Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Verschüsselungs Trojaner Alles Datein verschlüsselt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.08.2012, 23:01   #1
Roony77
 
Verschüsselungs Trojaner Alles Datein verschlüsselt - Standard

Verschüsselungs Trojaner Alles Datein verschlüsselt



Hallo,

ich auch das Problem mit den Verschlüsselung Trojaner.
er hab bei mir alles Bilder ,Videos und musik unbrauchbar gemacht.
Ich hatte bei der blöden mail leider irgendwie den anhang geöffnet
ja und wars auch schon passiert. : (

z.B. Eine Bilddatei heisst jetzt so und kann nicht geöffnet werden. (DJaNltLUqpNeuEUAGOs)

Eine Video datei sieht so aus . (fJosNjaUJoxrAXdvsGN)

Ich hab den Rechner mit Malwarebytes gereinigt.
Hab alles was ihr hier an Programmen zur entschlüsselung habt probiert
nichts hat geholfen.

Hier die OTL u. extras

OTL logfile created on: 27.08.2012 22:09:18 - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Ron\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,51% Memory free
8,00 Gb Paging File | 6,70 Gb Available in Paging File | 83,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,04 Gb Total Space | 31,37 Gb Free Space | 12,86% Space Free | Partition Type: NTFS
Drive D: | 394,40 Gb Total Space | 313,81 Gb Free Space | 79,57% Space Free | Partition Type: NTFS
Drive E: | 292,97 Gb Total Space | 292,84 Gb Free Space | 99,96% Space Free | Partition Type: NTFS

Computer Name: RON-PC | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.08.20 23:03:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ron\Desktop\OTL.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.11.20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.07.11 11:42:46 | 002,199,040 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe


