Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Win7 Verschlüsselungstrojaner, Rechner läuft wieder aber hab ich alles weg?

Win7 Verschlüsselungstrojaner, Rechner läuft wieder aber hab ich alles weg?


Log-Analyse und Auswertung: Win7 Verschlüsselungstrojaner, Rechner läuft wieder aber hab ich alles weg?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 03.06.2012, 06:07   #1
LBHS2174
 
Win7 Verschlüsselungstrojaner, Rechner läuft wieder aber hab ich alles weg? - Standard

Win7 Verschlüsselungstrojaner, Rechner läuft wieder aber hab ich alles weg?


Guten morgen

Ich hab mir auch diesen fiesen Verschlüsselungstrojaner eingefangen der die Dateien teilweise mit der Buchstabensuppe (z.B. QsEEUTODXNVqyssQ) umbenennt und teilweise die Dateien nur verschlüsselt ( Dateinamen sind also noch Original).
Bei allen Dateien die verschlüsselt sind (ich hab mir viele aber nicht alle angeschaut) steht als erstelldatum : 13.Februar 1601.
Das die Dateien momentan nicht zu entschlüsseln sind hab ich hier schon rauslesen können, darum geht es mir aber auch gar nicht.
Den PC hab ich wieder zum laufen bekommen ( Anti BOT CD aus der ComputerBild) und wollte jetzt nur sichergehen das das System zumindest wieder normal läuft.

OTL Log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.06.2012 06:15:17 - Run 2
OTL by OldTimer - Version 3.2.45.0     Folder = C:\Users\Holger Schmid\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 68,57% Memory free
8,00 Gb Paging File | 6,35 Gb Available in Paging File | 79,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 69,51 Gb Free Space | 62,24% Space Free | Partition Type: NTFS
Drive E: | 327,54 Gb Total Space | 274,51 Gb Free Space | 83,81% Space Free | Partition Type: NTFS
Drive F: | 592,25 Gb Total Space | 436,32 Gb Free Space | 73,67% Space Free | Partition Type: NTFS
Drive G: | 463,87 Gb Total Space | 196,61 Gb Free Space | 42,39% Space Free | Partition Type: NTFS
Drive H: | 467,64 Gb Total Space | 327,97 Gb Free Space | 70,13% Space Free | Partition Type: NTFS
Drive J: | 55,80 Gb Total Space | 3,38 Gb Free Space | 6,05% Space Free | Partition Type: NTFS
 
Computer Name: PISTENSAU | User Name: Holger Schmid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Holger Schmid\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe (Advanced Micro Devices, Inc.)
PRC - C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe (ROCCAT GmbH)
PRC - C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
PRC - C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
PRC - C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Users\Holger Schmid\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Ideazon\ZEngine\AxWBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Dnscache) -- C:\Windows\SysNative\pouafj9wz.dll (Parental Solutions Inc.)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (WSearch) -- C:\Windows\SysNative\SearchIndexer.exe (Microsoft Corporation)
SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation)
SRV:64bit: - (SharedAccess) -- C:\Windows\SysNative\ipnathlp.dll (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (DevoloNetworkService) -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)
SRV - (WSearch) -- C:\Windows\SysWow64\SearchIndexer.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (NasPmService) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (WsAudio_DeviceS(5)) WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4)) WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(3)) WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2)) WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1)) WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (cdfs) -- C:\Windows\SysNative\drivers\cdfs.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\SysNative\drivers\s0017unic.sys (MCCI Corporation)
DRV:64bit: - (s0017obex) -- C:\Windows\SysNative\drivers\s0017obex.sys (MCCI Corporation)
DRV:64bit: - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\SysNative\drivers\s0017nd5.sys (MCCI Corporation)
DRV:64bit: - (s0017mdm) -- C:\Windows\SysNative\drivers\s0017mdm.sys (MCCI Corporation)
DRV:64bit: - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0017mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0017mdfl) -- C:\Windows\SysNative\drivers\s0017mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\SysNative\drivers\s0017bus.sys (MCCI Corporation)
DRV:64bit: - (Alpham1) -- C:\Windows\SysNative\drivers\Alpham164.sys (Ideazon Corporation)
DRV:64bit: - (Alpham2) -- C:\Windows\SysNative\drivers\Alpham264.sys (Ideazon Corporation)
DRV - (NPF_devolo) NetGroup Packet Filter Driver (devolo) -- C:\Windows\SysWOW64\drivers\npf_devolo.sys (CACE Technologies)
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (NTIOLib_1_0_6) -- C:\Program Files (x86)\Setup Files\Ms7599vHF0\NTIOLib_X64.sys (MSI)
DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys (MSI)
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys (Your Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 0C 79 9F CE BC CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF - user.js..browser.search.openintab: false
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 19:46:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 13:42:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.18 06:31:19 | 000,000,000 | ---D | M]
 
