Ransom_CRYPCHIM.CD
Plate-forme:
Windows
Overall Risk:
Dommages potentiels: :
Distribution potentielle: :
reportedInfection:
Faible
Medium
Élevé
Critique
Type de grayware:
Trojan
Destructif:
Non
Chiffrement:
In the wild::
Oui
Overview
Löscht Dateien, so dass Programme und Anwendungen nicht ordnungsgemäß ausgeführt werden.
Détails techniques
File size: 31,744 bytes
File type: EXE
Memory resident: Oui
Date de réception des premiers échantillons: 24 février 2016
Installation
Schleust die folgenden Eigenkopien in das betroffene System ein:
- %Application Data%\Microsoft\viFIYqeh.exe
(Hinweis: %Application Data% ist der Ordner 'Anwendungsdaten' für den aktuellen Benutzer, normalerweise C:\Windows\Profile\{Benutzername}\Anwendungsdaten unter Windows 98 und ME, C:\WINNT\Profile\{Benutzername}\Anwendungsdaten unter Windows NT und C:\Dokumente und Einstellungen\{Benutzername}\Lokale Einstellungen\Anwendungsdaten unter Windows 2000, XP und Server 2003.)
Autostart-Technik
Fügt folgende Registrierungseinträge hinzu, um bei jedem Systemstart automatisch ausgeführt zu werden.
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
xoeKjOnW = "%Application Data%\Microsoft\viFIYqeh.exe "
Andere Systemänderungen
Löscht die folgenden Dateien:
- %Application Data%\Microsoft\viFIYqeh.exe:Zone.Identifier
- %User Profile%\S-1-5-21-1645522239-1292428093-682003330-1003\4f713f25713286bf3f356212d58da0d3_6abce574-4afc-42c5-8ab9-5739a84d8a8b
- %User Profile%\S-1-5-21-1645522239-1292428093-682003330-1003\36f0d5a0f59ffd86fd28ec2fbc63b443_6abce574-4afc-42c5-8ab9-5739a84d8a8b
- %System Root%\AUTOEXEC.BAT!-==kronstar21@gmail.com=--.crypt
- %System Root%\boot.ini!-==kronstar21@gmail.com=--.crypt
- %System Root%\CONFIG.SYS!-==kronstar21@gmail.com=--.crypt
- %Desktop%.ini!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Internet Explorer\brndlog.bak!-==kronstar21@gmail.com=--.crypt
- %Desktop%.htt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Security\directories.acrodata!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Internet Explorer\brndlog.txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Quick Launch\Show Desktop.scf!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Quick Launch\Launch Internet Explorer Browser.lnk!-==kronstar21@gmail.com=--.crypt
- %User Profile%\{AC76BA86-7AD7-1033-7B44-AA0000000001}\ABCPY.INI!-==kronstar21@gmail.com=--.crypt
- %User Profile%\{AC76BA86-7AD7-1033-7B44-AA0000000001}\Setup.ini!-==kronstar21@gmail.com=--.crypt
- %User Profile%\MMC\secpol!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Protect\CREDHIST!-==kronstar21@gmail.com=--.crypt
- %User Profile%\S-1-5-21-1645522239-1292428093-682003330-1003\f6162a60-d311-478d-9f36-8fb2e67df5b7!-==kronstar21@gmail.com=--.crypt
- %User Profile%\{AC76BA86-7AD7-1033-7B44-AA0000000001}\setup.exe!-==kronstar21@gmail.com=--.crypt
- %User Profile%\S-1-5-21-1645522239-1292428093-682003330-1003\Preferred!-==kronstar21@gmail.com=--.crypt
- %User Profile%\{AC76BA86-7AD7-1033-7B44-AA0000000001}\AcroRead.msi!-==kronstar21@gmail.com=--.crypt
- %User Profile%\S-1-5-18\d42cc0c3858a58db2db37658219e6400_6abce574-4afc-42c5-8ab9-5739a84d8a8b!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Themes\Custom.theme!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@atdmt[2].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@bing[2].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\index.dat!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@doubleclick[1].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@c.msn[2].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@c.atdmt[2].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@microsoft[1].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Media Player\UserMigratedStore_59R.bin!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@msnportal.112.2o7[1].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@msn[2].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@www.msn[1].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Pbk\sharedaccess.ini!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Pbk\rasphone.pbk!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@www.bing[2].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Cookies\wilbert@scorecardresearch[2].txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Media Player\DefaultStore_59R.bin!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\airplane.bmp!-==kronstar21@gmail.com=--.crypt
- %Favorites%\Links\Windows Marketplace.url!-==kronstar21@gmail.com=--.crypt
- %Favorites%\Links\Customize Links.url!-==kronstar21@gmail.com=--.crypt
- %Favorites%\Links\Free Hotmail.url!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\ball.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\butterfly.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\beach.bmp!-==kronstar21@gmail.com=--.crypt
- %Favorites%\Links\Windows Media.url!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\astronaut.bmp!-==kronstar21@gmail.com=--.crypt
- %Favorites%\MSN.com.url!-==kronstar21@gmail.com=--.crypt
- %Favorites%\Links\Windows.url!-==kronstar21@gmail.com=--.crypt
- %Favorites%\Radio Station Guide.url!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\dirt bike.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\car.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\cat.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\chess.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\dog.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\drip.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\duck.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\frog.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\fish.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\guitar.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\kick.bmp!-==kronstar21@gmail.com=--.crypt
- %Application Data%\GDIPFONTCACHEV1.DAT!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\palm tree.bmp!-==kronstar21@gmail.com=--.crypt
- %Application Data%\IconCache.db!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\horses.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\lift-off.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\pink flower.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\skater.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\red flower.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\User Account Pictures\guest.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Default Pictures\snowflake.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\User Account Pictures\Wilbert.bmp!-==kronstar21@gmail.com=--.crypt
