRC - [2011/05/25 22:53:34 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2011/04/30 10:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/04/30 10:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/04/14 18:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/03/31 00:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/03/31 00:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/03/31 00:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/03/31 00:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2011/02/23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010/10/06 22:28:12 | 003,768,176 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe
PRC - [2009/07/10 01:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MSIService.exe
PRC - [1999/12/13 03:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTSVCCDA.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/11 22:14:24 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\d89ee849317b4d93ea78842dd78f79c0\IAStorCommon.ni.dll
MOD - [2012/05/11 22:14:23 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2574fd89f1960bc08f0258723970a23b\IAStorUtil.ni.dll
MOD - [2012/05/11 21:53:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 21:53:15 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/11 21:53:11 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/11 21:53:01 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/11 21:52:57 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/11 21:52:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/11 21:52:53 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 21:52:48 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/11 20:47:57 | 000,783,360 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
MOD - [2012/05/11 20:47:57 | 000,316,928 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2012/05/11 20:47:57 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2012/05/11 20:47:57 | 000,168,448 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2012/05/11 20:47:57 | 000,099,840 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2012/05/11 20:47:57 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2012/05/11 20:47:57 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2012/05/11 20:47:57 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2012/05/11 20:47:57 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2012/05/11 20:47:57 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2012/05/11 20:47:57 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2012/05/11 20:47:57 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2012/05/11 20:47:57 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll
MOD - [2012/05/04 20:42:45 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2011/05/16 16:03:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/11/13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/10/04 19:54:31 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockFree\zlib.dll
MOD - [2010/10/04 19:54:29 | 000,807,936 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockFree\CrashRpt.dll
MOD - [2010/10/04 19:54:29 | 000,675,840 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDockFree\DockShellHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/12/14 13:23:22 | 000,035,648 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011/05/03 00:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2011/05/03 00:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/05/03 00:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2011/04/21 19:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/04/21 18:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
SRV:64bit: - [2009/09/15 01:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV:64bit: - [2009/09/15 01:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/05/08 19:25:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 19:25:35 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/04 20:42:46 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/21 16:32:58 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/22 16:15:32 | 002,230,416 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/14 13:23:34 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/14 13:23:22 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/10/15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/30 10:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011/04/20 19:57:02 | 000,241,648 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011/03/31 00:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/03/31 00:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/03/31 00:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/12/06 13:52:40 | 000,062,464 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/10 01:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [1999/12/13 03:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Windows\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/05/08 19:25:36 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 19:25:36 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/08/02 18:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/07/08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/05/02 00:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011/04/26 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/21 19:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) Intel(R) Centrino(R)
DRV:64bit: - [2011/04/21 19:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) Intel(R) Centrino(R)
DRV:64bit: - [2011/04/13 18:30:54 | 000,207,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/04/13 18:30:50 | 000,087,552 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/03/23 04:14:04 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/09 00:44:08 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/03/09 00:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/03/09 00:44:06 | 000,046,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2010/11/30 14:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/25 15:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010/09/16 19:14:56 | 001,393,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/06/23 17:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/11/24 16:34:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/webhp?hl=de
IE - HKCU\..\SearchScopes,DefaultScope = {4230D3B9-AC1E-4210-A33A-984474077C06}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{4230D3B9-AC1E-4210-A33A-984474077C06}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_enDE393
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/29 01:03:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/12 14:25:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 11:16:34 | 000,000,000 | ---D | M]
 