[2011.01.25 23:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Extensions
[2011.01.25 23:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.28 16:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\n7mx9z4r.default\extensions
[2011.12.08 07:53:31 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\n7mx9z4r.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011.01.25 23:33:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\n7mx9z4r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.18 05:47:30 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\n7mx9z4r.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2012.03.06 16:02:23 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\n7mx9z4r.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.25 23:33:11 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\n7mx9z4r.default\extensions\quickstores@quickstores.de
[2012.03.06 16:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\olgigzt8.default\extensions
[2012.03.06 16:02:23 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Holger Schmid\AppData\Roaming\mozilla\Firefox\Profiles\olgigzt8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.30 18:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.04 05:11:29 | 000,439,720 | ---- | M] () (No name found) -- C:\USERS\HOLGER SCHMID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N7MX9Z4R.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
[2012.05.28 16:59:10 | 000,524,866 | ---- | M] () (No name found) -- C:\USERS\HOLGER SCHMID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N7MX9Z4R.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.05.06 12:26:59 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\HOLGER SCHMID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N7MX9Z4R.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.05.11 12:39:30 | 000,055,163 | ---- | M] () (No name found) -- C:\USERS\HOLGER SCHMID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N7MX9Z4R.DEFAULT\EXTENSIONS\SILVERMELXT@PARDAL.DE.XPI
[2012.03.23 09:57:15 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\HOLGER SCHMID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N7MX9Z4R.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012.04.25 19:46:07 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.17 06:30:05 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
O4 - HKCU..\Run: [EPSON Stylus Photo R285 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKE.EXE /FU "C:\Windows\TEMP\E_S6A66.tmp" /EF "HKCU" File not found
O4 - Startup: C:\Users\Holger Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
O4 - Startup: C:\Users\Holger Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Holger Schmid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Holger Schmid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Holger Schmid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Holger Schmid\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\system32\d3dysiczx.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B27F4D42-929E-442E-B2FB-3A5DC3ED2FFD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2CDC2C9-2416-4E24-9FAF-E926774F71F7}: NameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d0a36e83-4a85-11e0-8a33-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d0a36e83-4a85-11e0-8a33-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{da4d66a8-6d66-11e0-bd12-6c626d71550d}\Shell - "" = AutoRun
O33 - MountPoints2\{da4d66a8-6d66-11e0-bd12-6c626d71550d}\Shell\AutoRun\command - "" = I:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.03 06:12:30 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Holger Schmid\Desktop\OTL.exe
[2012.06.03 05:52:10 | 000,354,816 | ---- | C] (Parental Solutions Inc.) -- C:\Windows\SysNative\pouafj9wz.dll
[2012.06.02 11:51:58 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\AppData\Roaming\Malwarebytes
[2012.06.02 11:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.02 11:51:52 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.02 11:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.01 23:30:03 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\AppData\Roaming\www.shadowexplorer.com
[2012.05.31 21:44:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.31 20:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVR-Studio HD 2
[2012.05.31 20:24:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.31 20:02:19 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TV DIGITAL - OnGuide
[2012.05.31 20:02:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TV DIGITAL
[2012.05.31 17:58:38 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\AppData\Roaming\OpenOffice.org
[2012.05.31 17:58:14 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012.05.31 15:21:33 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\DoctorWeb
[2012.05.24 12:24:29 | 000,000,000 | -H-D | C] -- C:\Users\Holger Schmid\Documents\Runes of Magic
[2012.05.24 06:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2012.05.23 16:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.05.23 16:19:11 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012.05.21 19:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TORCS
[2012.05.17 07:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDex
[2012.05.17 07:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDex
[2012.05.12 13:10:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVR-Studio HD 2
[2012.05.12 05:49:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Visagesoft
[2012.05.12 05:49:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AIM
[2012.05.12 05:49:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Konz Steuertricks
[2012.05.12 05:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuer 2011
[2012.05.09 04:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.09 04:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.09 04:23:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.06 12:21:57 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\AppData\Roaming\TuneUp Software
[2012.05.06 12:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.05.06 12:21:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.05.06 12:21:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.05.04 16:24:08 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\AppData\Roaming\Music Editor Free
[2012.05.04 16:24:01 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTAudioFile2.dll
[2012.05.04 16:24:01 | 001,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioInformation2.dll
[2012.05.04 16:24:01 | 000,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioEditor2.dll
[2012.05.04 16:24:01 | 000,835,584 | ---- | C] (NCT) -- C:\Windows\SysWow64\NCTAudioCDGrabber2.dll
[2012.05.04 16:24:01 | 000,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioTransform2.dll
[2012.05.04 16:24:01 | 000,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioVisualization2.dll
[2012.05.04 16:24:01 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioRecord2.dll
[2012.05.04 16:24:01 | 000,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioPlayer2.dll
[2012.05.04 16:24:01 | 000,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTTextToAudio2.dll