- %Application Data%\Microsoft\Internet Explorer\MSIMGSIZ.DAT!-==kronstar21@gmail.com=--.crypt
- %Application Data%\Microsoft\viFIYqeh.exe!-==kronstar21@gmail.com=--.crypt
- %Application Data%\Microsoft\Windows Media\9.0\WMSDKNS.DTD!-==kronstar21@gmail.com=--.crypt
- %Application Data%\Microsoft\Windows Media\9.0\WMSDKNS.XML!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst1.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst10.wpl!-==kronstar21@gmail.com=--.crypt
- %Application Data%\Microsoft\Media Player\CurrentDatabase_59R.wmdb!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst11.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst12.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst13.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst2.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst15.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst14.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst3.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst4.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\History.IE5\index.dat!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Sample Music\New Stories (Highway Blues).wma!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst8.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst7.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst5.wpl!-==kronstar21@gmail.com=--.crypt
- %Application Data%\Microsoft\Wallpaper1.bmp!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst9.wpl!-==kronstar21@gmail.com=--.crypt
- %User Temp%\58e0ef.mst!-==kronstar21@gmail.com=--.crypt
- %User Profile%\0008044E\Plylst6.wpl!-==kronstar21@gmail.com=--.crypt
- %User Profile%\MSHist012013061320130614\index.dat!-==kronstar21@gmail.com=--.crypt
- %User Temp%\AdobeSFX.log!-==kronstar21@gmail.com=--.crypt
- %User Temp%\ASPNETSetup_00000.log!-==kronstar21@gmail.com=--.crypt
- %User Temp%\AdobeARM.log!-==kronstar21@gmail.com=--.crypt
- %User Temp%\ASPNETSetup_00002.log!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_dotnetfx35error.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_dotNetFx40_Full_x86_x64_decompression_log.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\ASPNETSetup_00001.log!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Sample Pictures\Blue hills.jpg!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_depcheck_NETFX_EXP_35.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_dotnetfx35install.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_netfx20UI7F16.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_MSXML6_MSI0686.txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Sample Pictures\Sunset.jpg!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Sample Pictures\Water lilies.jpg!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Sample Pictures\Winter.jpg!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_vcredistUI3CAA.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_vcredistUI7C21.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_wcf_CA_smci_20111017_044900_062.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_wcf_retCA29BA.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_WIC.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_XPS.txt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\DRM\drmv2.lic!-==kronstar21@gmail.com=--.crypt
- %User Profile%\DRM\drmv2.sst!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_RGB9RAST_x86.msi0683.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_vcredistMSI7C21.txt!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Accessibility\Accessibility Wizard.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Accessibility\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Calculator.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Communications\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Communications\HyperTerminal.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Communications\Network Connections.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Communications\Network Setup Wizard.lnk!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_NET_Framework35_MSI07B9.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\Microsoft Visual C++ 2010 x86 Redistributable Setup_20111020_000954642-MSI_vc_red.msi.txt!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Communications\New Connection Wizard.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Communications\Remote Desktop Connection.lnk!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_vcredistMSI3CAA.txt!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk!-==kronstar21@gmail.com=--.crypt
- %User Temp%\uxeventlog.txt!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %User Temp%\Microsoft Visual C++ 2010 x86 Redistributable Setup_20111020_000954642.html!-==kronstar21@gmail.com=--.crypt
- %User Temp%\vminst.log_20130313_012352_Failed.log!-==kronstar21@gmail.com=--.crypt
- %User Temp%\vminst.log_20111016_212239_Failed.log!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Entertainment\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %User Temp%\vminst.log_20130313_012028.log!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Entertainment\Sound Recorder.lnk!-==kronstar21@gmail.com=--.crypt
- %User Temp%\Microsoft .NET Framework 4 Setup_20111016_234618578-MSI_netfx_Extended_x86.msi.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\Microsoft .NET Framework 4 Setup_20111016_234618578.html!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Entertainment\Volume Control.lnk!-==kronstar21@gmail.com=--.crypt
- %User Temp%\WSFF8.tmp!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Paint.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\System Tools\Backup.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\System Tools\Character Map.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\System Tools\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_netfx20MSI7F16.txt!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\System Tools\Disk Cleanup.lnk!-==kronstar21@gmail.com=--.crypt