[2011/12/04 17:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Papito\AppData\Roaming\mozilla\Extensions
[2012/05/23 15:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Papito\AppData\Roaming\mozilla\Firefox\Profiles\7wyt8ebi.default\extensions
[2012/03/09 13:28:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/05/23 15:25:02 | 000,102,890 | ---- | M] () (No name found) -- C:\USERS\PAPITO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WYT8EBI.DEFAULT\EXTENSIONS\FBPHOTOZOOM@INSTALLDADDY.COM.XPI
[2012/05/12 15:03:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/20 12:02:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/04/20 12:02:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 12:02:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/12/04 23:45:43 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/04/20 12:02:31 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/20 12:02:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/04/20 12:02:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: FBPHOTOZOOM = C:\Users\Papito\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.6_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Papito\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Cinema ProII AP] C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe (Micro-Star Int'l Co., Ltd.)
O4 - HKLM..\Run: [Cinema ProII Controler] C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe (msi)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s                                                                                                                                                                                                               File not found
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [EPSON SX130 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE /FU "C:\Windows\TEMP\E_SD8B3.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4:64bit: - HKLM..\RunOnce: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4 - Startup: C:\Users\Papito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Papito\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Papito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Papito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57092658-5A94-41F2-AF12-DFEE95657042}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/12 17:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/06/12 17:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/06/12 17:26:06 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/12 17:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/12 17:26:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/12 16:59:44 | 000,000,000 | ---D | C] -- C:\Users\Papito\Desktop\Log Dateien
[2012/06/12 16:33:06 | 000,000,000 | ---D | C] -- C:\Users\Papito\AppData\Roaming\Malwarebytes
[2012/06/12 16:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/12 16:30:35 | 010,063,024 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Papito\Desktop\mbam-setup.exe
[2012/06/12 16:23:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/12 16:15:49 | 000,000,000 | ---D | C] -- C:\Users\Papito\Desktop\scareuncrypt
[2012/06/12 15:52:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Papito\Desktop\OTL.exe
[2012/06/12 15:47:24 | 000,000,000 | ---D | C] -- C:\Users\Papito\Desktop\matsnu1decrypt
[2012/06/12 15:38:28 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Papito\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/12 15:31:26 | 000,000,000 | ---D | C] -- C:\Users\Papito\Desktop\Beispielbilder_Win7
[2012/06/12 11:53:57 | 000,000,000 | ---D | C] -- C:\Users\Papito\Whevpevp
[2012/06/05 12:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/04 17:25:31 | 000,000,000 | ---D | C] -- C:\Users\Papito\AppData\Roaming\My Games
[2012/06/04 17:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games
[2012/06/03 16:14:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firaxis Games
[2012/06/03 10:00:14 | 000,000,000 | ---D | C] -- C:\Users\Papito\AppData\Local\My Games
[2012/06/03 09:57:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games
[2012/05/22 20:54:00 | 000,000,000 | ---D | C] -- C:\Users\Papito\Documents\Diablo III
[2012/05/22 16:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/05/22 16:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012/05/22 16:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/05/22 13:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/05/21 22:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012/05/15 19:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/15 19:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/15 19:29:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/15 15:21:37 | 000,000,000 | ---D | C] -- C:\Users\Papito\Desktop\Hermeneutik - lebensphilosophisch e Richtung