[2012.05.04 16:24:01 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTWMAFile2.dll
[2012.05.04 16:19:02 | 000,000,000 | ---D | C] -- C:\Users\Holger Schmid\AppData\Roaming\Audacity
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Users\Holger Schmid\*.tmp files -> C:\Users\Holger Schmid\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.03 06:12:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Holger Schmid\Desktop\OTL.exe
[2012.06.03 06:12:07 | 000,000,000 | ---- | M] () -- C:\Users\Holger Schmid\defogger_reenable
[2012.06.03 06:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.03 05:53:18 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 05:53:18 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 05:52:10 | 000,354,816 | ---- | M] (Parental Solutions Inc.) -- C:\Windows\SysNative\pouafj9wz.dll
[2012.06.03 05:52:02 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.03 05:52:02 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.03 05:52:02 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.03 05:52:02 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.03 05:52:02 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.03 05:45:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.02 11:51:53 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.02 07:15:24 | 000,001,041 | ---- | M] () -- C:\Users\Holger Schmid\Desktop\IfoEdit - Verknüpfung.lnk
[2012.05.31 20:25:00 | 000,002,593 | ---- | M] () -- C:\Users\Public\Desktop\DVR-Studio HD 2.lnk
[2012.05.31 20:02:19 | 000,002,973 | ---- | M] () -- C:\Users\Holger Schmid\Desktop\TV DIGITAL OnGuide.lnk
[2012.05.31 18:13:16 | 000,298,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.28 18:07:17 | 000,001,290 | ---- | M] () -- C:\Users\Holger Schmid\Desktop\Assassin's Creed II.lnk
[2012.05.25 07:00:34 | 000,001,730 | ---- | M] () -- C:\Users\Holger Schmid\Desktop\Assassin's Creed.lnk
[2012.05.22 19:08:35 | 001,197,568 | ---- | M] () -- C:\Users\Holger Schmid\Documents\papa.ec4
[2012.05.19 15:02:17 | 000,001,053 | ---- | M] () -- C:\Users\Holger Schmid\Desktop\DVDFab Profile Editor.lnk
[2012.05.19 15:02:17 | 000,001,016 | ---- | M] () -- C:\Users\Holger Schmid\Desktop\DVDFab 8 Qt.lnk
[2012.05.15 12:48:00 | 000,014,324 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.05.15 11:29:45 | 002,621,723 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.05.15 02:21:50 | 000,423,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.12 05:58:49 | 000,000,741 | ---- | M] () -- C:\Windows\wiso.ini
[2012.05.12 05:49:40 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\Steuer 2011.lnk
[2012.05.12 05:49:19 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Konz 2012 - 1000 Steuertricks.lnk
[2012.05.08 18:06:30 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.08 18:06:30 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.05 06:52:18 | 000,000,079 | ---- | M] () -- C:\Users\Holger Schmid\AppData\Local\CrystalDiskMark30.ini
[2012.05.04 16:27:53 | 000,000,750 | ---- | M] () -- C:\Users\Holger Schmid\Desktop\mp3DirectCut.lnk
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Users\Holger Schmid\*.tmp files -> C:\Users\Holger Schmid\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.03 06:12:07 | 000,000,000 | ---- | C] () -- C:\Users\Holger Schmid\defogger_reenable
[2012.06.02 11:51:53 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.02 07:15:24 | 000,001,041 | ---- | C] () -- C:\Users\Holger Schmid\Desktop\IfoEdit - Verknüpfung.lnk
[2012.05.31 20:25:00 | 000,002,593 | ---- | C] () -- C:\Users\Public\Desktop\DVR-Studio HD 2.lnk
[2012.05.31 20:02:19 | 000,002,973 | ---- | C] () -- C:\Users\Holger Schmid\Desktop\TV DIGITAL OnGuide.lnk
[2012.05.28 18:07:17 | 000,001,290 | ---- | C] () -- C:\Users\Holger Schmid\Desktop\Assassin's Creed II.lnk
[2012.05.25 07:00:34 | 000,001,730 | ---- | C] () -- C:\Users\Holger Schmid\Desktop\Assassin's Creed.lnk
[2012.05.19 09:48:38 | 001,197,568 | ---- | C] () -- C:\Users\Holger Schmid\Documents\papa.ec4
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.12 05:49:40 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\Steuer 2011.lnk
[2012.05.12 05:49:30 | 000,000,696 | ---- | C] () -- C:\Windows\SysWow64\jetodbc.rsp
[2012.05.12 05:49:19 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Konz 2012 - 1000 Steuertricks.lnk
[2012.05.05 06:48:55 | 000,000,079 | ---- | C] () -- C:\Users\Holger Schmid\AppData\Local\CrystalDiskMark30.ini
[2012.05.04 16:27:53 | 000,000,750 | ---- | C] () -- C:\Users\Holger Schmid\Desktop\mp3DirectCut.lnk
[2012.05.04 16:24:01 | 000,113,486 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx
[2012.01.01 00:08:48 | 000,000,548 | ---- | C] () -- C:\Users\Holger Schmid\AppData\Roaming\burnaware.ini
[2011.11.16 10:23:32 | 000,001,571 | ---- | C] () -- C:\Windows\SysWow64\setup.ini
[2011.11.16 10:23:32 | 000,000,473 | ---- | C] () -- C:\Windows\SysWow64\layout.bin
[2011.11.14 17:38:13 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2011.11.11 11:10:28 | 000,720,896 | ---- | C] () -- C:\Windows\EAInstall.dll
[2011.10.01 13:33:02 | 000,000,342 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.11 10:25:48 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2011.09.04 09:15:53 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.04 09:15:46 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.28 18:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.05.06 17:46:50 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011.05.06 17:46:50 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011.05.06 17:46:50 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011.05.06 17:46:50 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011.05.06 17:46:50 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011.05.06 17:46:50 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011.05.06 17:46:50 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011.05.06 17:46:50 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011.05.06 17:46:50 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011.05.06 17:46:50 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011.05.06 17:46:50 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011.05.06 17:46:50 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011.05.06 17:46:50 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011.05.06 17:46:50 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011.05.06 17:46:50 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011.05.06 17:46:50 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011.05.06 17:46:50 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011.05.06 17:46:50 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011.05.06 17:46:50 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.05.06 17:46:06 | 000,000,025 | ---- | C] () -- C:\Windows\CDE V30V300DEFGIPSRUk.ini
[2011.04.08 17:54:29 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011.03.29 16:03:18 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.01.30 07:32:01 | 000,000,741 | ---- | C] () -- C:\Windows\wiso.ini
[2011.01.27 21:47:42 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
 
