Dateien verschlüsselt wegen e-mail Anhang
 

Ich habe heute leider einen Anhang einer E-Mail geöffnet.
Jetzt sind viele meiner Dateien verschlüsselt.
Auf meinem Desktop erscheint ein schwarzes Fenster mit einer Aufforderung auf Englisch,
dass ich einen Experten in Russland per E-Mail kontaktieren soll.
Systemwiederherstellung ist nicht möglich da keine Wiederherstellungspunkte vorhanden sind.
Kann mir bitte jemand helfen.
Ich habe bereits die ersten Schritte eingeleitet.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 02:07 on 27/11/2015 (Agando)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST Logfile:
--- --- ---FRST Additions Logfile:
--- --- ---

hi,

Screenshot der Meldung bitte. Welche Dateiendung haben die Dateien?

Guten Morgen Schrauber,

die Dateien enden auf vault.

Das ist die Kopie der Warnung auf dem Desktop, da ich nicht weiß wie der screenshot geht.

ATTENTION

All important files and information on this comuter (documents, databases, etc.) will be decrypted using a RSA cryptographic algorithm


Without special software decoding a single file with the help of the most powerful computers will take about a 20 years.


contact an expert on email: filesdecrypt@yandex.ru


Das sind noch die Dateien von Malewarebytes.


Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 26.11.2015
Suchlaufzeit: 22:42
Protokolldatei:
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2015.11.26.05
Rootkit-Datenbank: v2015.11.23.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Agando