- %User Temp%\vmmsi.log_20130313_012352_Failed.log!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\System Tools\Disk Defragmenter.lnk!-==kronstar21@gmail.com=--.crypt
- %User Temp%\WSFF9.tmp!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\System Tools\Security Center.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\System Tools\System Restore.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\System Tools\System Information.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\System Tools\Scheduled Tasks.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Administrative Tools\Component Services.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\WordPad.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Administrative Tools\Computer Management.lnk!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_NET_Framework30_Setup0775.txt!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Administrative Tools\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Administrative Tools\Local Security Policy.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Administrative Tools\Performance.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Administrative Tools\Event Viewer.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Administrative Tools\Data Sources (ODBC).lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Administrative Tools\Services.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Adobe Reader X.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\53CAC6A10B6248682CF221B24A92[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\4[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\5c5d9b9cb6c19bcac7f82d676b488b[1].css!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\8213D9F75AD098D48F237D6CCC29F8[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\adchoices_gif2[1].gif!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Freecell.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Hearts.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\836390dd7004a00c9b21db33678d84[1].png!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\ADSAdClient31[1].htm!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\ADSAdClient31[2].htm!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Internet Backgammon.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Internet Checkers.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Internet Hearts.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Internet Reversi.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\BA1FA617D2822CCF20CF2239452095[1].jpg!-==kronstar21@gmail.com=--.crypt
- %User Temp%\Microsoft .NET Framework 4 Setup_20111016_234618578-MSI_netfx_Core_x86.msi.txt!-==kronstar21@gmail.com=--.crypt
- %User Temp%\vmmsi.log_20111016_212246_Failed.log!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Internet Spades.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\bottom_left3[1].png!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\bottom_right3[1].png!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Pinball.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Minesweeper.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\box02[1].gif!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Solitaire.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\MSN.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\c57bc2a7d38843d7c4aa8028fc9f82[1].gif!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Games\Spider Solitaire.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\1d56986ff895d82941fb9faf08c76f[1].css!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\d3a1be3129df1dc11a599ea57981b2[2].js!-==kronstar21@gmail.com=--.crypt
- %Common Startup%\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %User Temp%\vmmsi.log_20130313_012028.log!-==kronstar21@gmail.com=--.crypt
- %User Temp%\dd_NET_Framework20_Setup06A7.txt!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\D2543C851E4AE4B1DB2DE3B1562DB[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\gw[1].js!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\top_left3[1].png!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Windows Movie Maker.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\all[1].js!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Windows Messenger.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\WinPcap\Uninstall WinPcap 4.1.2.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\WinPcap\WinPcap Web Site.url!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Windows Update.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\0000000001_000000000000000017246[1].gif!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Set Program Access and Defaults.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Windows Catalog.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\5280118e68aedbc5821d17132a5340[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\anatm[1].js!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\8adae8665171049ce4960396c72c86[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\15A727F1384E33C33F18A135D9710[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\BA0EAC3FA44E01BE67D7651C9E60[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\box04[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\box08[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\9FFCFB0D17D6A8FD7C27416ED0DB[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\cc36ca69630adc1a2052edc7351a47[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\ADSAdClient31[1].htm!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\header00b[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\primedns[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\923334461022280076d968be269386[1].png!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\primedns[2].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\09RWHJQN\msn[1].htm!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\table_bottom3[1].png!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\sck[1].htm!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\614595fba50d96389708a4135776e4[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\1db850e671ac9a39751a1482909ea6[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\617475cf39bf6f5c0bd6ecb985335c[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\147[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\ecbrolfa1ff2b64fe659f792daafb90b16a4[1].js!