========== LOP Check ==========
 
[2011.04.13 19:27:26 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\AnvSoft
[2012.05.19 08:30:19 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\App Launcher Gadget
[2012.03.04 08:24:00 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Ashampoo
[2011.04.13 17:00:03 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Ashampoo Cover Studio
[2012.05.04 16:22:31 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Audacity
[2011.09.18 09:46:32 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\avidemux
[2011.01.30 07:32:29 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Buhl Data Service
[2011.01.28 06:42:26 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Canneverbe Limited
[2012.03.06 16:02:17 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\DVDVideoSoft
[2011.03.29 15:42:39 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.06 17:52:31 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Epson
[2011.11.11 11:14:28 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\FreeBurner
[2011.03.29 16:36:28 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\GetRightToGo
[2011.12.04 11:46:18 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\gtk-2.0
[2011.01.25 23:37:11 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Haenlein-Software
[2012.01.20 09:09:47 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\HandBrake
[2011.01.25 22:55:32 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Ideazon
[2011.12.31 20:15:46 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\InfraRecorder
[2011.01.25 22:51:30 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Leadertech
[2012.05.04 16:25:20 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Music Editor Free
[2011.07.14 21:12:37 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\MyPhoneExplorer
[2011.11.09 11:49:00 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\NASNaviator2
[2011.04.28 08:28:06 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\OpenCandy
[2012.05.31 17:58:38 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\OpenOffice.org
[2012.01.15 14:31:19 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\pdfforge
[2011.04.28 08:28:32 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Reviversoft
[2011.04.09 14:10:07 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Sony
[2011.01.25 23:27:28 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Thunderbird
[2012.05.06 12:49:53 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\TuneUp Software
[2012.05.28 16:56:55 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\Ubisoft
[2012.06.01 23:30:03 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\www.shadowexplorer.com
[2012.04.06 12:42:55 | 000,000,000 | ---D | M] -- C:\Users\Holger Schmid\AppData\Roaming\XMedia Recode
[2012.04.14 16:25:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---