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/12 20:36:42 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 20:36:42 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 20:34:07 | 000,000,000 | ---- | M] () -- C:\Users\Papito\defogger_reenable
[2012/06/12 20:33:50 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/12 20:33:50 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/06/12 20:33:50 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/12 20:33:50 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/06/12 20:33:50 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/12 20:33:22 | 000,050,477 | ---- | M] () -- C:\Users\Papito\Desktop\Defogger.exe
[2012/06/12 20:29:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/12 20:29:04 | 3203,530,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/12 20:28:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/12 17:58:59 | 001,110,476 | ---- | M] () -- C:\Users\Papito\Desktop\7z920.exe
[2012/06/12 17:26:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/06/12 16:59:23 | 000,001,923 | ---- | M] () -- C:\Users\Papito\Desktop\papierkorb.lnk
[2012/06/12 16:31:17 | 010,063,024 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Papito\Desktop\mbam-setup.exe
[2012/06/12 16:15:23 | 005,840,418 | ---- | M] () -- C:\Users\Papito\Desktop\scareuncrypt.zip
[2012/06/12 15:52:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Papito\Desktop\OTL.exe
[2012/06/12 15:47:12 | 000,069,087 | ---- | M] () -- C:\Users\Papito\Desktop\matsnu1decrypt.zip
[2012/06/12 15:39:07 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Papito\Desktop\mbam-setup-1.61.0.1400.exe
[2012/06/12 15:35:33 | 000,019,458 | ---- | M] () -- C:\Users\Papito\Desktop\DecryptHelper-0.5.jar
[2012/06/12 15:31:10 | 003,084,860 | ---- | M] () -- C:\Users\Papito\Desktop\Beispielbilder_Win7.zip
[2012/06/12 14:31:11 | 000,001,055 | ---- | M] () -- C:\Users\Papito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/12 14:31:07 | 000,001,025 | ---- | M] () -- C:\Users\Papito\Desktop\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2012/06/12 20:34:07 | 000,000,000 | ---- | C] () -- C:\Users\Papito\defogger_reenable
[2012/06/12 20:33:22 | 000,050,477 | ---- | C] () -- C:\Users\Papito\Desktop\Defogger.exe
[2012/06/12 17:58:59 | 001,110,476 | ---- | C] () -- C:\Users\Papito\Desktop\7z920.exe
[2012/06/12 17:26:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/06/12 16:59:11 | 000,001,923 | ---- | C] () -- C:\Users\Papito\Desktop\papierkorb.lnk
[2012/06/12 16:14:57 | 005,840,418 | ---- | C] () -- C:\Users\Papito\Desktop\scareuncrypt.zip
[2012/06/12 16:10:54 | 001,963,731 | ---- | C] () -- C:\Users\Papito\Desktop\Silvester 2008.JPG
[2012/06/12 15:47:12 | 000,069,087 | ---- | C] () -- C:\Users\Papito\Desktop\matsnu1decrypt.zip
[2012/06/12 15:35:32 | 000,019,458 | ---- | C] () -- C:\Users\Papito\Desktop\DecryptHelper-0.5.jar
[2012/06/12 15:30:59 | 003,084,860 | ---- | C] () -- C:\Users\Papito\Desktop\Beispielbilder_Win7.zip
[2012/02/17 23:40:38 | 000,000,136 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/12/05 17:16:16 | 000,374,272 | ---- | C] () -- C:\Windows\mss32.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2012/04/20 11:59:22 | 000,000,000 | ---D | M] -- C:\Users\Papito\AppData\Roaming\.minecraft
[2011/12/23 23:45:44 | 000,000,000 | ---D | M] -- C:\Users\Papito\AppData\Roaming\Bioshock
[2012/06/12 20:30:05 | 000,000,000 | ---D | M] -- C:\Users\Papito\AppData\Roaming\Dropbox
[2011/12/22 16:38:40 | 000,000,000 | ---D | M] -- C:\Users\Papito\AppData\Roaming\EPSON
[2012/04/25 22:45:31 | 000,000,000 | ---D | M] -- C:\Users\Papito\AppData\Roaming\FileZilla
[2012/05/15 16:07:54 | 000,000,000 | ---D | M] -- C:\Users\Papito\AppData\Roaming\foobar2000
[2012/03/14 14:01:17 | 000,000,000 | ---D | M] -- C:\Users\Papito\AppData\Roaming\FreePDF
[2011/12/04 18:29:47 | 000,000,000 | ---D | M] -- C:\Users\Papito\AppData\Roaming\IrfanView
[2012/06/04 17:25:31 | 000,000,000 | ---D | M] -- C:\Users\Papito\AppData\Roaming\My Games
[2011/12/04 23:38:47 | 000,000,000 | ---D | M] -- C:\Users\Papito\AppData\Roaming\OpenOffice.org
[2011/12/04 00:11:18 | 000,000,000 | ---D | M] -- C:\Users\Papito\AppData\Roaming\Opera
[2012/04/17 17:13:05 | 000,000,000 | ---D | M] -- C:\Users\Papito\AppData\Roaming\redsn0w
[2011/12/04 00:34:12 | 000,000,000 | ---D | M] -- C:\Users\Papito\AppData\Roaming\Stardock
[2012/04/03 22:51:20 | 000,000,000 | ---D | M] -- C:\Users\Papito\AppData\Roaming\TeamViewer
[2012/02/15 21:26:05 | 000,000,000 | ---D | M] -- C:\Users\Papito\AppData\Roaming\The Creative Assembly
[2012/04/04 16:24:37 | 000,000,000 | ---D | M] -- C:\Users\Papito\AppData\Roaming\Trillian
[2011/12/09 13:57:40 | 000,000,000 | ---D | M] -- C:\Users\Papito\AppData\Roaming\TuneUp Software
[2011/12/05 16:51:05 | 000,000,000 | ---D | M] -- C:\Users\Papito\AppData\Roaming\ZJMedia
[2012/01/31 15:26:59 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
Alt 15.06.2012, 17:56   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dldr.Agent.17383 - Verschlüsselungstrojaner - Standard