========== Modules (No Company Name) ==========

MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.07.11 11:42:52 | 000,193,024 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll
MOD - [2010.07.11 11:42:46 | 002,199,040 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
MOD - [2010.05.23 20:25:48 | 000,501,760 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_xrc_vc_rny.dll
MOD - [2010.05.23 20:25:36 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxbase28u_xml_vc_rny.dll
MOD - [2010.05.23 20:25:32 | 000,485,376 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_html_vc_rny.dll
MOD - [2010.05.23 20:25:20 | 000,707,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_adv_vc_rny.dll
MOD - [2010.05.23 20:25:12 | 002,629,120 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_core_vc_rny.dll
MOD - [2010.05.23 20:24:20 | 001,202,688 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxbase28u_vc_rny.dll
MOD - [2010.05.23 20:20:08 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lfs.dll
MOD - [2010.05.23 20:20:04 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lua51.dll
MOD - [2010.05.23 19:17:46 | 000,060,416 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.08.15 07:48:04 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.01 07:54:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.29 18:50:12 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.05.11 22:42:42 | 002,532,680 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.07.19 23:21:19 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2012.07.19 21:41:11 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.07.06 04:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.07.06 04:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.06.07 06:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012.05.22 03:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.04.18 04:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.04.18 03:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.02 08:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.08.16 00:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.11.23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012.08.27 21:57:43 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120827.001\ex64.sys -- (NAVEX15)
DRV - [2012.08.27 21:57:43 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120827.001\eng64.sys -- (NAVENG)
DRV - [2012.08.22 04:05:05 | 000,512,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120824.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.08.11 02:25:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120823.005\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.08.09 20:38:10 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.08.09 06:44:12 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 88 20 C2 0F 63 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113926&tt=3012_2&babsrc=SP_ss&mntrId=ec5068bd000000000000000000000000
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=113926&tt=3012_2&babsrc=KW_ss&mntrId=ec5068bd000000000000000000000000&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.07.19 22:12:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012.08.27 21:37:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.01 07:54:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.07.16 07:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ron\AppData\Roaming\mozilla\Extensions
[2012.08.26 11:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ron\AppData\Roaming\mozilla\Firefox\Profiles\oooikbtp.default\extensions
[2012.08.01 22:38:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ron\AppData\Roaming\mozilla\Firefox\Profiles\oooikbtp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.08.22 21:40:58 | 000,001,056 | ---- | M] () -- C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\oooikbtp.default\searchplugins\icqplugin.xml
[2012.07.24 12:24:28 | 000,002,792 | ---- | M] () -- C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\oooikbtp.default\searchplugins\Plusnetwork.xml
[2012.07.25 10:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.26 11:26:49 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\RON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OOOIKBTP.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2012.08.01 07:54:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.27 15:42:11 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S6631.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Valve\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Ron\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0d4820be-d239-11e1-9e25-0016e65eacb6}\Shell - "" = AutoRun
O33 - MountPoints2\{0d4820be-d239-11e1-9e25-0016e65eacb6}\Shell\AutoRun\command - "" = H:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.27 21:41:01 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012.08.27 21:39:58 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012.08.27 21:39:58 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012.08.27 21:39:58 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012.08.24 06:06:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.08.22 22:32:24 | 000,000,000 | ---D | C] -- C:\Users\Ron\Desktop\Motorrad
[2012.08.22 08:10:39 | 636,444,584 | ---- | C] (Microsoft Corporation) -- C:\Users\Ron\Desktop\X16-32011.exe
[2012.08.20 23:03:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ron\Desktop\OTL.exe
[2012.08.17 09:27:13 | 000,000,000 | ---D | C] -- C:\Users\Ron\Desktop\Bilder sichern
[2012.08.17 09:22:04 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.08.17 09:22:04 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.08.17 09:22:04 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012.08.17 09:22:04 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012.08.17 09:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012.08.17 09:19:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Futuremark Shared
[2012.08.17 09:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
[2012.08.17 09:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2012.08.17 07:59:00 | 000,000,000 | ---D | C] -- C:\Users\Ron\Desktop\Musik Sammel
[2012.08.15 08:15:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.15 08:15:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.15 08:15:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.15 08:15:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.15 08:15:11 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.15 08:15:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.15 08:15:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.15 08:15:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.15 08:15:10 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.15 08:15:10 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.15 08:15:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.15 08:15:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.15 08:15:09 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 07:55:19 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 07:55:12 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 07:55:12 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 07:55:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 07:55:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 07:55:08 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 07:55:08 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 07:55:06 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.03 08:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2012.08.03 08:37:27 | 000,000,000 | R--D | C] -- C:\Users\Ron\Documents\Scanned Documents
[2012.08.03 08:37:27 | 000,000,000 | ---D | C] -- C:\Users\Ron\Documents\Fax
[2012.08.03 08:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2012.08.03 08:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012.08.03 08:18:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2012.08.03 08:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
[2012.08.03 08:15:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint
[2012.08.03 08:15:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ABBYY
[2012.08.03 08:09:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2012.08.03 08:08:07 | 000,464,384 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll
[2012.08.03 08:08:07 | 000,128,392 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe
[2012.08.03 08:08:07 | 000,017,408 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcdev.dll
[2012.08.03 07:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.08.03 07:37:30 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\InstallShield
[2012.08.03 07:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.08.01 23:16:13 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\CrashRpt
[2012.08.01 23:16:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012.08.01 23:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2012.08.01 23:13:02 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\RapidSolution
[2012.08.01 22:43:24 | 000,000,000 | ---D | C] -- C:\Users\Ron\dwhelper
[2012.07.30 08:13:53 | 000,000,000 | ---D | C] -- C:\Neuer Ordner
[2012.07.29 22:32:36 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.07.29 19:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012.07.29 18:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2012.07.29 18:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve
[2012.07.29 18:17:59 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Skype
[2012.07.29 18:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.29 18:17:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.07.29 18:17:39 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.07.29 17:40:33 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.07.29 17:40:16 | 000,000,000 | RH-D | C] -- C:\Users\Ron\AppData\Roaming\SecuROM
[2012.07.29 17:21:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2012.07.29 17:17:48 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.07.29 17:15:08 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\Stardock
[2012.07.29 17:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2012.07.29 17:02:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2012.07.29 16:25:40 | 000,000,000 | ---D | C] -- C:\Users\Ron\Documents\Rainmeter
[2012.07.29 16:25:39 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Rainmeter
[2012.07.29 16:23:53 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\stickies
[2012.07.29 14:12:27 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Epson
[2012.07.29 14:02:27 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\ABBYY
[2012.07.29 13:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY

========== Files - Modified Within 30 Days ==========

[2012.08.27 22:07:32 | 000,000,000 | ---- | M] () -- C:\Users\Ron\defogger_reenable
[2012.08.27 22:02:53 | 000,367,283 | ---- | M] () -- C:\Users\Ron\Desktop\rrrr.png
[2012.08.27 21:44:38 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.27 21:44:38 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.27 21:42:19 | 001,684,953 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB
[2012.08.27 21:36:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.27 21:36:54 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.27 21:36:53 | 000,131,704 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012.08.26 13:29:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.24 18:08:56 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.24 18:08:56 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.24 18:08:56 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.24 18:08:56 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.24 18:08:56 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.22 22:08:10 | 000,412,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.22 08:11:52 | 636,444,584 | ---- | M] (Microsoft Corporation) -- C:\Users\Ron\Desktop\X16-32011.exe
[2012.08.22 08:02:40 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012.08.22 08:02:40 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012.08.20 23:03:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ron\Desktop\OTL.exe
[2012.08.20 23:03:12 | 000,050,477 | ---- | M] () -- C:\Users\Ron\Desktop\Defogger.exe
[2012.08.17 10:52:30 | 000,229,328 | ---- | M] () -- C:\Users\Ron\Documents\1.drd
[2012.08.17 09:22:04 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.08.17 09:22:04 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.08.17 09:22:04 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2012.08.17 09:22:04 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2012.08.16 06:13:22 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\VT20120731.038
[2012.08.15 07:48:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 07:48:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.10 07:28:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini
[2012.08.03 09:13:23 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI
[2012.08.03 08:20:50 | 000,000,306 | ---- | M] () -- C:\Windows\setup.iss
[2012.07.29 22:32:36 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll

========== Files Created - No Company Name ==========

[2012.08.27 22:07:32 | 000,000,000 | ---- | C] () -- C:\Users\Ron\defogger_reenable
[2012.08.27 22:02:27 | 000,367,283 | ---- | C] () -- C:\Users\Ron\Desktop\rrrr.png
[2012.08.22 08:01:43 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012.08.22 08:01:43 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012.08.20 23:03:11 | 000,050,477 | ---- | C] () -- C:\Users\Ron\Desktop\Defogger.exe
[2012.08.17 10:51:41 | 000,229,328 | ---- | C] () -- C:\Users\Ron\Documents\1.drd
[2012.08.03 09:13:23 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012.08.03 07:23:43 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.07.26 21:02:50 | 000,000,017 | ---- | C] () -- C:\Users\Ron\AppData\Local\resmon.resmoncfg
[2012.07.16 22:51:43 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2012.07.02 20:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.06.09 19:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.05.30 11:52:20 | 004,305,920 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012.05.24 09:04:44 | 000,007,800 | ---- | C] () -- C:\Windows\cadx2.ini
[2012.05.21 18:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.04.22 22:12:22 | 004,424,704 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2012.04.09 01:39:46 | 000,260,608 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2012.04.09 01:39:32 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2012.04.09 01:39:32 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2012.04.09 01:39:30 | 001,525,248 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2012.04.09 01:39:30 | 000,146,944 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2012.04.09 01:39:28 | 000,212,480 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2012.04.09 01:39:28 | 000,115,200 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2012.04.09 01:39:26 | 000,328,704 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2012.03.29 16:21:26 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012.03.29 16:21:18 | 006,582,226 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll
[2012.03.29 16:21:18 | 001,152,365 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll
[2012.03.29 16:21:18 | 000,374,152 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2012.03.29 16:21:18 | 000,207,872 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012.03.29 16:21:18 | 000,144,523 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
[2011.12.07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2011.09.08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011.09.08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011.09.08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011.09.08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011.09.08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011.09.08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011.09.08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011.09.08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011.09.08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011.09.08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011.05.30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.05.23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:63238B95

< End of report >



OTL Extras logfile created on: 27.08.2012 22:09:18 - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Ron\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,51% Memory free
8,00 Gb Paging File | 6,70 Gb Available in Paging File | 83,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,04 Gb Total Space | 31,37 Gb Free Space | 12,86% Space Free | Partition Type: NTFS
Drive D: | 394,40 Gb Total Space | 313,81 Gb Free Space | 79,57% Space Free | Partition Type: NTFS
Drive E: | 292,97 Gb Total Space | 292,84 Gb Free Space | 99,96% Space Free | Partition Type: NTFS