Ach so...schon mal DANKE für eure Bemühungen
Geändert von LBHS2174 (03.06.2012 um 06:08 Uhr) Grund: Danke vergessen

 

Themen zu Win7 Verschlüsselungstrojaner, Rechner läuft wieder aber hab ich alles weg?
.com, adobe, antivir, autorun, avg, avira, bho, converter, explorer, fiese, firefox, flash player, format, helper, home, langs, logfile, monitor.exe, mp3, nvidia, nvidia update, plug-in, realtek, registry, scan, searchscopes, software, system, temp, usb, usb 3.0, version=1.0, windows, wsearch


« Cmd.exe startet automatisch | Dateien entschlüsseln nach Verschlüsselungstrojaner funktioniert nicht »


Ähnliche Themen: Win7 Verschlüsselungstrojaner, Rechner läuft wieder aber hab ich alles weg?


  1. Endlich läuft wieder alles dank Schrauber!
    Lob, Kritik und Wünsche - 09.06.2015 (1)
  2. Win7 Rechner 64 bit läuft langsam
    Log-Analyse und Auswertung - 18.09.2014 (30)
  3. Win7-64 Rechner läuft einmal wöchentlich extrem verlangsamt und hängt sich auf
    Log-Analyse und Auswertung - 30.07.2014 (11)
  4. WIN7: AVAST meldet Win32:Bprotect-D /-F /-H und weitere, Rechner läuft
    Log-Analyse und Auswertung - 05.06.2014 (12)
  5. loadit.exe taucht dauernd wieder auf, glücklicherweise inkompatibel mit 64bit WIN7 aber nervt
    Log-Analyse und Auswertung - 06.03.2014 (5)
  6. nach Lüfterreperatur stürzt Rechner erst ab (0x490), läuft dann aber flüssig
    Netzwerk und Hardware - 28.02.2014 (6)
  7. Alles läuft wieder rund - Danke, Cosinus
    Lob, Kritik und Wünsche - 11.02.2014 (0)
  8. VIRUS oder nicht? System zunächst total unstabil, jetzt läuft wieder alles ?
    Log-Analyse und Auswertung - 03.01.2014 (10)
  9. WIN7: Reveton .. schon wieder ! Booten usw. geht alles noch
    Log-Analyse und Auswertung - 03.09.2013 (15)
  10. GVU Trojaner (Rechner läuft aber noch)
    Plagegeister aller Art und deren Bekämpfung - 19.06.2013 (29)
  11. BKA/GVU Trojaner und jetzt läuft alles wieder normal ?
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (4)
  12. GVU Trojaner Win7. Nach Systenherstellung wieder alles sauber?
    Log-Analyse und Auswertung - 15.02.2013 (12)
  13. GVU Trojaner. Windows läuft, aber alles sauber?
    Log-Analyse und Auswertung - 27.09.2012 (6)
  14. Windows-Verschlüsselungstrojaner ! Gelöscht, aber wie Daten wieder entschlüsseln.
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (21)
  15. Meldung: rpcrtremote.dll / Rechner läuft aber schwarzer Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 12.11.2011 (1)
  16. Schwarzer Bildschirm - Rechner läuft aber weiter
    Netzwerk und Hardware - 20.09.2011 (13)
  17. Antivir hat alles mögliche gefunden aber kommt wieder zurück
    Log-Analyse und Auswertung - 27.10.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win7 Verschlüsselungstrojaner, Rechner läuft wieder aber hab ich alles weg? - Guten morgen Ich hab mir auch diesen fiesen Verschlüsselungstrojaner eingefangen der die Dateien teilweise mit der Buchstabensuppe (z.B. QsEEUTODXNVqyssQ) umbenennt und teilweise die Dateien nur verschlüsselt ( Dateinamen sind also - Win7 Verschlüsselungstrojaner, Rechner läuft wieder aber hab ich alles weg?...
Archiv
Du betrachtest: Win7 Verschlüsselungstrojaner, Rechner läuft wieder aber hab ich alles weg? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131