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\BVLBNMKH\jquery-1.4.2.min[1].js!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\index.dat!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\9E82BCBB661C2665F77225A5DCC867[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\ADSAdClient31[2].htm!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\ADSAdClient31[1].htm!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\dapmsn[1].js!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\box06[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\background[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\CDAB2F44A1591D2B308C20C6C15375[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\FD4957C9FB46179035C1C4F6407F10[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\msnhomepagehistory[1].aspx!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\primedns[2].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\primedns[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\primedns[3].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\290e7f0b12fa8a201581c74c1ae75a[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\table_right3[1].png!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\top_right3[1].png!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZDGZNKA5\GRedirect[2].aspx!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\4[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\37BA92E210D341BFDBF4126422A3D2[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\9b61bd1a420364db439350bebaac19[1].css!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\844DD2D2B4733FAE13849F794A7BD8[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\72541472A285479CAB60A1F736581[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\A5EE7088EC167F676F626203E7371[1].png!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\BCEE3611B4F81EDE9240922336F1[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\AB7F4D56A6421622DF40E72BA32B[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\BING_websearch_2[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\300x250_45914_4crocsl[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\ADSAdClient31[1].htm!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\sck[1].htm!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\footer00[1].gif!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\D8F68391953F21ECC405DCBA92D39[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\conditionalbanners[1].htm!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\qsonhs[1].aspx!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\en[1].js!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\F7D0CF254A92D3932EDCF252CA5AB4[1].jpg!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\table_top3[1].png!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\table_left3[1].png!-==kronstar21@gmail.com=--.crypt
- %User Profile%\My Music\Sample Music.lnk!-==kronstar21@gmail.com=--.crypt
- %User Profile%\My Pictures\Sample Pictures.lnk!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %User Profile%\ntuser.ini!-==kronstar21@gmail.com=--.crypt
- %User Profile%\SendTo\Compressed (zipped) Folder.ZFSendToTarget!-==kronstar21@gmail.com=--.crypt
- %User Profile%\SendTo\Mail Recipient.MAPIMail!-==kronstar21@gmail.com=--.crypt
- %Desktop% (create shortcut).DeskLink!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\ZSGKJKO6\widgets[1].js!-==kronstar21@gmail.com=--.crypt
- %User Profile%\SendTo\My Documents.mydocs!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Accessibility\Utility Manager.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Accessibility\Magnifier.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Accessibility\Narrator.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Command Prompt.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Address Book.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Program Compatibility Wizard.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Entertainment\Windows Media Player.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Synchronize.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Notepad.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Windows Explorer.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Accessories\Tour Windows XP.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Remote Assistance.lnk!-==kronstar21@gmail.com=--.crypt
- %User Startup%\xoeKjOnW.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Outlook Express.lnk!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Internet Explorer.lnk!-==kronstar21@gmail.com=--.crypt
- %User Startup%\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %User Profile%\ntuser.dat.LOG!-==kronstar21@gmail.com=--.crypt
- %Start Menu%\Programs\Windows Media Player.lnk!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\amipro.sam!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\excel4.xls!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\presenta.shw!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\excel.xls!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\powerpnt.ppt!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\lotus.wk4!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\sndrec.wav!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\quattro.wb2!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\winword.doc!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\winword2.doc!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\wordpfct.wpd!-==kronstar21@gmail.com=--.crypt
- %User Profile%\Templates\wordpfct.wpg!-==kronstar21@gmail.com=--.crypt
- %User Profile%\NTUSER.DAT!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\9STOYKO4\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\NF72HY20\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\246FT6TD\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %Application Data%\FontCache3.0.0.0.dat!-==kronstar21@gmail.com=--.crypt
- %Temporary Internet Files%\Content.IE5\PHOM4UYK\desktop.ini!-==kronstar21@gmail.com=--.crypt
- %User Profile%\{AC76BA86-7AD7-1033-7B44-AA0000000001}\Data1.cab!-==kronstar21@gmail.com=--.crypt
