|
Plagegeister aller Art und deren Bekämpfung: Bundeskriminalamttrojaner bekämpft, aber verschlüsselte Dateien noch da, weil neue Art der verschlüsselung.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.08.2013, 19:59 | #1 |
| Bundeskriminalamttrojaner bekämpft, aber verschlüsselte Dateien noch da, weil neue Art der verschlüsselung. Habe das gleiche Problem mit dem BKA Trojaner. Erst System gerettet mit: HitmanPro. Dann weiter wegen der verschlüsselten Dateien. Bilder in der Ansicht im Original zu sehen, Doppelklicken zum Ansehen dann nicht mehr zu sehen, sondern so ein Spruch wegen den Decrypter. DecryptHelper kann die Bilder nicht wiederherstellen, da: Datei seien unterschiedlich groß (Erst befallene Datei Auswählen dann die Originale) oder mit "der Schlüssel hat eine unzulässige größe" Angezeigt wird, wenn man den Schlüssel erstellen will mit diesem Programm. Ich merke aber, beim Anklicken der betroffenen Bilder um es in Großansicht zu sehen (Windows Bild und Fax Anzeige), das kurz das Original Bild zu sehen und dann dass neue. Hier ein Screen mir Original in der Ansicht und dann in der Großansicht: hxxp://www.fotos-hochladen.net/uploads/trojanerfa9ko5tb8u.jpg Originalbild (hat noch mein Schatzy auf dem PC gehabt) hat eine Größe von 497kb und das geänderte eine Größe von 523kb. Dateiname wurde nicht geändert, wenn ich das so richtig sehe. Es hat den Anschein, das nur die Bilder (nicht alle) verschlüsselt worden, da ich Rechner ja sofort ausgemacht hatte. Suche aber weiterhin noch nach betroffenen Dateien. Wer kann helfen? Trojaner gestern eingefangen und wieder, wie oben beschrieben, bekämpft. Wer kann helfen bzw. hat eine Idee? Danke für die Hilfe. Die Logdateien von HitmanPro: Code:
ATTFilter HitmanPro 3.7.7.203 www.hitmanpro.com Computer name . . . . : HEIKEFRANK-PC Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : HeikeFrank-PC\HeikeFrank UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2013-08-27 18:41:41 Scan mode . . . . . . : Quick Scan duration . . . . : 3m 17s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 3.938 Files scanned . . . . : 3.938 Remnants scanned . . : 0 files / 0 keys Code:
ATTFilter HitmanPro 3.7.7.203 www.hitmanpro.com Computer name . . . . : HEIKEFRANK-PC Windows . . . . . . . : 6.1.1.7601.X64/4 User name . . . . . . : NT-AUTORITÄT\SYSTEM UAC . . . . . . . . . : Disabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2013-08-27 18:23:29 Scan mode . . . . . . : Normal Scan duration . . . . : 10m 48s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 70 Traces . . . . . . . : 418 Objects scanned . . . : 1.731.925 Files scanned . . . . : 56.710 Remnants scanned . . : 433.825 files / 1.241.390 keys Malware _____________________________________________________________________ C:\Users\HeikeFrank\AppData\Local\Dirty\DirtyDecrypt.exe -> Quarantined Size . . . . . . . : 24.576 bytes Age . . . . . . . : 0.3 days (2013-08-27 10:59:27) Entropy . . . . . : 7.7 SHA-256 . . . . . : AFDA8054EF87AAE6EBB5FABD8F523C1EEB1B43A084770E56E958C61DF0A6B86B > G Data . . . . . . : Trojan.Ransom.ABZ > Ikarus . . . . . . : Trojan-Ransomer!IK > Kaspersky . . . . : Trojan.Win32.Agent.hwvv Fuzzy . . . . . . : 116.0 Forensic Cluster -3.1s C:\Users\HeikeFrank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sqm\ -2.4s C:\Users\HeikeFrank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat -0.0s C:\Users\HeikeFrank\AppData\Roaming\Dirty\DirtyDecrypt.exe 0.0s C:\Users\HeikeFrank\AppData\Local\Dirty\DirtyDecrypt.exe C:\Users\HeikeFrank\AppData\Local\Microsoft\gKSzyzmI.exe -> Quarantined Size . . . . . . . : 260.096 bytes Age . . . . . . . : 1.0 days (2013-08-26 18:24:01) Entropy . . . . . : 7.8 SHA-256 . . . . . : F1868533101FD602919F11F4282BB75773340FB05CBE1BE51F5621A20C0E1052 Product Publisher Description . . . : Flash Player Version Copyright > Kaspersky . . . . : Trojan-Ransom.Win32.Blocker.cdov Fuzzy . . . . . . : 120.0 Forensic Cluster -0.2s C:\Users\HeikeFrank\AppData\Local\VirtualStore\Program Files (x86)\MIeeayhofh\ 0.0s C:\Users\HeikeFrank\AppData\Local\Microsoft\gKSzyzmI.exe 0.1s C:\{4A484EF0-BBE0-2C7D-9E17-0FB2EF09A212}\ 0.1s C:\{4A484EF0-BBE0-2C7D-9E17-0FB2EF09A212}\BRWRKany.exe 0.1s C:\{4A484EF0-BBE0-2C7D-9E17-0FB2EF09A212}\BRWRKany.exe 0.3s C:\Users\HeikeFrank\AppData\Local\Temp\tKZLcvPQ.exe 1.1s C:\Users\HeikeFrank\AppData\Roaming\Dirty\ 1.1s C:\Users\HeikeFrank\AppData\Roaming\Dirty\alertwall.jpg 1.1s C:\Users\HeikeFrank\AppData\Local\VirtualStore\Program Files (x86)\Dirty\ 1.1s C:\Users\HeikeFrank\AppData\Local\VirtualStore\Program Files (x86)\Dirty\ 1.3s C:\Users\HeikeFrank\AppData\Local\Temp\~DF7D0EA12FBC3C5F8C.TMP 1.3s C:\Users\HeikeFrank\AppData\Local\Temp\~DF7D0EA12FBC3C5F8C.TMP 1.3s C:\Users\HeikeFrank\AppData\Local\Temp\~DF7D0EA12FBC3C5F8C.TMP 1.3s C:\Users\HeikeFrank\AppData\Local\Temp\~DF7D0EA12FBC3C5F8C.TMP 3.9s C:\Program Files\Alwil Software\Avast4\DATA\chest\00000004 3.9s C:\Users\HeikeFrank\AppData\Local\Dirty\ 5.5s C:\Program Files\Alwil Software\Avast4\DATA\chest\00000005 5.6s C:\Users\HeikeFrank\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-893107783-1421941348-1903558643-1001\8653a53c8bd87df069122c8dac120643_9ed3e83a-4f32-455d-a93d-2de9a83001bc 5.7s C:\Users\HeikeFrank\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-893107783-1421941348-1903558643-1001\ebf27182cc14d9ff1b2ae95902004a56_9ed3e83a-4f32-455d-a93d-2de9a83001bc 6.2s C:\Users\HeikeFrank\AppData\Local\iQrBJXva\ 6.3s C:\Users\HeikeFrank\AppData\Local\VirtualStore\Program Files (x86)\MIeeayhofhjnlc\ 7.5s C:\Users\HeikeFrank\AppData\Local\VirtualStore\Program Files (x86)\MIeeayhofhjnlcuy\ 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\ 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\css\ 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\css\all.css 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\css\style-custom.css 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\ 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\1.jpg 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\agip.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\aral.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\arrow.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\avia.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-box-bottom.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-box.jpg 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-btn-sprite.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-fone.jpg 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-header-repeat.gif 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-html.jpg 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-li.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-track.gif 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\charge.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\content\ 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\content\img1.jpg 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\content\img2.jpg 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\content\img3.jpg 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\dotted-copy.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\dotted-small.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\dotted.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\content\img4.jpg 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\epay.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\esso.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\kash.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\kash.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\logo-ie.jpg 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\logo-ie.jpg 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\logo.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\netto.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\netto.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\oder.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\omv.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\paysafe.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\rossmann.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\shell.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\shell.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\total.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\webcam.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\webcam.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\westfalen.png 8.1s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\x.jpg 8.1s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\index.html 12.0s C:\Users\HeikeFrank\AppData\Local\VirtualStore\Program Files (x86)\MIeeayhofhj\ C:\Users\HeikeFrank\AppData\Local\Temp\tKZLcvPQ.exe -> Quarantined Size . . . . . . . : 260.096 bytes Age . . . . . . . : 1.0 days (2013-08-26 18:24:01) Entropy . . . . . : 7.8 SHA-256 . . . . . : F1868533101FD602919F11F4282BB75773340FB05CBE1BE51F5621A20C0E1052 Product Publisher Description . . . : Flash Player Version Copyright > Kaspersky . . . . : Trojan-Ransom.Win32.Blocker.cdov Fuzzy . . . . . . : 120.0 Forensic Cluster -0.5s C:\Users\HeikeFrank\AppData\Local\VirtualStore\Program Files (x86)\MIeeayhofh\ -0.3s C:\Users\HeikeFrank\AppData\Local\Microsoft\gKSzyzmI.exe -0.2s C:\{4A484EF0-BBE0-2C7D-9E17-0FB2EF09A212}\ -0.2s C:\{4A484EF0-BBE0-2C7D-9E17-0FB2EF09A212}\BRWRKany.exe -0.2s C:\{4A484EF0-BBE0-2C7D-9E17-0FB2EF09A212}\BRWRKany.exe 0.0s C:\Users\HeikeFrank\AppData\Local\Temp\tKZLcvPQ.exe 0.8s C:\Users\HeikeFrank\AppData\Roaming\Dirty\ 0.8s C:\Users\HeikeFrank\AppData\Roaming\Dirty\alertwall.jpg 0.8s C:\Users\HeikeFrank\AppData\Local\VirtualStore\Program Files (x86)\Dirty\ 0.8s C:\Users\HeikeFrank\AppData\Local\VirtualStore\Program Files (x86)\Dirty\ 1.0s C:\Users\HeikeFrank\AppData\Local\Temp\~DF7D0EA12FBC3C5F8C.TMP 1.0s C:\Users\HeikeFrank\AppData\Local\Temp\~DF7D0EA12FBC3C5F8C.TMP 1.0s C:\Users\HeikeFrank\AppData\Local\Temp\~DF7D0EA12FBC3C5F8C.TMP 1.0s C:\Users\HeikeFrank\AppData\Local\Temp\~DF7D0EA12FBC3C5F8C.TMP 3.6s C:\Program Files\Alwil Software\Avast4\DATA\chest\00000004 3.6s C:\Users\HeikeFrank\AppData\Local\Dirty\ 5.2s C:\Program Files\Alwil Software\Avast4\DATA\chest\00000005 5.3s C:\Users\HeikeFrank\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-893107783-1421941348-1903558643-1001\8653a53c8bd87df069122c8dac120643_9ed3e83a-4f32-455d-a93d-2de9a83001bc 5.4s C:\Users\HeikeFrank\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-893107783-1421941348-1903558643-1001\ebf27182cc14d9ff1b2ae95902004a56_9ed3e83a-4f32-455d-a93d-2de9a83001bc 5.9s C:\Users\HeikeFrank\AppData\Local\iQrBJXva\ 5.9s C:\Users\HeikeFrank\AppData\Local\VirtualStore\Program Files (x86)\MIeeayhofhjnlc\ 7.1s C:\Users\HeikeFrank\AppData\Local\VirtualStore\Program Files (x86)\MIeeayhofhjnlcuy\ 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\ 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\css\ 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\css\all.css 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\css\style-custom.css 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\ 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\1.jpg 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\agip.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\aral.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\arrow.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\avia.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-box-bottom.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-box.jpg 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-btn-sprite.