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 351431
Abgelaufene Zeit: 13 Min., 38 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 55
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110311901190}, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110311901190}, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440344904490}, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550355905590}, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660366906690}, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550355905590}, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660366906690}, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{55555555-5555-5555-5555-550355905590}, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{66666666-6666-6666-6666-660366906690}, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440344904490}, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{44444444-4444-4444-4444-440344904490}, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\CLASSES\b7a57880e07e0130d0fb69dcaeae62910039090.BHO.1, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110311901190}, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110311901190}, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\CLASSES\b7a57880e07e0130d0fb69dcaeae62910039090.BHO, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\WOW6432NODE\CLASSES\b7a57880e07e0130d0fb69dcaeae62910039090.BHO, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\WOW6432NODE\CLASSES\b7a57880e07e0130d0fb69dcaeae62910039090.BHO.1, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\CLASSES\WOW6432NODE\b7a57880e07e0130d0fb69dcaeae62910039090.BHO, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\CLASSES\WOW6432NODE\b7a57880e07e0130d0fb69dcaeae62910039090.BHO.1, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{11111111-1111-1111-1111-110311901190}, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKU\S-1-5-21-1411571865-1250767569-2074862372-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110311901190}, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKU\S-1-5-21-1411571865-1250767569-2074862372-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110311901190}, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220322902290}, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\CLASSES\b7a57880e07e0130d0fb69dcaeae62910039090.Sandbox.1, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\CLASSES\b7a57880e07e0130d0fb69dcaeae62910039090.Sandbox, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\WOW6432NODE\CLASSES\b7a57880e07e0130d0fb69dcaeae62910039090.Sandbox, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\CLASSES\WOW6432NODE\b7a57880e07e0130d0fb69dcaeae62910039090.Sandbox, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\WOW6432NODE\CLASSES\b7a57880e07e0130d0fb69dcaeae62910039090.Sandbox.1, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\CLASSES\WOW6432NODE\b7a57880e07e0130d0fb69dcaeae62910039090.Sandbox.1, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220322902290}, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{22222222-2222-2222-2222-220322902290}, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110311901190}\INPROCSERVER32, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Shop-Alarm, In Quarantäne, [b1ece79b711adc5ac98cfb32877ab54b],
PUP.Optional.CrossRider, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\22993, In Quarantäne, [cecf97eb9fec4beb44cfd1ab2ed58878],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{324E303F-1DC4-4260-BEE2-445935A07D0B}, In Quarantäne, [f0ad166ce3a8bb7b1afc7efeb84bc937],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{493B5630-072E-40EF-9B1C-5BAB7C80502C}, In Quarantäne, [f2ab0181533869cd52c3abd149bad729],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7E72493E-3616-4144-B2A3-030133726DC2}, In Quarantäne, [4954a2e0bad14cea2fe8de9e8182619f],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9BF4599A-0B06-4F5D-8ECC-CCAF3FB941BB}, In Quarantäne, [336ad7ab5f2c092d4ec70b71c43f936d],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C15E5361-2777-4B18-A8D5-308A94A29F20}, In Quarantäne, [6835077b89027abc918581fb946fb14f],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD909BF6-9CC3-4358-B706-E21F8167C203}, In Quarantäne, [653896ec731850e60314413b26dd758b],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\22993, In Quarantäne, [0796afd38704b284df341e5e788b4db3],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{324E303F-1DC4-4260-BEE2-445935A07D0B}, In Quarantäne, [524b760c3358ee48d73f413bd82b1be5],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{493B5630-072E-40EF-9B1C-5BAB7C80502C}, In Quarantäne, [c8d52959f497003654c13b416f94e020],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7E72493E-3616-4144-B2A3-030133726DC2}, In Quarantäne, [8d10631f4744ff3785926e0e47bc9e62],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9BF4599A-0B06-4F5D-8ECC-CCAF3FB941BB}, In Quarantäne, [25781b67c4c72d09b065d9a33bc8f20e],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C15E5361-2777-4B18-A8D5-308A94A29F20}, In Quarantäne, [3865dfa3e5a669cdb85e6a12b74c37c9],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD909BF6-9CC3-4358-B706-E21F8167C203}, In Quarantäne, [613c730f5f2ca59148cf3c40c241c739],
PUP.Optional.CrossRider, HKU\S-1-5-21-1411571865-1250767569-2074862372-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [ff9ebdc5e5a6c0768b5a2e4ca261a65a],
PUP.Optional.CrossRider, HKU\S-1-5-21-1411571865-1250767569-2074862372-1000\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\22993, In Quarantäne, [36679ee4236883b3c831433756ad728e],
PUP.Optional.CrossRider, HKU\S-1-5-21-1411571865-1250767569-2074862372-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{324E303F-1DC4-4260-BEE2-445935A07D0B}, In Quarantäne, [ddc002800586c86ea84dfa8124df5da3],
PUP.Optional.CrossRider, HKU\S-1-5-21-1411571865-1250767569-2074862372-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{493B5630-072E-40EF-9B1C-5BAB7C80502C}, In Quarantäne, [6637e79baae1a29420d43843c93af30d],
PUP.Optional.CrossRider, HKU\S-1-5-21-1411571865-1250767569-2074862372-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7E72493E-3616-4144-B2A3-030133726DC2}, In Quarantäne, [4c51f68c2665da5cde18a2d9e22143bd],
PUP.Optional.CrossRider, HKU\S-1-5-21-1411571865-1250767569-2074862372-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9BF4599A-0B06-4F5D-8ECC-CCAF3FB941BB}, In Quarantäne, [efae91f1c5c635016a8ae3989271e31d],
PUP.Optional.CrossRider, HKU\S-1-5-21-1411571865-1250767569-2074862372-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C15E5361-2777-4B18-A8D5-308A94A29F20}, In Quarantäne, [3a63dca6503b6fc79461e3988b780af6],
PUP.Optional.CrossRider, HKU\S-1-5-21-1411571865-1250767569-2074862372-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD909BF6-9CC3-4358-B706-E21F8167C203}, In Quarantäne, [207d7f034d3e54e2bb3bef8c9f64be42],