Computer Name: RON-PC | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DE15ECC-1074-4065-8226-63DEF8F7B2CF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{24D3C5BF-CDEF-412E-975C-120511347274}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2C64FE62-1BCD-45EF-941A-CB0C26C43513}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{3BE74966-F68E-454D-924B-AA56086E4C2E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{3CF90730-A9FB-465D-AF19-04CEA52B48C9}" = protocol=17 | dir=in | app=e:\program files (x86)\utorrent\utorrent.exe |
"{441C158E-9854-4317-B8F1-30884C129DD2}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{474DBF33-0AE7-4D7F-A0B7-91688FE0B632}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4ECCC490-EE56-4CFC-9D79-568653D12B6A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8593CE7B-1091-4818-BF4E-D3CFB84F2769}" = protocol=6 | dir=in | app=c:\program files (x86)\valve\steam\steam.exe |
"{900E119C-018F-4A20-8797-8DBD884BF694}" = protocol=17 | dir=in | app=c:\users\ron\appdata\local\directdownloader\directdownloader.exe |
"{925A4C36-9758-4A59-A510-CC15BBDE6A40}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9CEB702B-3A09-46E5-98BE-061740A32398}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"{9F6B5689-1FF9-4CAE-972F-26C662A46C9F}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{A10F2579-13E4-444E-A26E-A966A14AE3EF}" = protocol=6 | dir=in | app=e:\program files (x86)\utorrent\utorrent.exe |
"{A9BB97D1-FD16-4427-8658-21265011960D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AC76AB10-1F58-4907-9A46-455B902587BC}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{AE830E02-6C06-4EA8-BFA9-252525C306CA}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"{B4C80D68-42CB-4319-8319-655DEB3143A9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{B8AB3605-7402-4652-A3FF-C17451799C9B}" = protocol=17 | dir=in | app=c:\program files (x86)\valve\steam\steam.exe |
"{DF488D9A-53EA-45CC-BD79-0B0C855E033A}" = protocol=6 | dir=in | app=c:\users\ron\appdata\local\directdownloader\directdownloader.exe |
"{DF863B65-A92F-4D98-B6CF-8F12AFCBA6D0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{EDA87F4F-18A9-4ECC-A7FC-DCAD1FB1D8EC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8CC65BF-5813-45BB-9493-6AF06EAD5606}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{FD2E90AD-7052-47AA-8AE6-11B415B4362F}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
"TCP Query User{2D85FCEF-40C4-4752-A4BD-FF1581199538}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{22E16EF6-5F03-4465-BE69-67966172DD6D}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BC84C1E9-F4D4-4B8E-B35C-C88EEA0A5201}" = O&O Defrag Professional
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON SX420W Series" = Druckerdeinstallation für EPSON SX420W Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
"x64 Components_is1" = x64 Components v3.7.1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.2
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"EPSON Scanner" = EPSON Scan
"EPSON SX420W Series Manual" = EPSON SX420W Series Handbuch
"EPSON SX420W Series Network Guide" = EPSON SX420W Series Netzwerk-Handbuch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Rainlendar2" = Rainlendar2 (remove only)
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 4.0.3
"WinZip" = WinZip

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23.08.2012 18:30:30 | Computer Name = Ron-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 396875

Error - 23.08.2012 18:30:30 | Computer Name = Ron-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 396875

Error - 23.08.2012 18:30:45 | Computer Name = Ron-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 23.08.2012 18:30:45 | Computer Name = Ron-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 412875

Error - 23.08.2012 18:30:45 | Computer Name = Ron-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 412875

Error - 23.08.2012 18:31:01 | Computer Name = Ron-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 23.08.2012 18:31:02 | Computer Name = Ron-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 428500

Error - 23.08.2012 18:31:02 | Computer Name = Ron-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 428500

Error - 24.08.2012 00:32:12 | Computer Name = Ron-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 25.08.2012 00:39:01 | Computer Name = Ron-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 26.08.2012 07:43:49 | Computer Name = Ron-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ Media Center Events ]
Error - 21.08.2012 20:09:00 | Computer Name = Ron-PC | Source = MCUpdate | ID = 0
Description = 02:08:57 - Fehler beim Herstellen der Internetverbindung. 02:08:59
- Serververbindung konnte nicht hergestellt werden..