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-fone.jpg 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-header-repeat.gif 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-html.jpg 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-li.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-track.gif 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\charge.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\content\ 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\content\img1.jpg 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\content\img2.jpg 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\content\img3.jpg 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\dotted-copy.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\dotted-small.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\dotted.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\content\img4.jpg 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\epay.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\esso.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\kash.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\kash.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\logo-ie.jpg 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\logo-ie.jpg 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\logo.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\netto.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\netto.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\oder.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\omv.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\paysafe.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\rossmann.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\shell.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\shell.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\total.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\webcam.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\webcam.png 7.7s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\westfalen.png 7.8s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\x.jpg 7.8s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\index.html 11.7s C:\Users\HeikeFrank\AppData\Local\VirtualStore\Program Files (x86)\MIeeayhofhj\ C:\Users\HeikeFrank\AppData\Roaming\Dirty\DirtyDecrypt.exe -> Quarantined Size . . . . . . . : 24.576 bytes Age . . . . . . . : 0.3 days (2013-08-27 10:59:27) Entropy . . . . . : 7.7 SHA-256 . . . . . : AFDA8054EF87AAE6EBB5FABD8F523C1EEB1B43A084770E56E958C61DF0A6B86B > G Data . . . . . . : Trojan.Ransom.ABZ > Ikarus . . . . . . : Trojan-Ransomer!IK > Kaspersky . . . . : Trojan.Win32.Agent.hwvv Fuzzy . . . . . . : 116.0 Forensic Cluster -3.1s C:\Users\HeikeFrank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sqm\ -2.4s C:\Users\HeikeFrank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat 0.0s C:\Users\HeikeFrank\AppData\Roaming\Dirty\DirtyDecrypt.exe 0.0s C:\Users\HeikeFrank\AppData\Local\Dirty\DirtyDecrypt.exe C:\{4A484EF0-BBE0-2C7D-9E17-0FB2EF09A212}\BRWRKany.exe -> Quarantined Size . . . . . . . : 260.096 bytes Age . . . . . . . : 1.0 days (2013-08-26 18:24:01) Entropy . . . . . : 7.8 SHA-256 . . . . . : F1868533101FD602919F11F4282BB75773340FB05CBE1BE51F5621A20C0E1052 Product Publisher Description . . . : Flash Player Version Copyright > Kaspersky . . . . : Trojan-Ransom.Win32.Blocker.cdov Fuzzy . . . . . . : 120.0 Forensic Cluster -0.3s C:\Users\HeikeFrank\AppData\Local\VirtualStore\Program Files (x86)\MIeeayhofh\ -0.1s C:\Users\HeikeFrank\AppData\Local\Microsoft\gKSzyzmI.exe -0.0s C:\{4A484EF0-BBE0-2C7D-9E17-0FB2EF09A212}\ 0.0s C:\{4A484EF0-BBE0-2C7D-9E17-0FB2EF09A212}\BRWRKany.exe 0.0s C:\{4A484EF0-BBE0-2C7D-9E17-0FB2EF09A212}\BRWRKany.exe 0.2s C:\Users\HeikeFrank\AppData\Local\Temp\tKZLcvPQ.exe 1.0s C:\Users\HeikeFrank\AppData\Roaming\Dirty\ 1.0s C:\Users\HeikeFrank\AppData\Roaming\Dirty\alertwall.jpg 1.0s C:\Users\HeikeFrank\AppData\Local\VirtualStore\Program Files (x86)\Dirty\ 1.0s C:\Users\HeikeFrank\AppData\Local\VirtualStore\Program Files (x86)\Dirty\ 1.2s C:\Users\HeikeFrank\AppData\Local\Temp\~DF7D0EA12FBC3C5F8C.TMP 1.2s C:\Users\HeikeFrank\AppData\Local\Temp\~DF7D0EA12FBC3C5F8C.TMP 1.2s C:\Users\HeikeFrank\AppData\Local\Temp\~DF7D0EA12FBC3C5F8C.TMP 1.2s C:\Users\HeikeFrank\AppData\Local\Temp\~DF7D0EA12FBC3C5F8C.TMP 3.8s C:\Program Files\Alwil Software\Avast4\DATA\chest\00000004 3.8s C:\Users\HeikeFrank\AppData\Local\Dirty\ 5.4s C:\Program Files\Alwil Software\Avast4\DATA\chest\00000005 5.5s C:\Users\HeikeFrank\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-893107783-1421941348-1903558643-1001\8653a53c8bd87df069122c8dac120643_9ed3e83a-4f32-455d-a93d-2de9a83001bc 5.6s C:\Users\HeikeFrank\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-893107783-1421941348-1903558643-1001\ebf27182cc14d9ff1b2ae95902004a56_9ed3e83a-4f32-455d-a93d-2de9a83001bc 6.1s C:\Users\HeikeFrank\AppData\Local\iQrBJXva\ 6.2s C:\Users\HeikeFrank\AppData\Local\VirtualStore\Program Files (x86)\MIeeayhofhjnlc\ 7.4s C:\Users\HeikeFrank\AppData\Local\VirtualStore\Program Files (x86)\MIeeayhofhjnlcuy\ 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\ 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\css\ 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\css\all.css 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\css\style-custom.css 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\ 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\1.jpg 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\agip.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\aral.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\arrow.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\avia.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-box-bottom.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-box.jpg 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-btn-sprite.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-fone.jpg 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-header-repeat.gif 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-html.jpg 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-li.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\bg-track.gif 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\charge.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\content\ 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\content\img1.jpg 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\content\img2.jpg 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\content\img3.jpg 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\dotted-copy.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\dotted-small.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\dotted.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\content\img4.jpg 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\epay.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\esso.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\kash.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\kash.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\logo-ie.jpg 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\logo-ie.jpg 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\logo.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\netto.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\netto.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\oder.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\omv.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\paysafe.png 7.9s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\rossmann.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\shell.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\shell.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\total.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\webcam.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\webcam.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\westfalen.png 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\images\x.jpg 8.0s C:\Users\HeikeFrank\AppData\Local\qAoHrCTf\index.html 11.9s C:\Users\HeikeFrank\AppData\Local\VirtualStore\Program Files (x86)\MIeeayhofhj\ Potential Unwanted Programs _________________________________________________ C:\Program Files (x86)\Conduit\ (Conduit) C:\Program Files (x86)\Conduit\Community Alerts\ (Conduit) C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (Conduit) Size . . . . . . . : 638.560 bytes Age . . . . . . . : 72.0 days (2013-06-16 17:13:35) Entropy . . . . . : 6.4 SHA-256 . . . . . : F22E58CDFE94D4A5FBBF2795A743B167ED9923E289E14654631E0077DD306C1D Product . . . . . : Alert Publisher . . . . : Conduit Ltd. Description . . . : Alert Version . . . . . : 1.1.4.1 Copyright . . . . : Copyright © Conduit Ltd. 2011. RSA Key Size . . . : 1024 Authenticode . . . : Valid Fuzzy . . . . . . : -7.0 C:\ProgramData\Babylon\ (Babylon) C:\ProgramData\Conduit\ (Conduit) C:\ProgramData\Conduit\conduitutil.exe (Conduit) Size . . . . . . . : 59.709 bytes Age . . . . . . . : 72.0 days (2013-06-16 17:13:00) Entropy . . . . . : 6.6 SHA-256 . . . . . : 98585CBB5977020B5B25F9AF315DE21B3D74FC820DC61CB7E9F36C41965FB222 Publisher . . . . : Conduit Version . . . . . : 0.0.0.1 Copyright . . . . : Conduit Ltd. Fuzzy . . . . . . : 0.0 C:\Users\HeikeFrank\AppData\Local\Conduit\ (Conduit) C:\Users\HeikeFrank\AppData\Roaming\Babylon\ (Babylon) C:\Users\HeikeFrank\AppData\Roaming\Babylon\log_file.txt (Babylon) HKLM\SOFTWARE\Classes\AppID\secman.DLL\ (Babylon) HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}\ (Babylon) HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}\ (Delta Search) HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}\ (Babylon) HKLM\SOFTWARE\Classes\Prod.cap\ (Claro) HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1\ (Babylon) HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager\ (Babylon) HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\secman.DLL\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}\ (Delta Search) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}\ (Babylon) HKLM\SOFTWARE\Wow6432Node\Babylon\ (Babylon) HKLM\SOFTWARE\Wow6432Node\DataMngr\ (SearchQU) HKU\S-1-5-21-893107783-1421941348-1903558643-1001\Software\AppDataLow\Software\Smartbar\ (Conduit) HKU\S-1-5-21-893107783-1421941348-1903558643-1001\Software\BabylonToolbar\ (Babylon) HKU\S-1-5-21-893107783-1421941348-1903558643-1001\Software\Conduit\ (Conduit) HKU\S-1-5-21-893107783-1421941348-1903558643-1001\Software\DataMngr\ (SearchQU) HKU\S-1-5-21-893107783-1421941348-1903558643-1001\Software\DataMngr_Toolbar\ (SearchQU) HKU\S-1-5-21-893107783-1421941348-1903558643-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) HKU\S-1-5-21-893107783-1421941348-1903558643-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon) HKU\S-1-5-21-893107783-1421941348-1903558643-1001_Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}\ (Yontoo) Repairs _____________________________________________________________________ Diese Einstellung entführt oder blockiert die Anwendung 'notepad.exe'. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe\Debugger
__________________ GLG.......................Diebaer |
27.08.2013, 20:08 | #2 |
/// the machine /// TB-Ausbilder | Bundeskriminalamttrojaner bekämpft, aber verschlüsselte Dateien noch da, weil neue Art der verschlüsselung. HI,
__________________wir können den Rechner zu Ende bereinigen. Deine Daten sind futsch, es gibt kein Tool zum Entschlüsseln. Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
27.08.2013, 21:36 | #3 |
| Bundeskriminalamttrojaner bekämpft, aber verschlüsselte Dateien noch da, weil neue Art der verschlüsselung. Hallöchen.