- %System Root%\IO.SYS!-==kronstar21@gmail.com=--.crypt
- %System Root%\MSDOS.SYS!-==kronstar21@gmail.com=--.crypt
- %System Root%\NTDETECT.COM!-==kronstar21@gmail.com=--.crypt
- %System Root%\ntldr!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Adobe.Reader.Dependencies.manifest!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\AGMGPUOptIn.ini!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\AcroRd32Info.exe!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\AcroTextExtractor.exe!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\AcroBroker.exe!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\AcroRd32.exe!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\cryptocme2.sig!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Eula.exe!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\IDTemplates\ENU\AdobeID.pdf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\IDTemplates\ENU\DefaultID.pdf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Legal\ENU\eula.ini!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Javascripts\JSByteCodeWin.bin!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Legal\ENU\license.html!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\LogTransport2.exe!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\PDFPrevHndlrShim.exe!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\PDFSigQFormalRep.pdf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\AcroForm\adobepdf.xdc!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Accessibility.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\AcroSign.prc!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\AcroForm\PMP\AdobePDF417.pmp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\AcroForm\PMP\QRCode.pmp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Annotations\Stamps\Words.pdf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\DVA.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Checkers.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\eBook.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\DigSig.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\IA32.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\EScript.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Multimedia\MPP\Flash.mpp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\PDDom.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Multimedia.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\MakeAccessible.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\ReadOutLoud.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\reflow.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\AcroForm.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\SaveAsRTF.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Annots.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Search.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\SendMail.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Spelling.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\Updater.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\weblink.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\pmd.cer!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins3d\drvDX9.x3d!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\reader_sl.exe!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins3d\prc\MyriadCAD.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins3d\3difr.x3d!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins3d\tesselate.x3d!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins3d\drvSOFT.x3d!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins3d\2d.x3d!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\RTC.der!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins3d\drvDX8.x3d!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\add_reviewer.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\bl.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\br.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\distribute_form.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\email_initiator.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\email_all.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\create_form.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Services\Services.cfg!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\ended_review_or_form.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\end_review.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\forms_super.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins\PPKLite.api!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\forms_distributed.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\forms_received.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\info.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\plug_ins3d\prcr.x3d!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Services\DEXShare.spi!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\open_original_form.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\form_responses.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\main.css!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\SPPlugins\ADMPlugin.apl!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\pdf.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\reviews_joined.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\reviewers.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\rss.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\server_issue.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\reviews_sent.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\reviews_super.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\tr.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\review_shared.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\review_same_reviewers.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\review_browser.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\server_lg.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\tl.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\server_ok.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\stop_collection_data.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\review_email.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\submission_history.