Error - 21.08.2012 20:16:07 | Computer Name = Ron-PC | Source = MCUpdate | ID = 0
Description = 02:09:15 - Fehler beim Herstellen der Internetverbindung. 02:09:15
- Serververbindung konnte nicht hergestellt werden..

Error - 22.08.2012 19:35:43 | Computer Name = Ron-PC | Source = MCUpdate | ID = 0
Description = 01:35:41 - Fehler beim Herstellen der Internetverbindung. 01:35:42
- Serververbindung konnte nicht hergestellt werden..

Error - 22.08.2012 19:41:11 | Computer Name = Ron-PC | Source = MCUpdate | ID = 0
Description = 01:35:59 - Fehler beim Herstellen der Internetverbindung. 01:35:59
- Serververbindung konnte nicht hergestellt werden..

Error - 22.08.2012 20:41:15 | Computer Name = Ron-PC | Source = MCUpdate | ID = 0
Description = 02:41:15 - Fehler beim Herstellen der Internetverbindung. 02:41:15
- Serververbindung konnte nicht hergestellt werden..

Error - 22.08.2012 20:41:23 | Computer Name = Ron-PC | Source = MCUpdate | ID = 0
Description = 02:41:20 - Fehler beim Herstellen der Internetverbindung. 02:41:20
- Serververbindung konnte nicht hergestellt werden..

Error - 22.08.2012 21:41:30 | Computer Name = Ron-PC | Source = MCUpdate | ID = 0
Description = 03:41:30 - Fehler beim Herstellen der Internetverbindung. 03:41:30
- Serververbindung konnte nicht hergestellt werden..

Error - 22.08.2012 21:41:36 | Computer Name = Ron-PC | Source = MCUpdate | ID = 0
Description = 03:41:35 - Fehler beim Herstellen der Internetverbindung. 03:41:35
- Serververbindung konnte nicht hergestellt werden..

Error - 22.08.2012 22:41:43 | Computer Name = Ron-PC | Source = MCUpdate | ID = 0
Description = 04:41:43 - Fehler beim Herstellen der Internetverbindung. 04:41:43
- Serververbindung konnte nicht hergestellt werden..

Error - 22.08.2012 22:41:49 | Computer Name = Ron-PC | Source = MCUpdate | ID = 0
Description = 04:41:48 - Fehler beim Herstellen der Internetverbindung. 04:41:48
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 26.08.2012 13:32:42 | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE

Error - 26.08.2012 14:07:25 | Computer Name = Ron-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?08.?2012 um 19:33:16 unerwartet heruntergefahren.

Error - 26.08.2012 14:07:38 | Computer Name = Ron-PC | Source = DCOM | ID = 10010
Description =

Error - 26.08.2012 14:07:41 | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE

Error - 26.08.2012 14:10:12 | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE

Error - 26.08.2012 14:13:26 | Computer Name = Ron-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?08.?2012 um 20:10:41 unerwartet heruntergefahren.

Error - 26.08.2012 14:13:45 | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE

Error - 27.08.2012 15:29:56 | Computer Name = Ron-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?08.?2012 um 20:16:17 unerwartet heruntergefahren.

Error - 27.08.2012 15:30:12 | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE

Error - 27.08.2012 15:37:11 | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE


< End of report >


Ich hoffe sehr ihr könnt mir helfen,brauche doch meine Dateien wieder.

mfg Ron
Angehängte Dateien
Dateityp: txt OTL.Txt (84,9 KB, 159x aufgerufen)
Dateityp: txt Extras.Txt (42,0 KB, 169x aufgerufen)

Alt 29.08.2012, 10:06   #2
kira
/// Helfer-Team
 
Verschüsselungs Trojaner Alles Datein verschlüsselt - Standard

Verschüsselungs Trojaner Alles Datein verschlüsselt



Hallo und Herzlich Willkommen!