__________________Alles so gemacht wie darum gebeten wurde. FRST.txt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-08-2013 03 Ran by HeikeFrank (administrator) on 27-08-2013 22:28:36 Running from D:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashServ.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Conduit) C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin\cltmng.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Quanta Computer Inc.) C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe () C:\Program Files (x86)\Lenovo\Lenovo EBook&QuickNotes\TMCMonitor.exe (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Lenovo) C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe (ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashDisp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Conduit) C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files\Alwil Software\Avast4\setup\avast.setup (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe (Lenovo) C:\Program Files (x86)\Lenovo\Rapidboot\FBService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Samsung Electronics Co., Ltd.) C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\system32\PrintIsolationHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-16] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor) HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [456704 2012-02-20] () HKCU\...\Run: [AlcoholAutomount] - "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount [x] HKCU\...\Run: [SearchProtect] - C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-08] (Conduit) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [OSD Utility] - C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe [18275840 2012-03-15] (Quanta Computer Inc.) HKLM-x32\...\Run: [Lenovo Silver Silk Wireless Keyboard] - C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe [391680 2011-11-21] (Lenovo) HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM-x32\...\Run: [TMCMonitor] - C:\Program Files (x86)\Lenovo\Lenovo EBook&QuickNotes\TMCMonitor.exe [53248 2009-11-09] () HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-01-10] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [230696 2012-01-10] (CyberLink Corp.) HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.) HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe [1251120 2012-03-02] (Lenovo) HKLM-x32\...\Run: [SetDefaultSCR] - C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe [102400 2009-12-30] (Lenovo) HKLM-x32\...\Run: [avast!] - C:\Program Files\Alwil Software\Avast4\ashDisp.exe [79224 2007-12-04] (ALWIL Software) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] () HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC) HKLM-x32\...\Run: [SearchProtectAll] - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2852640 2013-05-08] (Conduit) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKU\Default\...\RunOnce: [themeset] - C:\Users\Default\AppData\Local\lenovo\SetWindow.exe [354816 2011-07-11] (Lenovo) HKU\Default User\...\RunOnce: [themeset] - C:\Users\Default\AppData\Local\lenovo\SetWindow.exe [354816 2011-07-11] (Lenovo) HKU\UpdatusUser\...\RunOnce: [themeset] - C:\Users\Default\AppData\Local\lenovo\SetWindow.exe [354816 2011-07-11] (Lenovo) AppInit_DLLs-x32: [0 ] () Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.) Startup: C:\Users\HeikeFrank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3297265&octid=CT3297265&SearchSource=61&CUI=UN18273871727749418&UM=2&UP=SP7E46FDBF-CF03-4C48-8B52-3D1DD2F3F6D8 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND SearchScopes: HKLM-x32 - DefaultScope {985824A0-A3D8-4842-8446-3B6AC9A5F03D} URL = SearchScopes: HKLM-x32 - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^man000^YY^&ptb=3A7E51F2-B1BE-4534-B6CE-70471A3F28E2&ind=2013022405&n=77fc48c5&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - DefaultScope {985824A0-A3D8-4842-8446-3B6AC9A5F03D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297265&CUI=UN18273871727749418&UM=2 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119828&babsrc=SP_ss&mntrId=0A24001C7BAB06F1 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {985824A0-A3D8-4842-8446-3B6AC9A5F03D} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297265&CUI=UN18273871727749418&UM=2 SearchScopes: HKCU - {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^Y6^man000^YY^&ptb=3A7E51F2-B1BE-4534-B6CE-70471A3F28E2&ind=2013022405&n=77fc48c5&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKCU - {C9CFB724-34A6-46D0-A609-9754D5B342A0} URL = hxxp://searchou.com/?q={searchTerms}&id=0a240d51000000000000001c7bab06f1&r=539 BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} hxxp://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR Extension: (MiaigNiPiC) - C:\Users\HEIKEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dncaejdgeiblfepebafplhiphiikmdgb\1 CHR Extension: (Iminent) - C:\Users\HEIKEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.13.4.1_0 CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx ==================== Services (Whitelisted) ================= R2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [17272 2007-12-04] (ALWIL Software) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [140664 2007-12-04] (ALWIL Software) R3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [247160 2007-12-04] (ALWIL Software) R3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [345464 2007-12-04] (ALWIL Software) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [1084192 2011-12-14] (Broadcom Corporation.) R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [97056 2013-05-08] (Conduit) R2 FastbootService; C:\Program Files (x86)\Lenovo\Rapidboot\FBService.exe [169776 2012-03-02] (Lenovo) S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-07-12] (Freemake) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-08-27] (SurfRight B.V.) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [237056 2012-04-26] (Samsung Electronics Co., Ltd.) S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x] S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [x] ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\System32\DRIVERS\aswMonFlt.sys [55888 2007-12-04] (ALWIL Software) R2 aswMonFlt; C:\Windows\SysWow64\DRIVERS\aswMonFlt.sys [45648 2007-12-04] (ALWIL Software) R3 AVer7231_x64; C:\Windows\System32\DRIVERS\AVer7231_x64.sys [1800448 2011-03-31] (AVerMedia TECHNOLOGIES, Inc.) R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [71440 2012-03-02] (Windows (R) Win 7 DDK provider) R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [257128 2011-09-02] (Realtek Semiconductor Corp.) R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1094248 2011-12-30] (Realtek Semiconductor Corporation ) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2013-02-23] () S2 Aspi32; No ImagePath S2 DLPortIO; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-27 22:28 - 2013-08-27 22:28 - 00000000 ____D C:\FRST 2013-08-27 21:23 - 2013-08-27 21:23 - 00048200 _____ C:\Users\HeikeFrank\Documents\Antwort-Klage-O2-Berufungvom27.8.13.odt 2013-08-27 20:20 - 2013-08-27 20:53 - 00000000 ____D C:\Users\HeikeFrank\Documents\DecryptHelper 2013-08-27 18:52 - 2013-08-27 18:52 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-08-27 18:52 - 2013-08-27 18:52 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-08-27 18:52 - 2013-08-27 18:52 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-27 18:52 - 2013-08-27 18:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-27 18:52 - 2013-08-27 18:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-27 18:52 - 2013-08-27 18:52 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-27 18:52 - 2013-08-27 18:52 - 00000000 ____D C:\ProgramData\Sun 2013-08-27 18:52 - 2013-08-27 18:52 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-27 18:48 - 2013-08-27 18:47 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-08-27 18:48 - 2013-08-27 18:47 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-08-27 18:48 - 2013-08-27 18:47 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-08-27 18:47 - 2013-08-27 18:47 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-08-27 18:47 - 2013-08-27 18:47 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-08-27 18:47 - 2013-08-27 18:47 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-08-27 18:47 - 2013-08-27 18:47 - 00000000 ____D C:\Program Files\Java 2013-08-27 18:35 - 2013-08-27 18:35 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Program Files\HitmanPro 2013-08-27 18:16 - 2013-08-27 18:36 - 00000000 ____D C:\ProgramData\HitmanPro 2013-08-27 11:23 - 2013-08-27 11:51 - 00000000 ____D C:\Windows\pss 2013-08-26 18:24 - 2013-08-27 18:35 - 00000000 ____D C:\Users\HeikeFrank\AppData\Roaming\Dirty 2013-08-26 18:24 - 2013-08-26 18:24 - 00000000 ____D C:\Users\HEIKEF~1\AppData\Local\qAoHrCTf 2013-08-26 18:24 - 2013-08-26 18:24 - 00000000 ____D C:\Users\HEIKEF~1\AppData\Local\iQrBJXva 2013-08-26 17:27 - 2013-08-27 11:52 - 00000000 ____D C:\Program Files (x86)\dreamboxEDIT 2013-08-26 17:27 - 2013-08-27 11:51 - 00000000 ____D C:\Users\HeikeFrank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dreamboxEDIT 2013-08-23 10:18 - 2013-08-23 10:18 - 00000000 ____D C:\ProgramData\Uniblue 2013-08-20 01:55 - 2013-08-20 01:55 - 04812567 _____ (Tim Kosse) C:\Users\HeikeFrank\Downloads\FileZilla_3.7.3_win32-setup.exe 2013-08-16 14:42 - 2013-08-16 14:42 - 00082984 _____ C:\Users\HeikeFrank\Documents\Esther Mahnung Laerm und Betriebskostenabrehcnung 16.08.2013.odt 2013-08-15 13:12 - 2013-08-15 13:12 - 00041048 _____ C:\Users\HeikeFrank\Documents\Anwalt-Anfrage-Schlotte 15.08.2013.odt 2013-08-15 11:39 - 2013-08-15 11:39 - 00070318 _____ C:\Users\HeikeFrank\Documents\Antwort-Klage-12 C 200-13vom15.8.13.odt 2013-08-14 11:25 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-14 11:25 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-14 11:25 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-14 11:25 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-14 11:25 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-14 11:25 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-14 11:25 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-14 11:25 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-14 11:25 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-14 11:25 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-14 11:25 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-14 11:25 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-14 11:14 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-14 11:14 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 11:14 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-14 11:14 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-14 11:14 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-14 11:14 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-14 11:14 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-14 11:14 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 11:14 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 11:14 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 11:14 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 11:14 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 11:13 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-14 11:13 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 11:13 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-14 11:13 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-14 11:13 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-14 11:13 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 11:13 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 11:13 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 11:13 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 11:13 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 11:13 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 11:13 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 11:13 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-14 11:13 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-14 11:13 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-13 16:12 - 2013-08-13 16:12 - 00041781 _____ C:\Users\HeikeFrank\Documents\Antwort Fuererscheinbehoerde Nachtrag 13.08.2013.odt 2013-08-13 13:09 - 2013-08-13 13:09 - 00047569 _____ C:\Users\HeikeFrank\Documents\Antwort Fuererscheinbehoerde 13.08.2013.odt 2013-08-13 11:00 - 2013-06-21 02:07 - 00188232 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadmdm.sys 2013-08-13 11:00 - 2013-06-21 02:07 - 00169288 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadbus.sys 2013-08-13 11:00 - 2013-06-21 02:07 - 00038080 _____ (Google Inc) C:\Windows\system32\Drivers\ssadadb.sys 2013-08-13 11:00 - 2013-06-21 02:07 - 00021320 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadmdfl.sys 2013-08-13 11:00 - 2013-06-21 02:07 - 00017736 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadwhnt.sys 2013-08-13 11:00 - 2013-06-21 02:07 - 00017224 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadcmnt.sys 2013-08-13 10:59 - 2013-06-21 02:07 - 00188232 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdmdm.sys 2013-08-13 10:59 - 2013-06-21 02:07 - 00169288 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdbus.sys 2013-08-13 10:59 - 2013-06-21 02:07 - 00021320 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdmdfl.sys 2013-08-13 10:59 - 2013-06-21 02:07 - 00017736 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdwhnt.sys 2013-08-13 10:59 - 2013-06-21 02:07 - 00017224 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdcmnt.sys 2013-08-13 10:56 - 2013-08-13 12:12 - 00000000 ____D C:\Users\Public\Documents\CrashDump 2013-08-12 14:38 - 2013-08-12 14:38 - 00087151 _____ C:\Users\HeikeFrank\Documents\Esther Mahnung Laerm und Betriebskostenabrehcnung 12.08.2013.odt 2013-08-01 13:37 - 2013-08-01 13:37 - 00060298 _____ C:\Users\HeikeFrank\Documents\Antrag-Sportuebernahme und Unterlagen 1.7.2013.odt 2013-08-01 13:10 - 2013-08-01 13:12 - 00046434 _____ C:\Users\HeikeFrank\Documents\Antwort Schlotte Parkplatz-1.8.2013.odt 2013-07-29 02:14 - 2013-07-29 02:14 - 00000000 ____D C:\Users\HeikeFrank\Desktop\Sachbeschädigung29.7.13 um 109 ==================== One Month Modified Files and Folders ======= 2013-08-27 22:28 - 2013-08-27 22:28 - 00000000 ____D C:\FRST 2013-08-27 22:28 - 2012-07-05 11:42 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2013-08-27 22:26 