Registrierungswerte: 20
PUP.Optional.ASK, HKU\S-1-5-21-1411571865-1250767569-2074862372-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{4F524A2D-5350-4500-76A7-7A786E7484D7}, In Quarantäne, [5449f68c52391224978b86c2b25007f9],
PUP.Optional.ASK, HKU\S-1-5-21-1411571865-1250767569-2074862372-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{4F524A2D-5350-4500-76A7-7A786E7484D7}, 䨭佒卐䔀ꝶ硺瑮힄, In Quarantäne, [5449f68c52391224978b86c2b25007f9]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{324e303f-1dc4-4260-bee2-445935a07d0b}|AppName, Shop-Alarm-buttonutil.exe, In Quarantäne, [f0ad166ce3a8bb7b1afc7efeb84bc937]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{493b5630-072e-40ef-9b1c-5bab7c80502c}|AppName, Shop-Alarm-bg.exe, In Quarantäne, [f2ab0181533869cd52c3abd149bad729]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7e72493e-3616-4144-b2a3-030133726dc2}|AppName, Shop-Alarm-codedownloader.exe, In Quarantäne, [4954a2e0bad14cea2fe8de9e8182619f]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9bf4599a-0b06-4f5d-8ecc-ccaf3fb941bb}|AppName, Shop-Alarm-bg.exe, In Quarantäne, [336ad7ab5f2c092d4ec70b71c43f936d]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c15e5361-2777-4b18-a8d5-308a94a29f20}|AppName, Shop-Alarm-buttonutil.exe, In Quarantäne, [6835077b89027abc918581fb946fb14f]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{cd909bf6-9cc3-4358-b706-e21f8167c203}|AppName, Shop-Alarm-codedownloader.exe, In Quarantäne, [653896ec731850e60314413b26dd758b]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{324e303f-1dc4-4260-bee2-445935a07d0b}|AppName, Shop-Alarm-buttonutil.exe, In Quarantäne, [524b760c3358ee48d73f413bd82b1be5]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{493b5630-072e-40ef-9b1c-5bab7c80502c}|AppName, Shop-Alarm-bg.exe, In Quarantäne, [c8d52959f497003654c13b416f94e020]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7e72493e-3616-4144-b2a3-030133726dc2}|AppName, Shop-Alarm-codedownloader.exe, In Quarantäne, [8d10631f4744ff3785926e0e47bc9e62]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9bf4599a-0b06-4f5d-8ecc-ccaf3fb941bb}|AppName, Shop-Alarm-bg.exe, In Quarantäne, [25781b67c4c72d09b065d9a33bc8f20e]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c15e5361-2777-4b18-a8d5-308a94a29f20}|AppName, Shop-Alarm-buttonutil.exe, In Quarantäne, [3865dfa3e5a669cdb85e6a12b74c37c9]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{cd909bf6-9cc3-4358-b706-e21f8167c203}|AppName, Shop-Alarm-codedownloader.exe, In Quarantäne, [613c730f5f2ca59148cf3c40c241c739]
PUP.Optional.CrossRider, HKU\S-1-5-21-1411571865-1250767569-2074862372-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{324e303f-1dc4-4260-bee2-445935a07d0b}|AppName, Shop-Alarm-buttonutil.exe, In Quarantäne, [ddc002800586c86ea84dfa8124df5da3]
PUP.Optional.CrossRider, HKU\S-1-5-21-1411571865-1250767569-2074862372-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{493b5630-072e-40ef-9b1c-5bab7c80502c}|AppName, Shop-Alarm-bg.exe, In Quarantäne, [6637e79baae1a29420d43843c93af30d]
PUP.Optional.CrossRider, HKU\S-1-5-21-1411571865-1250767569-2074862372-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7e72493e-3616-4144-b2a3-030133726dc2}|AppName, Shop-Alarm-codedownloader.exe, In Quarantäne, [4c51f68c2665da5cde18a2d9e22143bd]
PUP.Optional.CrossRider, HKU\S-1-5-21-1411571865-1250767569-2074862372-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9bf4599a-0b06-4f5d-8ecc-ccaf3fb941bb}|AppName, Shop-Alarm-bg.exe, In Quarantäne, [efae91f1c5c635016a8ae3989271e31d]
PUP.Optional.CrossRider, HKU\S-1-5-21-1411571865-1250767569-2074862372-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c15e5361-2777-4b18-a8d5-308a94a29f20}|AppName, Shop-Alarm-buttonutil.exe, In Quarantäne, [3a63dca6503b6fc79461e3988b780af6]
PUP.Optional.CrossRider, HKU\S-1-5-21-1411571865-1250767569-2074862372-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{cd909bf6-9cc3-4358-b706-e21f8167c203}|AppName, Shop-Alarm-codedownloader.exe, In Quarantäne, [207d7f034d3e54e2bb3bef8c9f64be42]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 2
PUP.Optional.CrossRider, C:\Program Files (x86)\Shop-Alarm, In Quarantäne, [574649390685ae8824a89ccf39ca03fd],
PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, In Quarantäne, [7c2186fc6427c37345caaabbb54d8f71],