► Welche Art und Weise wurden die Daten (Eigene Dateien wie Bilder, Dokumente, Musik etc) bereits verschlüsselt? Kannst Du ein Beispiel nennen? Dateiändung wurden zugefügt (z.B "locked- .wxyz"), oder nach einem Zufallsprinzip besteht ein Dateiname aus Groß und Kleinbuchstaben (wie z.B QsEEUTODXNVqyssQ) andere?
Nämlich manche Varianten lassen sich entschlüsseln, andere wieder leider nicht..

gruß
kira
__________________

__________________

Alt 31.08.2012, 09:06   #3
Roony77
 
Verschüsselungs Trojaner Alles Datein verschlüsselt - Standard

Verschüsselungs Trojaner Alles Datein verschlüsselt



Hallo,
noch mal zum anfang ich hatte den Trojaner drauf und konnte nichts mehr machen es kamm ja immer dieser bildscshirm (bezahl mal 100€).
Da hab ich Windows neu aufgesetzt und danach halt mit Malwarebytes das ding entfernt.

Aber alle Datein die hab liegen auf Partition D:
Die nun ja leider verschlüsselt sind.

Die Bilder und Videos sind mit verschiedene Buchstaben in
groß und kleinschrift betitelt worden.

Ich hab mal ein Sreenshoot angehängt von ein Ordner mit Bildern.

mfg Ron
__________________
Angehängte Grafiken
Dateityp: png Datei Bilder.png (64,0 KB, 138x aufgerufen)

Alt 01.09.2012, 01:05   #4
kira
/// Helfer-Team
 
Verschüsselungs Trojaner Alles Datein verschlüsselt - Standard

Verschüsselungs Trojaner Alles Datein verschlüsselt



Diese Art der Verschlüsselung ist leider (noch immer) nicht reparierbar! -> zur Info: Es tut mir leid. Kein Happy End!
Datenentschlüsselung:
Wir sind intensiv mit der Lösung beschäftigt, wird das aber noch einige Zeit in Anspruch nehmen. Bisher leider kein Schema entdecken können, wie die Virenprogrammierern mit den Daten umgegangen sind (vlt einfach nur gestört und umbenannt?). Leider mußt du damit rechnen, diese Änderung vlt so gut wie nie rückgängig zu machen können.
Zwar stehen versch. Entschlüsselungsprogramme von namhaften Virenprogramm Herstellern uns zur Verfügung, allerdings waren bisher alle Versuche erfolglos

► Die einzige Chance deine Daten wiederherzustellen:
(Während der Aktion den Rechner vom Internet und Netzwerk trennen!)
-> Daten wiederherstellen mit ShadowExplorer
Vorgehen beim Verschlüsselungs-Trojaner :-> http://www.trojaner-board.de/114783-...ubersicht.html
** eventuell noch wenn Du weiß was für dateien sind (z.B *.jpg, *.doc usw) dann benenne sie alle wieder in Originalform wie vorher, also z.B in eine .jpg Datei

kann ich Dir nur viel Glück wünschen
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 01.09.2012, 06:11   #5
Roony77
 
Verschüsselungs Trojaner Alles Datein verschlüsselt - Standard

Verschüsselungs Trojaner Alles Datein verschlüsselt



Schade ,ich werd das mit shadow mal ausprobieren.
mfg ron


Alt 01.09.2012, 07:37   #6
kira
/// Helfer-Team
 
Verschüsselungs Trojaner Alles Datein verschlüsselt - Standard

Verschüsselungs Trojaner Alles Datein verschlüsselt



gleich das System neu aufspielen war Fehler, im Fall von Unklarheiten Du hättest ja bei uns nachfragen können...aber ich kann deine Reaktion echt verstehen, solch ein Situation mit einer Panikreaktion zu tun hat
__________________
--> Verschüsselungs Trojaner Alles Datein verschlüsselt

Alt 04.09.2012, 06:12   #7
Roony77
 
Verschüsselungs Trojaner Alles Datein verschlüsselt - Standard

Verschüsselungs Trojaner Alles Datein verschlüsselt



ich bin auf eure seite erst später gekommen.
Nach dem ich mich hier durchlesen hatte war mir schon klar das dass mit Neuinstalation blöd war.