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-27 22:25 - 2009-07-14 06:51 - 00120592 _____ C:\Windows\setupact.log 2013-08-27 22:21 - 2012-07-05 11:36 - 01238367 _____ C:\Windows\WindowsUpdate.log 2013-08-27 22:03 - 2013-01-22 11:52 - 00000072 _____ C:\Users\Public\LMDebug.log 2013-08-27 21:31 - 2013-01-18 02:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-27 21:23 - 2013-08-27 21:23 - 00048200 _____ C:\Users\HeikeFrank\Documents\Antwort-Klage-O2-Berufungvom27.8.13.odt 2013-08-27 20:53 - 2013-08-27 20:20 - 00000000 ____D C:\Users\HeikeFrank\Documents\DecryptHelper 2013-08-27 19:04 - 2012-07-05 21:02 - 00698752 _____ C:\Windows\system32\perfh007.dat 2013-08-27 19:04 - 2012-07-05 21:02 - 00148802 _____ C:\Windows\system32\perfc007.dat 2013-08-27 19:04 - 2009-07-14 07:13 - 01618852 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-27 18:52 - 2013-08-27 18:52 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-08-27 18:52 - 2013-08-27 18:52 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-08-27 18:52 - 2013-08-27 18:52 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-27 18:52 - 2013-08-27 18:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-27 18:52 - 2013-08-27 18:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-27 18:52 - 2013-08-27 18:52 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-27 18:52 - 2013-08-27 18:52 - 00000000 ____D C:\ProgramData\Sun 2013-08-27 18:52 - 2013-08-27 18:52 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-27 18:47 - 2013-08-27 18:48 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-08-27 18:47 - 2013-08-27 18:48 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-08-27 18:47 - 2013-08-27 18:48 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-08-27 18:47 - 2013-08-27 18:47 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-08-27 18:47 - 2013-08-27 18:47 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-08-27 18:47 - 2013-08-27 18:47 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-08-27 18:47 - 2013-08-27 18:47 - 00000000 ____D C:\Program Files\Java 2013-08-27 18:46 - 2009-07-14 06:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-27 18:46 - 2009-07-14 06:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-27 18:36 - 2013-08-27 18:16 - 00000000 ____D C:\ProgramData\HitmanPro 2013-08-27 18:35 - 2013-08-27 18:35 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2013-08-27 18:35 - 2013-08-26 18:24 - 00000000 ____D C:\Users\HeikeFrank\AppData\Roaming\Dirty 2013-08-27 18:23 - 2013-08-27 18:23 - 00000000 ____D C:\Program Files\HitmanPro 2013-08-27 11:52 - 2013-08-26 17:27 - 00000000 ____D C:\Program Files (x86)\dreamboxEDIT 2013-08-27 11:52 - 2013-04-12 23:09 - 00000000 ____D C:\Program Files (x86)\DivX 2013-08-27 11:52 - 2012-07-05 12:04 - 00000000 ____D C:\Windows\system32\Macromed 2013-08-27 11:51 - 2013-08-27 11:23 - 00000000 ____D C:\Windows\pss 2013-08-27 11:51 - 2013-08-26 17:27 - 00000000 ____D C:\Users\HeikeFrank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dreamboxEDIT 2013-08-27 11:51 - 2013-04-14 03:15 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2013-08-27 11:51 - 2013-04-12 23:09 - 00000000 ____D C:\ProgramData\DivX 2013-08-27 11:51 - 2013-02-16 01:11 - 00000000 ____D C:\Users\HeikeFrank\AppData\Roaming\DVDVideoSoft 2013-08-27 11:51 - 2013-01-17 23:33 - 00000000 ____D C:\Users\HeikeFrank 2013-08-27 11:51 - 2011-02-25 00:01 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-08-27 11:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2013-08-27 11:23 - 2013-01-17 23:36 - 00000000 ___RD C:\Users\HeikeFrank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-08-26 18:24 - 2013-08-26 18:24 - 00000000 ____D C:\Users\HEIKEF~1\AppData\Local\qAoHrCTf 2013-08-26 18:24 - 2013-08-26 18:24 - 00000000 ____D C:\Users\HEIKEF~1\AppData\Local\iQrBJXva 2013-08-26 12:32 - 2013-04-03 17:33 - 00023992 _____ C:\Users\HeikeFrank\AppData\Roaming\Notepad2.ini 2013-08-23 13:54 - 2010-11-21 05:47 - 00122420 _____ C:\Windows\PFRO.log 2013-08-23 10:18 - 2013-08-23 10:18 - 00000000 ____D C:\ProgramData\Uniblue 2013-08-21 13:13 - 2012-07-05 11:42 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2013-08-21 12:31 - 2013-01-18 02:55 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-21 12:31 - 2013-01-18 02:55 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-21 12:31 - 2012-07-05 12:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-21 01:16 - 2013-01-30 21:41 - 00000000 ____D C:\Users\HeikeFrank\Documents\DVDVideoSoft 2013-08-20 02:06 - 2013-03-14 13:45 - 00000000 ____D C:\Users\HeikeFrank\AppData\Roaming\FileZilla 2013-08-20 01:56 - 2013-03-14 13:45 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client 2013-08-20 01:55 - 2013-08-20 01:55 - 04812567 _____ (Tim Kosse) C:\Users\HeikeFrank\Downloads\FileZilla_3.7.3_win32-setup.exe 2013-08-20 01:06 - 2013-04-03 17:36 - 00000000 ____D C:\Program Files (x86)\Notepad++ 2013-08-16 14:42 - 2013-08-16 14:42 - 00082984 _____ C:\Users\HeikeFrank\Documents\Esther Mahnung Laerm und Betriebskostenabrehcnung 16.08.2013.odt 2013-08-15 13:12 - 2013-08-15 13:12 - 00041048 _____ C:\Users\HeikeFrank\Documents\Anwalt-Anfrage-Schlotte 15.08.2013.odt 2013-08-15 11:39 - 2013-08-15 11:39 - 00070318 _____ C:\Users\HeikeFrank\Documents\Antwort-Klage-12 C 200-13vom15.8.13.odt 2013-08-14 11:18 - 2013-07-11 11:02 - 00000000 ____D C:\Windows\system32\MRT 2013-08-14 11:15 - 2013-01-18 01:43 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-13 16:12 - 2013-08-13 16:12 - 00041781 _____ C:\Users\HeikeFrank\Documents\Antwort Fuererscheinbehoerde Nachtrag 13.08.2013.odt 2013-08-13 13:09 - 2013-08-13 13:09 - 00047569 _____ C:\Users\HeikeFrank\Documents\Antwort Fuererscheinbehoerde 13.08.2013.odt 2013-08-13 12:12 - 2013-08-13 10:56 - 00000000 ____D C:\Users\Public\Documents\CrashDump 2013-08-13 10:56 - 2012-07-05 11:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-08-13 10:55 - 2013-03-08 01:47 - 00000000 ____D C:\Users\HEIKEF~1\AppData\Local\Downloaded Installations 2013-08-13 10:55 - 2013-01-22 11:40 - 00000000 ____D C:\Program Files (x86)\Samsung 2013-08-12 14:38 - 2013-08-12 14:38 - 00087151 _____ C:\Users\HeikeFrank\Documents\Esther Mahnung Laerm und Betriebskostenabrehcnung 12.08.2013.odt 2013-08-01 13:37 - 2013-08-01 13:37 - 00060298 _____ C:\Users\HeikeFrank\Documents\Antrag-Sportuebernahme und Unterlagen 1.7.2013.odt 2013-08-01 13:12 - 2013-08-01 13:10 - 00046434 _____ C:\Users\HeikeFrank\Documents\Antwort Schlotte Parkplatz-1.8.2013.odt 2013-07-29 02:14 - 2013-07-29 02:14 - 00000000 ____D C:\Users\HeikeFrank\Desktop\Sachbeschädigung29.7.13 um 109 Files to move or delete: ==================== C:\Users\HEIKEF~1\AppData\Local\Temp\HitmanPro.exe C:\Users\HEIKEF~1\AppData\Local\Temp\Kickstarter.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-13 13:42 ==================== End Of Log ============================ --- --- --- Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-08-2013 03 Ran by HeikeFrank at 2013-08-27 22:30:35 Running from D:\ Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Alcatech BPM Studio Professional v4.9.1 (x32) AngryBirds (x32 Version: 1.00.1206) ArcSoft PhotoStudio Paint (x32 Version: 1.6.1.144) avast! Antivirus (x32 Version: 4.7) AVerMedia H339 Hybrid TV Tuner (x32 Version: 2.2.0.73) Bonjour (Version: 2.0.4.0) Böse Nachbarn (x32 Version: 1.0) Cisco EAP-FAST Module (x32 Version: 2.2.14) Cisco LEAP Module (x32 Version: 1.0.19) Cisco PEAP Module (x32 Version: 1.1.6) ClearProg 1.6.0 Final (x32 Version: 1.6.0 Final) Common Desktop Agent (Version: 1.62.0) Curling (x32 Version: 1.22.063010) D3DX10 (x32 Version: 15.4.2368.0902) DigiJay 1.414 (x32) DivX-Setup (x32 Version: 2.6.1.44) DMXControl 2.12.1 (x32 Version: 2.12.1) Dolby Home Theater v4 (x32 Version: 7.2.7000.7) dows-Treiberpaket - LightingSoft AG (WinUSB) USB (11/21/2012 2.0) (Version: 11/21/2012 2.0) dreamboxEDIT -- The one and only settings editor for your Dreambox (x32) Driver & Application Installation (x32 Version: 6.01.1214) FileZilla Client 3.7.3 (x32 Version: 3.7.3) Firework (x32 Version: 1.22.063010) Free Studio version 2013 (x32 Version: 6.1.10.812) Freemake Video Converter Version 4.0.2 (x32 Version: 4.0.2) FreeStyler (x32) Fruit Ninja (x32 Version: 1.7.4.11) Funny Cube (x32 Version: 1.22.063010) Game Portal (x32 Version: 2.50.012.0217) Happy Hit (x32 Version: 1.39.063010) HitmanPro 3.7 (Version: 3.7.7.203) Idea Touch 4.5 (x32 Version: 4.50.012.0307) iDRS(tm) OCR Software by I.R.I.S (x32 Version: 1.00.17 (17.04.2012)) ImgBurn (x32 Version: 2.5.7.0) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.35132) Intel(R) Management Engine Components (x32 Version: 8.0.0.1351) Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032) Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214) Intel® Trusted Connect Service Client (Version: 1.23.216.0) Java 7 Update 25 (64-bit) (Version: 7.0.250) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Junk Mail filter update (x32 Version: 15.4.3502.0922) Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.5.0.3400) Lenovo BrgVolOSD (x32 Version: 1.1.04) Lenovo Camera Fun Zone (x32 Version: 1.1.1.6) Lenovo EBook&QuickNotes (x32 Version: 1.0.3.22) Lenovo Power2Go (x32 Version: 6.0.6008) Lenovo Registration (x32 Version: 1.0.4) Lenovo Rescue System (Version: 3.0.3609) Lenovo Rescue System (x32 Version: 3.0.3609) Lenovo Screensaver (x32 Version: 1.0.5.120412) Lenovo Silver Silk Wireless Keyboard (x32 Version: 1.02) Lenovo VeriTouch (x32 Version: 2.0.1.21) Lenovo VeriTouch2.0 (x32 Version: 2.0.1.21) Lenovo YouCam (x32 Version: 3.1.4910) LenovoModifyWindowStyle (x32 Version: 1.01.0711) LenovoUtility version 1.0 (x32 Version: 1.0) Link Up (x32 Version: 1.23.063010) LVT (x32 Version: 1.01.0213) Medal of Honor - Allied Assault War Chest (x32) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320) Microsoft .NET Framework 4 Extended (Version: 4.0.30320) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) Music Star (x32 Version: 1.44.063010) MyFreeCodec (HKCU) NirSoft BlueScreenView (x32) Notepad++ (x32 Version: 6.4.5) Notepad2 (Notepad Replacement) (Version: 4.2.25 ) NVIDIA Grafiktreiber 307.21 (Version: 307.21) NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0) NVIDIA Install Application (Version: 2.1002.109.718) NVIDIA Optimus 1.10.8 (Version: 1.10.8) NVIDIA PhysX (x32 Version: 9.11.0621) NVIDIA PhysX-Systemsoftware 9.11.0621 (Version: 9.11.0621) NVIDIA Systemsteuerung 307.21 (Version: 307.21) NVIDIA Update 1.10.8 (Version: 1.10.8) NVIDIA Update Components (Version: 1.10.8) OpenAL (x32) OpenOffice.org 3.4.1 (x32 Version: 3.41.9593) Opera 12.16 (Version: 12.16.1860) PlayReady PC Runtime amd64 (Version: 1.3.0) PowerCinema (x32 Version: 7.0.6207) ProLight DJ-24 Version 3.0.0 (x32 Version: 3.0.0) Rapidboot Advanced (x32 Version: 1.0.5.3) Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6554) Realtek PCIE Card Reader (x32 Version: 6.1.7601.29003) REALTEK Wireless LAN Driver (x32 Version: 1.00.0183) Samsung CLX-3300 Series (x32 Version: 1.01 (01.05.2012)) Samsung Easy Document Creator (x32 Version: 1.02.09 (25.04.2012)) Samsung Easy Printer Manager (x32 Version: 1.02.45.02(01.05.2012)) Samsung Kies (x32 Version: 2.5.2.13021_10) Samsung Network PC Fax (x32 Version: 1.06.24 (25.04.2012)) Samsung Printer Live Update (x32 Version: 1.01.00:04(2013-04-22)) Samsung Scan Process Machine (x32 Version: 1.00.18.04) Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1) SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0) Search Protect by conduit (x32 Version: 1.5.0.71) Skype™ 6.3 (x32 Version: 6.3.105) Snowflake Suite (x32 Version: 1.0) SNS Upload for Easy Document Creator (x32 Version: 1.0.0) TeamViewer 8 (x32 Version: 8.0.19045) ThemeWallpaper (x32 Version: 1.2.0.120113) Tool Portal (x32 Version: 2.50.012.0222) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3508.1109) Windows Live Family Safety (Version: 15.4.3502.0922) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) WinRAR 4.20 (64-Bit) (Version: 4.20.0) Zeta Producer 11 11.3.0 (nur entfernen) (HKCU Version: 11.3.0) ==================== Restore Points ========================= 10-07-2013 21:10:45 Removed Plex Media Server 11-07-2013 09:01:21 Windows Update 16-07-2013 09:14:47 Windows Update 19-07-2013 09:56:16 Windows Update 23-07-2013 08:46:36 Windows Update 26-07-2013 10:01:53 Windows Update 30-07-2013 08:38:25 Windows Update 06-08-2013 08:10:50 Windows Update 13-08-2013 08:20:56 Windows Update 13-08-2013 08:55:29 Installiert Samsung Story Album Viewer 14-08-2013 09:14:43 Windows Update 20-08-2013 09:22:49 Windows Update 23-08-2013 08:16:22 Uniblue DriverScanner installation 27-08-2013 09:30:13 Wiederherstellungsvorgang 27-08-2013 16:47:06 Installed Java 7 Update 25 (64-bit) 27-08-2013 16:51:46 Installed Java 7 Update 25 ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0F6AC7BF-0A1D-4C44-A57E-082E53AE42F0} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation) Task: {110228E6-B9BE-45CF-A223-19DE6F459221} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {13D307B9-4918-4C77-9EB7-DE42ED6ADD21} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe No File Task: {1D9A1912-5DE0-4745-A95B-0ABB16B03878} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation) Task: {5625E735-61CA-4E4C-BD7C-2F1D0F10B009} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {60B331E3-2512-4078-9642-134047221510} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-01-10] (CyberLink) Task: {764C5623-261D-43B0-A75F-9E2B8B54F64B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {8B4CA597-02A0-4A5F-98CB-8491A5A6D543} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {ABBFAC23-3BCF-46E1-A33D-A669FBAE43BB} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation) Task: {B8A6429A-A1A6-4C3D-A89C-AEDD2818415E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation) Task: {D369EBF8-3992-4B22-A745-C46851295F5C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\ProgramData\Temp:373E1720 AlternateDataStreams: C:\Users\HeikeFrank\Documents\Thumbs.db:encryptable ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/27/2013 10:28:26 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/27/2013 10:26:23 PM) (Source: ESENT) (User: ) Description: taskhost (2928) Versuch, Datei "C:\Users\HeikeFrank\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error: (08/27/2013 06:38:47 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/27/2013 06:37:23 PM) (Source: ESENT) (User: ) Description: taskhost (3168) Versuch, Datei "C:\Users\HeikeFrank\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error: (08/27/2013 06:23:32 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/27/2013 06:22:44 PM) (Source: ESENT) (User: ) Description: taskhost (2232) Versuch, Datei "C:\Users\HeikeFrank\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error: (08/27/2013 06:06:56 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: opera_plugin_wrapper.exe, Version: 12.16.1860.0, Zeitstempel: 0x51d19394 Name des fehlerhaften Moduls: NPSWF64_11_8_800_94.dll, Version: 11.8.800.94, Zeitstempel: 0x51c4d2a8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000000000 ID des fehlerhaften Prozesses: 0x17f4 Startzeit der fehlerhaften Anwendung: 0xopera_plugin_wrapper.exe0 Pfad der fehlerhaften Anwendung: opera_plugin_wrapper.exe1 Pfad des fehlerhaften Moduls: opera_plugin_wrapper.exe2 Berichtskennung: opera_plugin_wrapper.exe3 Error: (08/27/2013 06:04:35 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/27/2013 06:03:31 PM) (Source: ESENT) (User: ) Description: taskhost (2944) Versuch, Datei "C:\Users\HeikeFrank\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error: (08/27/2013 11:56:21 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (08/27/2013 10:27:55 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "StarWind AE Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/27/2013 10:27:55 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (08/27/2013 10:27:55 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Freemake Improver" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (08/27/2013 10:27:55 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Freemake Improver erreicht. Error: (08/27/2013 10:27:24 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "DriverLINX Port I/O Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (08/27/2013 10:27:24 PM) (Source: Application Popup) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\DLPortIO.