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\trash.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\turnOnNotificationInAcrobat.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\turnOnNotificationInTray.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\warning.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\turnOffNotificationInAcrobat.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Reader\Tracker\turnOffNotificationInTray.gif!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\ENUtxt.pdf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\ReadMe.htm!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\CourierStd-Bold.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\CourierStd-Oblique.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\CourierStd.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\CourierStd-BoldOblique.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\PFM\SY______.PFM!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\PFM\zx______.pfm!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\PFM\zy______.pfm!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\AdobePiStd.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\MinionPro-Bold.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\MinionPro-Regular.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\MinionPro-It.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\MyriadPro-Bold.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\MinionPro-BoldIt.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\SY______.PFB!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\MyriadPro-BoldIt.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\MyriadPro-It.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\brt.fca!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\MyriadPro-Regular.otf!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_CA.txt!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB_EURO.txt!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\brt32.clx!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\brt.hyp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\ZX______.PFB!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Font\ZY______.PFB!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\engphon.env!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\can32.clx!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\usa.fca!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\brt04.hsp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\can129.hsp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\eng32.clx!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\can.hyp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\brt55.ths!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\can03.ths!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\TypeSupport\Unicode\Mappings\Adobe\zdingbat.txt!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\eng.hyp!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT!-==kronstar21@gmail.com=--.crypt
- %Program Files%\Adobe\Reader 10.0\Resource\Linguistics\Providers\Proximity\11.00\usa03.hsp!-==kronstar21@gmail.com=--.crypt
Fügt die folgenden Registrierungsschlüssel hinzu:
HKEY_CURRENT_USER\Software\qQNagyOI
Fügt die folgenden Registrierungseinträge hinzu:
HKEY_CURRENT_USER\Software\qQNagyOI
BKvkWWib = "{random values}"
HKEY_CURRENT_USER\Software\qQNagyOI
MbdXpuCR = "{random values}"
HKEY_CURRENT_USER\Software\qQNagyOI
XsihfSWk = "{random values}"
Einschleusungsroutine
Schleust die folgenden Dateien ein:
- %User Startup%\xoeKjOnW.lnk
(Hinweis: %User Startup% ist der Ordner 'Autostart' des aktuellen Benutzers, normalerweise C:\Windows\Profile\{Benutzername}\Startmenü\Programme\Autostart unter Windows 98 und ME, C:\WINNT\Profile\{Benutzername}\Startmenü\Programme\Autostart unter Windows NT und C:\Dokumente und Einstellungen\{Benutzername}\Startmenü\Programme\Autostart.)
Solutions
Moteur de scan minimum: 9.8
Step 1
Für Windows ME und XP Benutzer: Stellen Sie vor einer Suche sicher, dass die Systemwiederherstellung deaktiviert ist, damit der gesamte Computer durchsucht werden kann.
Step 2
Im abgesicherten Modus neu starten
[ learnMore ]
Step 3
Diesen Registrierungsschlüssel löschen
[ learnMore ]
Wichtig: Eine nicht ordnungsgemäße Bearbeitung der Windows Registrierung kann zu einer dauerhaften Fehlfunktion des Systems führen. Führen Sie diesen Schritt nur durch, wenn Sie mit der Vorgehensweise vertraut sind oder wenn Sie Ihren Systemadministrator um Unterstützung bitten können. Lesen Sie ansonsten zuerst diesen Microsoft Artikel, bevor Sie die Registrierung Ihres Computers ändern.
- In HKEY_CURRENT_USER\Software
- qQNagyOI
Step 4
Diesen Registrierungswert löschen
[ learnMore ]
Wichtig: Eine nicht ordnungsgemäße Bearbeitung der Windows Registrierung kann zu einer dauerhaften Fehlfunktion des Systems führen. Führen Sie diesen Schritt nur durch, wenn Sie mit der Vorgehensweise vertraut sind oder wenn Sie Ihren Systemadministrator um Unterstützung bitten können. Lesen Sie ansonsten zuerst diesen Microsoft Artikel, bevor Sie die Registrierung Ihres Computers ändern.
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- xoeKjOnW = "%Application Data%\Microsoft\viFIYqeh.exe "
- In HKEY_CURRENT_USER\Software\qQNagyOI
- BKvkWWib = "{random values}"
- In HKEY_CURRENT_USER\Software\qQNagyOI
- MbdXpuCR = "{random values}"
- In HKEY_CURRENT_USER\Software\qQNagyOI
- XsihfSWk = "{random values}"
Step 5
Diese Datei suchen und löschen
[ learnMore ]
Möglicherweise sind einige Komponentendateien verborgen. Aktivieren Sie unbedingt das Kontrollkästchen Versteckte Elemente durchsuchen unter Weitere erweiterte Optionen, um alle verborgenen Dateien und Ordner in den Suchergebnissen zu berücksichtigen. - %User Startup%\xoeKjOnW.lnk
Step 6
Führen Sie den Neustart im normalen Modus durch, und durchsuchen Sie Ihren Computer mit Ihrem Trend Micro Produkt nach Dateien, die als Ransom_CRYPCHIM.CD entdeckt werden. Falls die entdeckten Dateien bereits von Ihrem Trend Micro Produkt gesäubert, gelöscht oder in Quarantäne verschoben wurden, sind keine weiteren Schritte erforderlich. Dateien in Quarantäne können einfach gelöscht werden. Auf dieser Knowledge-Base-Seite finden Sie weitere Informationen.
Participez à notre enquête!