Das mit der Schattenkopie klappt leider auch nicht.
Da sind nur 2 speicherpunkte nach der infektion.
Ich hab auf meiner extern platte noch ein Ordner mit originalen Bildern gefunden.
Da hab ich also in original und in verschlüsselter version.

Kann da vllt einer Helfen?

mfg Ron

Alt 04.09.2012, 08:21   #8
kira
/// Helfer-Team
 
Verschüsselungs Trojaner Alles Datein verschlüsselt - Standard

Verschüsselungs Trojaner Alles Datein verschlüsselt



wie gesagt die Originaldaten, die noch brauchbar sind extra sichern, dann alles formatieren, wo der Verschlüsselungs-Trojaner hat seine Spuren hinterlassen
oder die Festplatte ausbauen (also aufheben in den aktuellen Zustand) nicht mehr etwas löschen, ändern! eine neue Festplatte kaufen und einbauen, Windows drauf installieren damit Du am PC arbeiten kannst!
Die befallene Platte (externe Platte) auf Seite legen und warten solange, bis es eine Lösung gibt
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu Verschüsselungs Trojaner Alles Datein verschlüsselt
autorun, bho, bonjour, converter, datein entschlüsseln, datein retten, downloader, error, fehler, firefox, flash player, format, home, install.exe, langs, launch, logfile, mozilla, musik, nvidia update, problem, realtek, registry, rundll, scan, search the web, security, software, symantec, trojaner, udp, verschlüsselte dateien, verschlüsselung trojaner, windows



Ähnliche Themen: Verschüsselungs Trojaner Alles Datein verschlüsselt


  1. Meine Word Datein sind mit VCEMIYB verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 31.10.2014 (3)
  2. Windows 8.1 (64) : TR/crypt.zpack.gen und cryptowall: persönliche Datein verschlüsselt
    Log-Analyse und Auswertung - 29.05.2014 (3)
  3. Yahoo verschlüsselt jetzt – fast alles
    Nachrichten - 03.04.2014 (0)
  4. BSI Trojaner februar 2013, datein verschlüsselt mögliche rettung der Datein
    Log-Analyse und Auswertung - 25.02.2013 (9)
  5. Win XP, Trojaner XP DEFENDER wandelt Datein in Dateityp 4G um
    Log-Analyse und Auswertung - 11.01.2013 (1)
  6. Ucash Trojaner - alle Datein verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (2)
  7. Trojaner nennt meine datein um, hilflos!!!
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (1)
  8. Alles verschlüsselt und komm mit den verschlüsselungsprogs nicht klar
    Log-Analyse und Auswertung - 10.07.2012 (4)
  9. Alles verschlüsselt....
    Plagegeister aller Art und deren Bekämpfung - 17.06.2012 (2)
  10. ukash Tojaner hatt alles Verschlüsselt
    Log-Analyse und Auswertung - 14.06.2012 (5)
  11. Datein verschlüsselt nach Mail von Spreadshirt und Rechnung.zip
    Log-Analyse und Auswertung - 06.06.2012 (5)
  12. Windows Datein Verschlüsselt
    Log-Analyse und Auswertung - 06.06.2012 (3)
  13. Windows-Verschüsselungs Trojaner / kein abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 31.05.2012 (1)
  14. Windows Sicherheits Trojaner (Datein entschlüsseln)
    Log-Analyse und Auswertung - 29.05.2012 (1)
  15. TR/Crypt.Gypikon.B.5 in Avira's Quarantäne gefunden - dennoch alles verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 15.05.2012 (7)
  16. Verschlüsselungs trojaner/////Log datein vorhanden
    Mülltonne - 03.05.2012 (1)
  17. Alles Datein von USb-Speicherkarten werden als Verküpfung angezeigt und lassen sich nicht öffnen!
    Plagegeister aller Art und deren Bekämpfung - 24.10.2011 (25)

Zum Thema Verschüsselungs Trojaner Alles Datein verschlüsselt - Hallo, ich auch das Problem mit den Verschlüsselung Trojaner. er hab bei mir alles Bilder ,Videos und musik unbrauchbar gemacht. Ich hatte bei der blöden mail leider irgendwie den anhang - Verschüsselungs Trojaner Alles Datein verschlüsselt...
Archiv
Du betrachtest: Verschüsselungs Trojaner Alles Datein verschlüsselt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.