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (08/27/2013 10:26:22 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Aspi32" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error: (08/27/2013 10:26:22 PM) (Source: Application Popup) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\Aspi32.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (08/27/2013 10:25:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\Rtlihvs.dll Fehlercode: 126 Error: (08/27/2013 10:24:19 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Server" wurde mit folgendem Fehler beendet: %%13 Microsoft Office Sessions: ========================= Error: (08/27/2013 10:28:26 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/27/2013 10:26:23 PM) (Source: ESENT)(User: ) Description: taskhost2928C:\Users\HeikeFrank\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Error: (08/27/2013 06:38:47 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/27/2013 06:37:23 PM) (Source: ESENT)(User: ) Description: taskhost3168C:\Users\HeikeFrank\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Error: (08/27/2013 06:23:32 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/27/2013 06:22:44 PM) (Source: ESENT)(User: ) Description: taskhost2232C:\Users\HeikeFrank\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Error: (08/27/2013 06:06:56 PM) (Source: Application Error)(User: ) Description: opera_plugin_wrapper.exe12.16.1860.051d19394NPSWF64_11_8_800_94.dll11.8.800.9451c4d2a8c0000005000000000000000017f401cea33f6c4a1f66C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exeC:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dllb16c080d-0f32-11e3-9805-402cf4f5c8d4 Error: (08/27/2013 06:04:35 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/27/2013 06:03:31 PM) (Source: ESENT)(User: ) Description: taskhost2944C:\Users\HeikeFrank\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Error: (08/27/2013 11:56:21 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 43% Total physical RAM: 4059.61 MB Available physical RAM: 2277.41 MB Total Pagefile: 8117.39 MB Available Pagefile: 5882.09 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:440.49 GB) (Free:251.67 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 24AE9DDD) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=440 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=25 GB) - (Type=12) ======================================================== Disk: 1 (Size: 969 MB) (Disk ID: 946B1477) Partition 1: (Not Active) - (Size=965 MB) - (Type=06) ==================== End Of Log ============================
__________________ |
28.08.2013, 08:52 | #4 | |
/// the machine /// TB-Ausbilder | Bundeskriminalamttrojaner bekämpft, aber verschlüsselte Dateien noch da, weil neue Art der verschlüsselung.Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.08.2013, 17:03 | #5 |
| Bundeskriminalamttrojaner bekämpft, aber verschlüsselte Dateien noch da, weil neue Art der verschlüsselung. Hallöchen. So alles durchgeführt, wie erbeten. Hier die Gewünschte Logfile: Code:
ATTFilter ComboFix 13-08-29.02 - HeikeFrank 29.08.2013 17:49:03.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4060.2366 [GMT 2:00] ausgeführt von:: c:\users\HeikeFrank\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\MiaigNiPiC c:\programdata\MiaigNiPiC\51632d766a056.dll c:\programdata\MiaigNiPiC\51632d766a056.tlb c:\programdata\MiaigNiPiC\settings.ini c:\users\HeikeFrank\AppData\Roaming\Dirty c:\users\HeikeFrank\AppData\Roaming\Dirty\alertwall.jpg c:\users\HeikeFrank\AppData\Roaming\SearchProtect c:\users\HeikeFrank\AppData\Roaming\SearchProtect\bin\ChromeModule.dll c:\users\HeikeFrank\AppData\Roaming\SearchProtect\bin\cltmng.exe c:\users\HeikeFrank\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe c:\users\HeikeFrank\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll c:\users\HeikeFrank\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll c:\users\HeikeFrank\AppData\Roaming\SearchProtect\bin\msvcp100.dll c:\users\HeikeFrank\AppData\Roaming\SearchProtect\bin\msvcr100.dll c:\users\HeikeFrank\AppData\Roaming\SearchProtect\bin\rep.dat c:\users\HeikeFrank\AppData\Roaming\SearchProtect\bin\SPHook32.dll c:\users\HeikeFrank\AppData\Roaming\SearchProtect\bin\SPRunner.exe c:\users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js c:\users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js c:\users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js c:\users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css c:\users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js c:\users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png c:\users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png c:\users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png c:\users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png c:\users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png c:\users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html c:\users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png c:\users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png c:\users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png c:\users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html c:\users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css c:\users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\abstraction.js c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\application.js c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul c:\users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN c:\windows\.log c:\windows\security\Database\tmp.edb c:\windows\ST6UNST.000 c:\windows\SysWow64\ccrpTmr6.dll . . ((((((((((((((((((((((( Dateien erstellt von 2013-07-28 bis 2013-08-29 )))))))))))))))))))))))))))))) . . 2013-08-27 20:40 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA9DAD53-7F42-4F91-93AE-F7A6B2ADF85D}\mpengine.dll 2013-08-27 20:28 . 2013-08-27 20:28 -------- d-----w- C:\FRST 2013-08-27 16:52 . 2013-08-27 16:52 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-08-27 16:52 . 2013-08-27 16:52 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-08-27 16:52 . 2013-08-27 16:52 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-08-27 16:52 . 2013-08-27 16:52 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-08-27 16:52 . 2013-08-27 16:52 -------- d-----w- c:\program files (x86)\Java 2013-08-27 16:48 . 2013-08-27 16:47 312232 ----a-w- c:\windows\system32\javaws.exe 2013-08-27 16:48 . 2013-08-27 16:47 972712 ----a-w- c:\windows\system32\deployJava1.dll 2013-08-27 16:48 . 2013-08-27 16:47 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-08-27 16:47 . 2013-08-27 16:47 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-08-27 16:47 . 2013-08-27 16:47 189352 ----a-w- c:\windows\system32\javaw.exe 2013-08-27 16:47 . 2013-08-27 16:47 188840 ----a-w- c:\windows\system32\java.exe 2013-08-27 16:47 . 2013-08-27 16:47 -------- d-----w- c:\program files\Java 2013-08-27 16:35 . 2013-08-27 16:35 12872 ----a-w- c:\windows\system32\bootdelete.exe 2013-08-27 16:16 . 2013-08-27 16:36 -------- d-----w- c:\programdata\HitmanPro 2013-08-26 16:24 . 2013-08-26 16:24 -------- d-----w- c:\users\HeikeFrank\AppData\Local\qAoHrCTf 2013-08-26 16:24 . 2013-08-26 16:24 -------- d-----w- c:\users\HeikeFrank\AppData\Local\iQrBJXva 2013-08-26 15:27 . 2013-08-27 09:52 -------- d-----w- c:\program files (x86)\dreamboxEDIT 2013-08-23 08:18 . 2013-08-23 08:18 -------- d-----w- c:\programdata\Uniblue 2013-08-14 09:14 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll 2013-08-14 09:14 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-08-14 09:14 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll 2013-08-14 09:14 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2013-08-14 09:14 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll 2013-08-14 09:14 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll 2013-08-14 09:14 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-14 09:14 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-08-14 09:14 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-08-14 09:14 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-08-14 09:14 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-14 09:14 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-08-13 09:00 . 2013-06-21 00:07 17736 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys 2013-08-13 09:00 . 2013-06-21 00:07 38080 ----a-w- c:\windows\system32\drivers\ssadadb.sys 2013-08-13 09:00 . 2013-06-21 00:07 21320 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys 2013-08-13 09:00 . 2013-06-21 00:07 188232 ----a-w- c:\windows\system32\drivers\ssadmdm.sys 2013-08-13 09:00 . 2013-06-21 00:07 17224 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys 2013-08-13 09:00 . 2013-06-21 00:07 169288 ----a-w- c:\windows\system32\drivers\ssadbus.sys 2013-08-13 08:59 . 2013-06-21 00:07 21320 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys 2013-08-13 08:59 . 2013-06-21 00:07 188232 ----a-w- c:\windows\system32\drivers\sscdmdm.sys 2013-08-13 08:59 . 2013-06-21 00:07 17736 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys 2013-08-13 08:59 . 2013-06-21 00:07 17224 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys 2013-08-13 08:59 . 2013-06-21 00:07 169288 ----a-w- c:\windows\system32\drivers\sscdbus.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-21 10:31 . 2013-01-18 00:55 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-08-21 10:31 . 2012-07-05 10:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-14 09:15 . 2013-01-17 23:43 78161360 ----a-w- c:\windows\system32\MRT.exe 2013-07-09 04:45 . 2013-08-14 09:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-06-21 11:52 . 2013-06-21 11:52 226424 ----a-w- c:\windows\system32\SBuySupplies.exe 2013-06-16 15:13 . 2013-06-16 15:13 81536 ----a-w- C:\ministub.exe 2013-06-05 03:34 . 2013-07-10 09:40 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-06-04 06:00 . 2013-07-10 09:40 624128 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 04:53 . 2013-07-10 09:40 509440 ----a-w- c:\windows\SysWow64\qedit.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608] "Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-06-01 506712] "OSD Utility"="c:\program files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe" [2012-03-15 18275840] "Lenovo Silver Silk Wireless Keyboard"="c:\program files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe" [2011-11-21 391680] "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2011-12-06 214312] "TMCMonitor"="c:\program files (x86)\Lenovo\Lenovo EBook&QuickNotes\TMCMonitor.exe" [2009-11-09 53248] "CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-12-04 103720] "UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2011-12-06 214312] "YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2012-01-10 136488] "YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2012-01-10 230696] "Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712] "Fastboot"="c:\program files (x86)\Lenovo\Rapidboot\FBConsole.exe" [2012-03-02 1251120] "SetDefaultSCR"="c:\program files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe" [2009-12-30 102400] "avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2007-12-04 79224] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560] "SearchProtectAll"="c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\HeikeFrank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2011-12-14 1338656] Samsung Network PC Fax.lnk - c:\windows\System32\spool\drivers\x64\3\NetFaxTray64.exe [2013-1-22 273408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Lenovo\Bluetooth Software\BtwProximityCP.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 DLPortIO;DriverLINX Port I/O Driver; [x] R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 Fastboot;Fastboot;c:\windows\System32\DRIVERS\Fastboot.sys;c:\windows\SYSNATIVE\DRIVERS\Fastboot.sys [x] S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswMonFlt.sys [x] S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [x] S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\Rapidboot\FBService.exe;c:\program files (x86)\Lenovo\Rapidboot\FBService.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe;c:\windows\SYSNATIVE\spool\drivers\x64\3\NetFaxServer64.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVer7231_x64.sys [x] S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2013-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-18 10:31] . 2013-08-29 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41] . 2013-08-21 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288] "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-15 1156712] "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2011-12-06 214312] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-02-20 456704] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://search.conduit.com/?ctid=CT3297265&octid=CT3297265&SearchSource=61&CUI=UN18273871727749418&UM=2&UP=SP7E46FDBF-CF03-4C48-8B52-3D1DD2F3F6D8 uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - TCP: DhcpNameServer = 192.168.178.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file) Wow6432Node-HKCU-Run-AlcoholAutomount - c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe Wow6432Node-HKCU-Run-SearchProtect - c:\users\HeikeFrank\AppData\Roaming\SearchProtect\bin\cltmng.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot] "ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot] "ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-08-29 17:57:31 ComboFix-quarantined-files.txt 2013-08-29 15:57 . Vor Suchlauf: 12 Verzeichnis(se), 270.664.253.440 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 270.429.982.720 Bytes frei . - - End Of File - - 344C839B875D147EB28B7CCC9B4BB85E