Dateien: 17
PUP.Optional.ShopAlarm, C:\Program Files (x86)\Shop-Alarm\Shop-Alarm-bho64.dll, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, C:\Program Files (x86)\Shop-Alarm\Shop-Alarm-bho.dll, In Quarantäne, [1e7fe59dc1ca53e3d28326073fc2ae52],
PUP.Optional.ShopAlarm, C:\Program Files (x86)\Shop-Alarm\Shop-Alarm-bg.exe, In Quarantäne, [69340181cdbee3531e3766c7e9181ae6],
PUP.Optional.ShopAlarm, C:\Program Files (x86)\Shop-Alarm\Shop-Alarm-buttonutil.exe, In Quarantäne, [504d9ee4d7b4da5c1f367db04bb6c739],
PUP.Optional.ShopAlarm, C:\Program Files (x86)\Shop-Alarm\Shop-Alarm-buttonutil64.exe, In Quarantäne, [cfce3a48e1aaf2449abb0a23b74ae41c],
PUP.Optional.ShopAlarm, C:\Program Files (x86)\Shop-Alarm\Shop-Alarm-codedownloader.exe, In Quarantäne, [207d493997f4af871c39a5889a678e72],
PUP.Optional.ShopAlarm, C:\Program Files (x86)\Shop-Alarm\Uninstall.exe, In Quarantäne, [b1ece79b711adc5ac98cfb32877ab54b],
PUP.Optional.OptimizePro, C:\Users\Agando\AppData\Local\Temp\OptimizerPro_new.zip, In Quarantäne, [06973c46622984b2dbf09796649ce020],
Trojan.Dropper.SFXAI, C:\Users\Agando\AppData\Local\Temp\Temp1_Mahnung.zip\Mahnung\Mahnung.exe, In Quarantäne, [900db2d0a1eae155177c8f238a76c53b],
PUP.Optional.OptimizePro, C:\Users\Agando\AppData\Local\Temp\2bc7f693c2d13e046771d4aac84aa3fd\OptimizerPro.exe, In Quarantäne, [524b730f3e4d69cd507bb57812eeca36],
PUP.Optional.SofTonic, C:\Users\Agando\Downloads\SoftonicDownloader_fuer_openoffice-prooo-box.exe, In Quarantäne, [b8e509798902ee484f49e845649dfe02],
PUP.Optional.CrossRider, C:\Program Files (x86)\Shop-Alarm\background.html, In Quarantäne, [574649390685ae8824a89ccf39ca03fd],
PUP.Optional.CrossRider, C:\Program Files (x86)\Shop-Alarm\Installer.log, In Quarantäne, [574649390685ae8824a89ccf39ca03fd],
PUP.Optional.CrossRider, C:\Program Files (x86)\Shop-Alarm\Shop-Alarm-buttonutil.dll, In Quarantäne, [574649390685ae8824a89ccf39ca03fd],
PUP.Optional.CrossRider, C:\Program Files (x86)\Shop-Alarm\Shop-Alarm-buttonutil64.dll, In Quarantäne, [574649390685ae8824a89ccf39ca03fd],
PUP.Optional.CrossRider, C:\Program Files (x86)\Shop-Alarm\Shop-Alarm-helper.exe, In Quarantäne, [574649390685ae8824a89ccf39ca03fd],
PUP.Optional.CrossRider, C:\Program Files (x86)\Shop-Alarm\Shop-Alarm.ico, In Quarantäne, [574649390685ae8824a89ccf39ca03fd],

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

Eine Entschlüsselung ist nicht möglich, aber eventuell eine Bereinigung.