TR/Dldr.Agent.17383 - Verschlüsselungstrojaner


=> http://www.trojaner-board.de/116851-...strojaner.html
__________________

__________________
Antwort

Themen zu TR/Dldr.Agent.17383 - Verschlüsselungstrojaner
antivir, autorun, avg, avira, bho, bonjour, desktop, downloader, firefox, flash player, format, foto thun, helper, home, infiziert., logfile, mahnung, mediendateien, monitor, mp3, plug-in, problem, realtek, registry, searchscopes, software, spam, tr/dldr.agent.17383, trojaner, usb, usb 3.0, verschlüsselungstrojaner, windows, windows 7


« Vorbereitung zum Entfernen des Windwos Verschlüssungs Trojaners | Spyware.Passwords mal 2 »


Ähnliche Themen: TR/Dldr.Agent.17383 - Verschlüsselungstrojaner


  1. Nach Verschlüsselungstrojaner viele Virenfunde (JAVA/Jogek.CT; rus JAVA/Agent.MH; JAVA/Dldr.Pesur.BH; W32/Idele.2219; VBS/Fluenza.B; u.a...
    Log-Analyse und Auswertung - 28.01.2013 (1)
  2. Trojan.DownLoader6.17383
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (5)
  3. Datenverschlüsselung nach Infektion mit dem Trojaner tr-dldr-agent-17383
    Plagegeister aller Art und deren Bekämpfung - 16.06.2012 (9)
  4. TR/Dldr.MSIL.Agent.ON - TR/Agent.204800.BH - noch mehr?
    Plagegeister aller Art und deren Bekämpfung - 09.07.2010 (29)
  5. Antivir meldet Trojaner TR/Dldr.Agent.cyrd / TR/Dldr.Exchanger.ayn
    Plagegeister aller Art und deren Bekämpfung - 20.06.2010 (4)
  6. BDS/Bredolab/ena, Tr/Dldr.java.Agent.Bh.3,Tr/Dldr.Fakea.jhd.2
    Log-Analyse und Auswertung - 31.05.2010 (2)
  7. BDS/Agent.rfw ; BDS/Agent.rfv ; TR/Agent.wyn ; TR/Dldr.FraudLoad.vbxt
    Log-Analyse und Auswertung - 13.10.2009 (1)
  8. Was (noch) tun: TR/Dldr.Agent, TR/Spy.Agent, TR/Dldr.Injecter und Trojan.Packed.191
    Plagegeister aller Art und deren Bekämpfung - 27.01.2009 (5)
  9. hilfe TR/Dldr.Agent.gzp , DR/Dldr.Agent.fwr.1 kriege sie nicht runter
    Plagegeister aller Art und deren Bekämpfung - 13.03.2008 (1)
  10. 3 trojaner TR/Yatagan.Dll. TR/Dldr.dll.Ya.2. TR/Dldr.Agent.dag
    Plagegeister aller Art und deren Bekämpfung - 22.09.2007 (9)
  11. TR/Dldr.HArnig.AM.1 und TR/Dldr.Agent.AP
    Plagegeister aller Art und deren Bekämpfung - 07.03.2007 (4)
  12. TR/Agent.AY, TR/Dldr.Delmed.B, TR/Dldr.Stubby.C
    Log-Analyse und Auswertung - 15.09.2006 (1)
  13. Lästige Trojaner TR/Dldr.Agent.gs TR/Dldr.Agent.gs
    Log-Analyse und Auswertung - 06.01.2005 (5)
  14. SOS Habe TR/Dldr.small.OR und TR/Dldr.Agent.CB
    Plagegeister aller Art und deren Bekämpfung - 13.10.2004 (3)
  15. HILFE, dldr.agent.cb und dldr.small.or
    Log-Analyse und Auswertung - 11.10.2004 (4)
  16. TR/Dldr.Small.OR und TR/Dldr.Agent.CB
    Plagegeister aller Art und deren Bekämpfung - 27.09.2004 (7)
  17. Hilfe!! TR/Dldr.Small.OR und TR/Dldr.Agent.CB
    Plagegeister aller Art und deren Bekämpfung - 09.09.2004 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Dldr.Agent.17383 - Verschlüsselungstrojaner - Hallo. Zunächstmal hoffe ich, dass ich bei der Erstellung des Themas und bei der Schilderung des Problems alles richtig gemacht habe... Ich weiß nicht, was über mich gekommen ist, aber - TR/Dldr.Agent.17383 - Verschlüsselungstrojaner...
Archiv
Du betrachtest: TR/Dldr.Agent.17383 - Verschlüsselungstrojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129