__________________ GLG.......................Diebaer |
30.08.2013, 06:21 | #6 |
/// the machine /// TB-Ausbilder | Bundeskriminalamttrojaner bekämpft, aber verschlüsselte Dateien noch da, weil neue Art der verschlüsselung. Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Bundeskriminalamttrojaner bekämpft, aber verschlüsselte Dateien noch da, weil neue Art der verschlüsselung. |
30.08.2013, 10:21 | #7 |
| Bundeskriminalamttrojaner bekämpft, aber verschlüsselte Dateien noch da, weil neue Art der verschlüsselung. Hallöchen. Hier die Daten: Malwarebytes Anti-Malware : Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.30.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 HeikeFrank :: HEIKEFRANK-PC [Administrator] Schutz: Aktiviert 30.08.2013 10:38:00 mbam-log-2013-08-30 (10-38-00).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 252113 Laufzeit: 4 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 2 C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> 3244 -> Löschen bei Neustart. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> 3644 -> Löschen bei Neustart. Infizierte Speichermodule: 7 C:\Program Files (x86)\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> Löschen bei Neustart. C:\Program Files (x86)\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> Löschen bei Neustart. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> Löschen bei Neustart. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> Löschen bei Neustart. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> Löschen bei Neustart. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> Löschen bei Neustart. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 6 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtectAll (PUP.Optional.SearchProtect.A) -> Daten: C:\Program Files (x86)\SearchProtect\bin\cltmng.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtect (PUP.Optional.SearchProtect.A) -> Daten: C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin\cltmng.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 20 C:\Users\HeikeFrank\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Löschen bei Neustart. C:\Program Files (x86)\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Löschen bei Neustart. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 68 C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ministub.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> Löschen bei Neustart. C:\Program Files (x86)\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> Löschen bei Neustart. C:\Program Files (x86)\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> Löschen bei Neustart. C:\Program Files (x86)\SearchProtect\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\bin\SPRunner.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> Löschen bei Neustart. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> Löschen bei Neustart. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> Löschen bei Neustart. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> Löschen bei Neustart. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> Löschen bei Neustart. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> Löschen bei Neustart. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin\rep.dat (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin\SPRunner.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\HeikeFrank\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.001 - Report created 30/08/2013 at 10:58:17 # Updated 24/08/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : HeikeFrank - HEIKEFRANK-PC # Running from : C:\Users\HeikeFrank\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\clsoft ltd Folder Deleted : C:\ProgramData\Conduit Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\ProgramData\Uniblue\DriverScanner Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\SearchProtect Folder Deleted : C:\Users\HeikeFrank\AppData\Local\Conduit Folder Deleted : C:\Users\HeikeFrank\AppData\Local\iac Folder Deleted : C:\Users\HeikeFrank\AppData\LocalLow\boost_interprocess Folder Deleted : C:\Users\HeikeFrank\AppData\LocalLow\Conduit Folder Deleted : C:\Users\HeikeFrank\AppData\Roaming\DesktopIconForAmazon Folder Deleted : C:\Users\HeikeFrank\AppData\Roaming\dvdvideosoftiehelpers Folder Deleted : C:\Users\HeikeFrank\AppData\Roaming\ExpressFiles Folder Deleted : C:\Users\HeikeFrank\AppData\Roaming\OCS Folder Deleted : C:\Users\HeikeFrank\AppData\Roaming\SearchProtect Folder Deleted : C:\Users\HeikeFrank\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl File Deleted : C:\END File Deleted : C:\Users\HeikeFrank\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Deleted : HKLM\SOFTWARE\Classes\driverscanner Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKCU\Software\5b57dcddb468e940 Key Deleted : HKLM\SOFTWARE\5b57dcddb468e940 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A216821-0EC5-49A3-85AC-FB72AE79A1E8} Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\ExpressFiles Key Deleted : HKCU\Software\OCS Key Deleted : HKCU\Software\SearchProtect Key Deleted : HKCU\Software\StartSearch Key Deleted : HKCU\Software\AppDataLow\SProtector Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\ExpressFiles Key Deleted : HKLM\Software\SearchProtect Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SProtector Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] -\\ Google Chrome v [ File : C:\Users\HeikeFrank\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [9176 octets] - [30/08/2013 10:57:16] AdwCleaner[S0].txt - [8715 octets] - [30/08/2013 10:58:17] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8775 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.5 (08.28.2013:1) OS: Windows 7 Home Premium x64 Ran by HeikeFrank on 30.08.2013 at 11:03:32,24 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\uniblue Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3297265 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{985824A0-A3D8-4842-8446-3B6AC9A5F03D} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C9CFB724-34A6-46D0-A609-9754D5B342A0} ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 30.08.2013 at 11:09:02,52 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013 Ran by HeikeFrank (administrator) on 30-08-2013 11:13:56 Running from C:\Users\HeikeFrank\AppData\Local\Opera\Opera x64\temporary_downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashServ.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Quanta Computer Inc.) C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe () C:\Program Files (x86)\Lenovo\Lenovo EBook&QuickNotes\TMCMonitor.exe (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Lenovo) C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe (ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashDisp.exe (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Lenovo) C:\Program Files (x86)\Lenovo\Rapidboot\FBService.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Opera Software) C:\Program Files\Opera x64\opera.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Samsung Electronics Co., Ltd.) C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-16] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor) HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [456704 2012-02-20] () HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [OSD Utility] - C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe [18275840 2012-03-15] (Quanta Computer Inc.) HKLM-x32\...\Run: [Lenovo Silver Silk Wireless Keyboard] - C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe [391680 2011-11-21] (Lenovo) HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM-x32\...\Run: [TMCMonitor] - C:\Program Files (x86)\Lenovo\Lenovo EBook&QuickNotes\TMCMonitor.exe [53248 2009-11-09] () HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-01-10] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [230696 2012-01-10] (CyberLink Corp.) HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.) HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe [1251120 2012-03-02] (Lenovo) HKLM-x32\...\Run: [SetDefaultSCR] - C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe [102400 2009-12-30] (Lenovo) HKLM-x32\...\Run: [avast!] - C:\Program Files\Alwil Software\Avast4\ashDisp.exe [79224 2007-12-04] (ALWIL Software) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] () HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKU\Default\...\RunOnce: [themeset] - C:\Users\Default\AppData\Local\lenovo\SetWindow.exe [354816 2011-07-11] (Lenovo) HKU\Default User\...\RunOnce: [themeset] - C:\Users\Default\AppData\Local\lenovo\SetWindow.exe [354816 2011-07-11] (Lenovo) Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.) Startup: C:\Users\HeikeFrank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} hxxp://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR Extension: (MiaigNiPiC) - C:\Users\HEIKEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dncaejdgeiblfepebafplhiphiikmdgb\1 CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx ==================== Services (Whitelisted) ================= R2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [17272 2007-12-04] (ALWIL Software) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [140664 2007-12-04] (ALWIL Software) S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [247160 2007-12-04] (ALWIL Software) S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [345464 2007-12-04] (ALWIL Software) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [1084192 2011-12-14] (Broadcom Corporation.) R2 FastbootService; C:\Program Files (x86)\Lenovo\Rapidboot\FBService.exe [169776 2012-03-02] (Lenovo) S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-07-12] (Freemake) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [237056 2012-04-26] (Samsung Electronics Co., Ltd.) S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x] S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [x] ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\System32\DRIVERS\aswMonFlt.sys [55888 2007-12-04] (ALWIL Software) R2 aswMonFlt; C:\Windows\SysWow64\DRIVERS\aswMonFlt.sys [45648 2007-12-04] (ALWIL Software) R3 AVer7231_x64; C:\Windows\System32\DRIVERS\AVer7231_x64.sys [1800448 2011-03-31] (AVerMedia TECHNOLOGIES, Inc.) R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [71440 2012-03-02] (Windows (R) Win 7 DDK provider) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [257128 2011-09-02] (Realtek Semiconductor Corp.) R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1094248 2011-12-30] (Realtek Semiconductor Corporation ) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2013-02-23] () S2 Aspi32; No ImagePath S3 catchme; \??\C:\ComboFix\catchme.sys [x] S2 DLPortIO; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-30 11:03 - 2013-08-30 11:03 - 00000000 ____D C:\Windows\ERUNT 2013-08-30 11:02 - 2013-08-30 11:02 - 01023533 _____ (Thisisu) C:\Users\HeikeFrank\Desktop\JRT.exe 2013-08-30 10:59 - 2013-08-30 10:59 - 00008855 _____ C:\Users\HeikeFrank\Desktop\AdwCleaner[S0].txt 2013-08-30 10:56 - 2013-08-30 10:58 - 00000000 ____D C:\AdwCleaner 2013-08-30 10:55 - 2013-08-30 10:55 - 00994642 _____ C:\Users\HeikeFrank\Desktop\adwcleaner.exe 2013-08-30 10:33 - 2013-08-30 10:33 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-30 10:33 - 2013-08-30 10:33 - 00000000 ____D C:\Users\HeikeFrank\AppData\Roaming\Malwarebytes 2013-08-30 10:33 - 2013-08-30 10:33 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-30 10:33 - 2013-08-30 10:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-30 10:33 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-29 17:57 - 2013-08-29 17:57 - 00027500 _____ C:\ComboFix.txt 2013-08-29 17:46 - 2013-08-29 17:57 - 00000000 ____D C:\Qoobox 2013-08-29 17:46 - 2013-08-29 17:56 - 00000000 ____D C:\Windows\erdnt 2013-08-29 17:46 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-08-29 17:46 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-08-29 17:46 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-08-29 17:46 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-08-29 17:46 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-08-29 17:46 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-08-29 17:46 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-08-29 17:46 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-08-29 17:45 - 2013-08-29 17:45 - 05114906 ____R (Swearware) C:\Users\HeikeFrank\Desktop\ComboFix.exe 2013-08-27 22:28 - 2013-08-27 22:28 - 00000000 ____D C:\FRST 2013-08-27 21:23 - 2013-08-27 21:23 - 00048200 _____ C:\Users\HeikeFrank\Documents\Antwort-Klage-O2-Berufungvom27.8.13.odt 2013-08-27 20:20 - 2013-08-27 20:53 - 00000000 ____D C:\Users\HeikeFrank\Documents\DecryptHelper 2013-08-27 18:52 - 2013-08-27 18:52 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-08-27 18:52 - 2013-08-27 18:52 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-08-27 18:52 - 2013-08-27 18:52 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-27 18:52 - 2013-08-27 18:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-27 18:52 - 2013-08-27 18:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-27 18:52 - 2013-08-27 18:52 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-27 18:52 - 2013-08-27 18:52 - 00000000 ____D C:\ProgramData\Sun 2013-08-27 18:52 - 2013-08-27 18:52 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-27 18:48 - 2013-08-27 18:47 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-08-27 18:48 - 2013-08-27 18:47 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-08-27 18:48 - 2013-08-27 18:47 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-08-27 18:47 - 2013-08-27 18:47 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-08-27 18:47 - 2013-08-27 18:47 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-08-27 18:47 - 2013-08-27 18:47 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-08-27 18:47 - 2013-08-27 18:47 - 00000000 ____D C:\Program Files\Java 2013-08-27 18:35 - 2013-08-27 18:35 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2013-08-27 18:16 - 2013-08-27 18:36 - 00000000 ____D C:\ProgramData\HitmanPro 2013-08-27 11:23 - 2013-08-27 11:51 - 00000000 ____D C:\Windows\pss 2013-08-26 18:24 - 2013-08-26 18:24 - 00000000 ____D C:\Users\HEIKEF~1\AppData\Local\qAoHrCTf 2013-08-26 18:24 - 2013-08-26 18:24 - 00000000 ____D C:\Users\HEIKEF~1\AppData\Local\iQrBJXva 2013-08-26 17:27 - 2013-08-27 11:52 - 00000000 ____D C:\Program Files (x86)\dreamboxEDIT 2013-08-26 17:27 - 2013-08-27 11:51 - 00000000 ____D C:\Users\HeikeFrank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dreamboxEDIT 2013-08-23 10:18 - 2013-08-30 10:58 - 00000000 ____D C:\ProgramData\Uniblue 2013-08-20 01:55 - 2013-08-20 01:55 - 04812567 _____ (Tim Kosse) C:\Users\HeikeFrank\Downloads\FileZilla_3.7.3_win32-setup.exe 2013-08-16 14:42 - 2013-08-16 14:42 - 00082984 _____ C:\Users\HeikeFrank\Documents\Esther Mahnung Laerm und Betriebskostenabrehcnung 16.08.2013.odt 2013-08-15 13:12 - 2013-08-15 13:12 - 00041048 _____ C:\Users\HeikeFrank\Documents\Anwalt-Anfrage-Schlotte 15.08.2013.odt 2013-08-15 11:39 - 2013-08-15 11:39 - 00070318 _____ C:\Users\HeikeFrank\Documents\Antwort-Klage-12 C 200-13vom15.8.13.odt 2013-08-14 11:25 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-14 11:25 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-14 11:25 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-14 11:25 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-14 11:25 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-14 11:25 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-14 11:25 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-14 11:25 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-14 11:25 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-14 11:25 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-14 11:25 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-14 11:25 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-14 11:14 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-14 11:14 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 11:14 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-14 11:14 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-14 11:14 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-14 11:14 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-14 11:14 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-14 11:14 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 11:14 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 11:14 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 11:14 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 11:14 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 11:13 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-14 11:13 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 11:13 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-14 11:13 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-14 11:13 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-14 11:13 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 11:13 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 11:13 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 11:13 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 11:13 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 11:13 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 11:13 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 11:13 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-14 11:13 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-14 11:13 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-13 16:12 - 2013-08-13 16:12 - 00041781 _____ C:\Users\HeikeFrank\Documents\Antwort Fuererscheinbehoerde Nachtrag 13.08.2013.odt 2013-08-13 13:09 - 2013-08-13 13:09 - 00047569 _____ C:\Users\HeikeFrank\Documents\Antwort Fuererscheinbehoerde 13.08.2013.odt 2013-08-13 11:00 - 2013-06-21 02:07 - 00188232 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadmdm.sys 2013-08-13 11:00 - 2013-06-21 02:07 - 00169288 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadbus.sys 2013-08-13 11:00 - 2013-06-21 02:07 - 00038080 _____ (Google Inc) C:\Windows\system32\Drivers\ssadadb.sys 2013-08-13 11:00 - 2013-06-21 02:07 - 00021320 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadmdfl.sys 2013-08-13 11:00 - 2013-06-21 02:07 - 00017736 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadwhnt.sys 2013-08-13 11:00 - 2013-06-21 02:07 - 00017224 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadcmnt.sys 2013-08-13 10:59 - 2013-06-21 02:07 - 00188232 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdmdm.sys 2013-08-13 10:59 - 2013-06-21 02:07 - 00169288 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdbus.sys 2013-08-13 10:59 - 2013-06-21 02:07 - 00021320 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdmdfl.sys 2013-08-13 10:59 - 2013-06-21 02:07 - 00017736 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdwhnt.sys 2013-08-13 10:59 - 2013-06-21 02:07 - 00017224 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdcmnt.sys 2013-08-13 10:56 - 2013-08-13 12:12 - 00000000 ____D C:\Users\Public\Documents\CrashDump 2013-08-12 14:38 - 2013-08-12 14:38 - 00087151 _____ C:\Users\HeikeFrank\Documents\Esther Mahnung Laerm und Betriebskostenabrehcnung 12.08.2013.odt 2013-08-01 13:37 - 2013-08-01 13:37 - 00060298 _____ C:\Users\HeikeFrank\Documents\Antrag-Sportuebernahme und Unterlagen 1.7.2013.odt 2013-08-01 13:10 - 2013-08-01 13:12 - 00046434 _____ C:\Users\HeikeFrank\Documents\Antwort Schlotte Parkplatz-1.8.2013.odt ==================== One Month Modified Files and Folders ======= 2013-08-30 11:09 - 2013-08-30 11:09 - 00001306 _____ C:\Users\HeikeFrank\Desktop\JRT.txt 2013-08-30 11:08 - 2009-07-14 06:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-30 11:08 - 2009-07-14 06:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-30 11:03 - 2013-08-30 11:03 - 00000000 ____D C:\Windows\ERUNT 2013-08-30 11:02 - 2013-08-30 11:02 - 01023533 _____ (Thisisu) C:\Users\HeikeFrank\Desktop\JRT.exe 2013-08-30 10:59 - 2013-08-30 10:59 - 00008855 _____ C:\Users\HeikeFrank\Desktop\AdwCleaner[S0].txt 2013-08-30 10:59 - 2012-07-05 11:42 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2013-08-30 10:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-30 10:59 - 2009-07-14 06:51 - 00120928 _____ C:\Windows\setupact.log 2013-08-30 10:58 - 2013-08-30 10:56 - 00000000 ____D C:\AdwCleaner 2013-08-30 10:58 - 2013-08-23 10:18 - 00000000 ____D C:\ProgramData\Uniblue 2013-08-30 10:58 - 2012-07-05 11:36 - 01337731 _____ C:\Windows\WindowsUpdate.log 2013-08-30 10:55 - 2013-08-30 10:55 - 00994642 _____ C:\Users\HeikeFrank\Desktop\adwcleaner.exe 2013-08-30 10:46 - 2010-11-21 05:47 - 00143748 _____ C:\Windows\PFRO.log 2013-08-30 10:33 - 2013-08-30 10:33 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-08-30 10:33 - 2013-08-30 10:33 - 00000000 ____D C:\Users\HeikeFrank\AppData\Roaming\Malwarebytes 2013-08-30 10:33 - 2013-08-30 10:33 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-30 10:33 - 2013-08-30 10:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-30 10:31 - 2013-01-18 02:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-29 18:33 - 2013-01-17 23:54 - 00000000 ____D C:\Program Files\Opera x64 2013-08-29 17:57 - 2013-08-29 17:57 - 00027500 _____ C:\ComboFix.txt 2013-08-29 17:57 - 2013-08-29 17:46 - 00000000 ____D C:\Qoobox 2013-08-29 17:56 - 2013-08-29 17:46 - 00000000 ____D C:\Windows\erdnt 2013-08-29 17:56 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2013-08-29 17:45 - 2013-08-29 17:45 - 05114906 ____R (Swearware) C:\Users\HeikeFrank\Desktop\ComboFix.exe 2013-08-29 08:48 - 2012-07-05 21:02 - 00698752 _____ C:\Windows\system32\perfh007.dat 2013-08-29 08:48 - 2012-07-05 21:02 - 00148802 _____ C:\Windows\system32\perfc007.dat 2013-08-29 08:48 - 2009-07-14 07:13 - 01618852 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-27 22:28 - 2013-08-27 22:28 - 00000000 ____D C:\FRST 2013-08-27 22:03 - 2013-01-22 11:52 - 00000072 _____ C:\Users\Public\LMDebug.log 2013-08-27 21:23 - 2013-08-27 21:23 - 00048200 _____ C:\Users\HeikeFrank\Documents\Antwort-Klage-O2-Berufungvom27.8.13.odt 2013-08-27 20:53 - 2013-08-27 20:20 - 00000000 ____D C:\Users\HeikeFrank\Documents\DecryptHelper 2013-08-27 18:52 - 2013-08-27 18:52 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-08-27 18:52 - 2013-08-27 18:52 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-08-27 18:52 - 2013-08-27 18:52 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-27 18:52 - 2013-08-27 18:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-27 18:52 - 2013-08-27 18:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-27 18:52 - 2013-08-27 18:52 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-27 18:52 - 2013-08-27 18:52 - 00000000 ____D C:\ProgramData\Sun 2013-08-27 18:52 - 2013-08-27 18:52 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-27 18:47 - 2013-08-27 18:48 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-08-27 18:47 - 2013-08-27 18:48 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-08-27 18:47 - 2013-08-27 18:48 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-08-27 18:47 - 2013-08-27 18:47 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-08-27 18:47 - 2013-08-27 18:47 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-08-27 18:47 - 2013-08-27 18:47 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-08-27 18:47 - 2013-08-27 18:47 - 00000000 ____D C:\Program Files\Java 2013-08-27 18:36 - 2013-08-27 18:16 - 00000000 ____D C:\ProgramData\HitmanPro 2013-08-27 18:35 - 2013-08-27 18:35 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2013-08-27 11:52 - 2013-08-26 17:27 - 00000000 ____D C:\Program Files (x86)\dreamboxEDIT 2013-08-27 11:52 - 2013-04-12 23:09 - 00000000 ____D C:\Program Files (x86)\DivX 2013-08-27 11:52 - 2012-07-05 12:04 - 00000000 ____D C:\Windows\system32\Macromed 2013-08-27 11:51 - 2013-08-27 11:23 - 00000000 ____D C:\Windows\pss 2013-08-27 11:51 - 2013-08-26 17:27 - 00000000 ____D C:\Users\HeikeFrank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dreamboxEDIT 2013-08-27 11:51 - 2013-04-14 03:15 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2013-08-27 11:51 - 2013-04-12 23:09 - 00000000 ____D C:\ProgramData\DivX 2013-08-27 11:51 - 2013-02-16 01:11 - 00000000 ____D C:\Users\HeikeFrank\AppData\Roaming\DVDVideoSoft 2013-08-27 11:51 - 2013-01-17 23:33 - 00000000 ____D C:\Users\HeikeFrank 2013-08-27 11:51 - 2011-02-25 00:01 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-08-27 11:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2013-08-27 11:23 - 2013-01-17 23:36 - 00000000 ___RD C:\Users\HeikeFrank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-08-26 18:24 - 2013-08-26 18:24 - 00000000 ____D C:\Users\HEIKEF~1\AppData\Local\qAoHrCTf 2013-08-26 18:24 - 2013-08-26 18:24 - 00000000 ____D C:\Users\HEIKEF~1\AppData\Local\iQrBJXva 2013-08-26 12:32 - 2013-04-03 17:33 - 00023992 _____ C:\Users\HeikeFrank\AppData\Roaming\Notepad2.ini 2013-08-21 13:13 - 2012-07-05 11:42 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2013-08-21 12:31 - 2013-01-18 02:55 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-21 12:31 - 2013-01-18 02:55 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-21 12:31 - 2012-07-05 12:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-21 01:16 - 2013-01-30 21:41 - 00000000 ____D C:\Users\HeikeFrank\Documents\DVDVideoSoft 2013-08-20 02:06 - 2013-03-14 13:45 - 00000000 ____D C:\Users\HeikeFrank\AppData\Roaming\FileZilla 2013-08-20 01:56 - 2013-03-14 13:45 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client 2013-08-20 01:55 - 2013-08-20 01:55 - 04812567 _____ (Tim Kosse) C:\Users\HeikeFrank\Downloads\FileZilla_3.7.3_win32-setup.exe 2013-08-20 01:06 - 2013-04-03 17:36 - 00000000 ____D C:\Program Files (x86)\Notepad++ 2013-08-16 14:42 - 2013-08-16 14:42 - 00082984 _____ C:\Users\HeikeFrank\Documents\Esther Mahnung Laerm und Betriebskostenabrehcnung 16.08.2013.odt 2013-08-15 13:12 - 2013-08-15 13:12 - 00041048 _____ C:\Users\HeikeFrank\Documents\Anwalt-Anfrage-Schlotte 15.08.2013.odt 2013-08-15 11:39 - 2013-08-15 11:39 - 00070318 _____ C:\Users\HeikeFrank\Documents\Antwort-Klage-12 C 200-13vom15.8.13.odt 2013-08-14 11:18 - 2013-07-11 11:02 - 00000000 ____D C:\Windows\system32\MRT 2013-08-14 11:15 - 2013-01-18 01:43 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-13 16:12 - 2013-08-13 16:12 - 00041781 _____ C:\Users\HeikeFrank\Documents\Antwort Fuererscheinbehoerde Nachtrag 13.08.2013.odt 2013-08-13 13:09 - 2013-08-13 13:09 - 00047569 _____ C:\Users\HeikeFrank\Documents\Antwort Fuererscheinbehoerde 13.08.2013.odt 2013-08-13 12:12 - 2013-08-13 10:56 - 00000000 ____D C:\Users\Public\Documents\CrashDump 2013-08-13 10:56 - 2012-07-05 11:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-08-13 10:55 - 2013-03-08 01:47 - 00000000 ____D C:\Users\HEIKEF~1\AppData\Local\Downloaded Installations 2013-08-13 10:55 - 2013-01-22 11:40 - 00000000 ____D C:\Program Files (x86)\Samsung 2013-08-12 14:38 - 2013-08-12 14:38 - 00087151 _____ C:\Users\HeikeFrank\Documents\Esther Mahnung Laerm und Betriebskostenabrehcnung 12.08.2013.odt 2013-08-07 04:22 - 2010-11-21 05:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2013-08-01 13:37 - 2013-08-01 13:37 - 00060298 _____ C:\Users\HeikeFrank\Documents\Antrag-Sportuebernahme und Unterlagen 1.7.2013.odt 2013-08-01 13:12 - 2013-08-01 13:10 - 00046434 _____ C:\Users\HeikeFrank\Documents\Antwort Schlotte Parkplatz-1.8.2013.odt Files to move or delete: ==================== C:\Users\HEIKEF~1\AppData\Local\Temp\Quarantine.exe C:\Users\HEIKEF~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-13 13:42 ==================== End Of Log ============================ Danke für die Hilfe.
__________________ GLG.......................Diebaer Geändert von Diebaer (30.08.2013 um 10:22 Uhr) Grund: Tante Edit |
30.08.2013, 20:07 | #8 |
/// the machine /// TB-Ausbilder | Bundeskriminalamttrojaner bekämpft, aber verschlüsselte Dateien noch da, weil neue Art der verschlüsselung.ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.09.2013, 13:33 | #9 |
| Bundeskriminalamttrojaner bekämpft, aber verschlüsselte Dateien noch da, weil neue Art der verschlüsselung. Hallöchen. Eset Smartinstaller Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=48c57010f048cb4aaa8cb09dfc8f3254 # engine=14980 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-09-02 12:19:05 # local_time=2013-09-02 02:19:05 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 270491 129754195 0 0 # scanned=203726 # found=146 # cleaned=0 # scan_time=4789 sh=4B2FDC279234C593B0083ADEB151A0C1B687DC8B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\ProLight DJ-24\Driver\Enttec Open DMX\dmxusb2esp.zip" sh=3E48C8D25B196D67722ED20CD36BF3448A4C9136 ft=1 fh=8ca2da5db5514665 vn="a variant of Win32/Adware.MultiPlug.I application" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\MiaigNiPiC\51632d766a056.dll.vir" sh=142BC8389282E6F8846718982F58D3E0C3561F07 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\HeikeFrank\AppData\Local\Google\Chrome\User Data\Default\Extensions\dncaejdgeiblfepebafplhiphiikmdgb\1\51632d7669e1a6.97707864.js" sh=A8B9BE30E1FA342D7622DB9EAE75A7A872D0E219 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Baufusch.rar" sh=C580DE6D36C8247C07ECF66B14F656F1BEEA4859 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Beispielbilder_Win7.zip" sh=BA50FDF06D2EA84909DFCACCC594FCEE9554CC17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\M5A78L-M-LX-V2-ASUS-1201.zip" sh=BC57F92E32FB64B31EB724AB32C95D8AF0A43094 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\proton2508.zip" sh=7C8D426C85E8DFD30431F1A02E31FDF95BA384BC ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\CCcam 2.3.0 for BH Image also Nabilo E2\Ccam 2.3.0 for BH Image also Nabilo E2.rar" sh=06F4F37F903168F2FB0427AC3E1C6805B771BE53 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\CCcam 2.3.0 for Image NoviTeam\cccam2.3.0_0 NoviTeam.1-r0_mipsel.rar" sh=5A07F8D1F2B8EBB0E7EC3D6A3DC8BA9AA8141B7F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\CCcam 2.3.0 for ViX images\enigma2-plugin-cams-cccam.2.3.0_1.0_mipsel.rar" sh=47810F50C9B5CF19A5F858BA870E1557FC93A637 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\Cccam 2.3.0 für gigablue\Cccam 2.3.0 gigablue.rar" sh=B223A64A1D62F708200FE2A91A3B273BE32B9EDA ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\Cccam 2.3.0 GPGP2and GP3\CCcam-2.3.0_Config_gp_gp2_gp3.zip" sh=BD96E9AC592B130BDD5C7A4317643528F9152307 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\CCcam.2.3.0 for freetz\CCcam-2.3.0.freetz.tar.rar" sh=B185B77D923FB919D4460DDBC5E5FC10F697D97F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\CCcam2.3.0 ET9000 PLI\CCcam2.3.0__ET9000_PLI.zip" sh=09A8EF17EFCA9A9E35125794EBE5C3BF130E89B1 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\cccam2.3.0 für azboxHD\cccam2.3.0 für azbox HD Enigma2.zip" sh=C6560A2163EA98BADE7B12ED65B548154E49D427 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\dbox2\CCcam-2.3.0-dbox2-geshrinkt.rar" sh=A0CF34A569B4989F808A692DFC1EDDB92F5AD6F4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\Evolution_CCcam_2.3.0\Evolution_CCcam_2.3.0.rar" sh=B49BDF2DC5462C04D2B8F5D15A066B14C6B52C3F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\For LS Image\LS-cccam_r2.3.0.ipk.zip" sh=A4B61693F6080E6B4022CB57368C43C1D99A6DA6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\for OoZooN Images E2\enigma2-plugin-camd-cccam.2.3.0_1.0-r0_mipsel.rar" sh=FDC10E7929DB8325C0319344CA1620E462B0FFDF ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\Newnigma cccam 2.3.0\newnigmacamd-cccam2.3.0_2.3.r0_mipsel.rar" sh=AB832A206E808A01B7EB19AE9573F5E990AF5591 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\open AAF CCcam 2.3.0 IPK\enigma2-plugin-softcams-cccam-aaf_2.3.0_all.ipk.zip" sh=B9A2A31E6724E2C74ED19D2A7AA4FB91689E4360 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\GLJ-Image-Light2x\alternative_cables_xml_07_12_08.zip" sh=5219D70ADEC173B3F73301E712A53CD6CC1EA3F5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\GLJ-Image-Light2x\hdd_tools.zip" sh=B8DEDFCAE6F4CC4918C8A0FEBB50EC594BCFC57C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\GLJ-Image-Light2x\2.77\glj_neutrino_310812_V2.77_kabel_2x.zip" sh=3C0601A35E027B44A128F2F6318E479ED59E580B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\GLJ-Image2.66\alternative_cables_xml_31_08_12.zip" sh=82BBE0C36DC402BE39995AEACCEB06DF34476EDC ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\GLJ-Image2.66\glj_neutrino_310812_V2.66_kabel_2x.zip" sh=FB45E00FD7D79C2A05807873FA4B5EDC022C3B3D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\GLJ-Image2.66\hdd_tools.zip" sh=09C4369C95987A9D961ED66E42D5729CFB048893 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Hausi-Sicherung\GLJ-Image\astra_settings.zip" sh=C24DB0B771BDA33212136B79DD78651433F7AA1E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Hausi-Sicherung\GLJ-Image\glj_neutrino_120909_sat_2x.zip" sh=575767A1A55C3ED7C109887B1EC9F9249EBFFD0E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Hausi-Sicherung\GLJ-Image\hdd_tools.zip" sh=857DC4296008C49D9B64FE5555D940315AF07E7A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Neutrino Kabel Deutschland Settings\dbox_kabel-deutschland_matze.zip" sh=85FBB24E3CF75C897711E39290C440D1DFDE6FB8 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Sicherung cccam.cfg-G-Türk\CCcam.rar" sh=8D77A02A0F9EF52D1A5DCB93C8ABB6EF1515ABFE ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Sicherung cccam.cfg-G-Türk-D-Box\CCcam.rar" sh=EA51655AFC320918F80EADBF0FE18F6350499D97 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Sicherung cccam.cfg-G-Türk-Ela\CCcam.rar" sh=BA281B749BB46B87FAFC3E91ADF5A7A2C4ECE50B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dart\nscore016.zip" sh=724BB98168CC6DEBC27CEA49955B5E4844CBDA41 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\A-HB-UM-Triple-Settings.zip" sh=2F60EFA8D8B7E7C188878A1F78CBCFB5404D59A5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\dreamboxEDIT_setup_5.0.2.0.zip" sh=F64225F62E8536F6D8DA49140F16E863F73E27F2 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\enigma_2_kabel-deutschland_matze_offensive.zip" sh=2417DCA37A1437B15839FDE8CC5B27D2D95962DC ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Newnigma2 v3.3.2-Sunray sr4_DM800se-2012.03.28-ssl84b-sim210.rar" sh=838BD1FE24841F2F80101D36860D9EE80F779D09 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Oscam only i12 und um02.zip" sh=C8507FB925DBA0074814295D73C69D7430080864 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Settings_Astra_HB_UM.zip" sh=72E824875A39198A1C88BB15C7E6E3F016D34141 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\sim2_800SE_SSL84B-nfi.rar" sh=36CDDCE233577F44E6A4DB24731FB2B70AD97993 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\TripleTuner.zip" sh=BC46E1E0B7C1200FD96BEACBD0249D5FB2210917 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\xmls_neu.zip" sh=F31BBA73E5CE2F878084AE537961910E73CCAD64 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\[dvb-cracks]BootLoader_SSL_84b_sim_2.1_1353077613.zip" sh=87B57C97D697A0CFA7AB7EE7EF2FC9D642698A1D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\[dvb-cracks]Newnigma2_v3.3.2-Sunray_sr4-2012.03.28-e3-ssl84b-sim210_1353079288.zip" sh=BB2A51819D92505A361BF9FDC72606C21282B574 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\[dvb-cracks]Sunray4_Combo_Tuner_Driver_1353109746.zip" sh=261F200B92A89A165215F12A4769BADB51BE5BF6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Anleitung Combo_Tuner\Anleitung Combo_Tuner.zip" sh=BD13EC2FF183ACA8B490C01C75E7924AB3E48161 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Anleitung Combo_Tuner\Settings_Astra_HB_UM.zip" sh=20FFDD21528B66A5141F077FB67952E42F44A0D5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Anleitung Combo_Tuner\xmls_neu.zip" sh=814F969400CD0FC37ED39E3CAD26FAC620F8ECC2 ft=0 fh=0000000000000000 vn="a variant of PDF/Exploit.Pidief.PHR trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Dreambox-Updater\bedienungsanleitung_dm800hdse.pdf" sh=D05198CCA03B99818CAB38A14EA1BD766C068E02 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Dreambox-Updater\DreamUP1339.zip" sh=F87DAB48AD177A399CA6C1B211701FDF54B2E311 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\DreamboxControl\dcce2_142.zip" sh=AEE1B81A49BD72B0B331B05CC342626C853CA437 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\DreamboxControl\dcce2_150.zip" sh=C700A8C11A09EA81253207D4BD9FF9619776CA29 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Firmeware7020HD\OneStep_GP3_Cam_Feed\OneStep_GP3_Cam_Feed.zip" sh=20274D5461A1D4A30A4DEB6954D50C74079451A7 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Firmeware7020HD\OneStep_GP3_Cam_Feed\OneStep_GP3_Cam_Feed\OneStep_GP3_Cam_Feed.rar" sh=9F330D52BF3A5456331FF2CE8E5D126E89F9D3A3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Image-S N O W F L A K E 4 . 0_7020HD\Snowflake4.0_7020hd.rar" sh=23A5DFA1F1E2F8EB707464EC4D8A0A44F6C6050B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\TRIBLE KD und ASTRA 19.2 setting\TRIBLE KD und ASTRA 19.2 setting.rar" sh=3B66B3276A05447E853F5B40ECE3663024139D8C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Triple_13.11.2012\A-HB-UM-Triple-Settings.zip" sh=AA58AD25E88FB4D3D56CABE1C6AE07736F752452 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Triple_13.11.2012\Oscam only i12 und um02.zip" sh=F0B8B4001FF9C577C7337214CC72BB0ED239D388 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Triple_13.11.2012\TripleTuner.zip" sh=F4964169DFEF768E1CB94716EC7E3C756E6615C6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Triple_13.11.2012\xmls_neu.zip" sh=172C43D1FDF42B65C8B0D916C64F715B1DB3E78B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\ImgBurn\german.zip" sh=5CEE5325B6B590670E1548A18562F0F9554D4175 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Medall of Honor\mohbde.part1.rar" sh=68AA0F3CF8533705B6A307970E3D17184B162A72 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Medall of Honor\mohbde.part2.rar" sh=37F41466474BE8A1D1DFC5EABD931FB04DC31D13 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Medall of Honor\mohbde.part3.rar" sh=B2CA6752996AA7741ECD89B4091DE88BE8F2CDBB ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Medall of Honor\mohbde.part4.rar" sh=9BFAF1FD9383D28B0FBBEEC4DC7CB57908D901D7 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Medall of Honor\mohbde.part5.rar" sh=9A0AACB394AF86EAB15C4EC143E7070F2AF75824 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Medall of Honor\mohbde.part6.rar" sh=46DC67DC18A1ACD566FB8E177191ED863D1E0E86 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Medall of Honor\mohbde.part7.rar" sh=EF4209780F06D046B392DE14091F382B1B2B6076 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Medall of Honor\mohbde.part8.rar" sh=F9C8C1C97450CCD39769973005ECEA905062B503 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Omsi-136-236\SpandauReal-136236N34-By-BusDriver30-Final1.rar" sh=BD5868749AB8FF575E822BA13FFA58B03C1D76F9 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Omsi-136-236\Sceneryobjects\ADDON Spandau Real Projekte By BusDriver30\Projekt 136 236 andere Kreuzungen\Kreuz_MC\texture\WinterSnowfall\WinterSnowfall.rar" sh=8452401A2192F9F72E8438A8BC8FAE5C0DBF8642 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Pearl\Aux-Out-SysEx-3.30.11\Aux-Out-SysEx-3.30.11.zip" sh=E7F445609ABEA499363C6C74BD2E1D7F8E9BDA7D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Pearl\Elektron_C6_XP_v1 4\Elektron_C6_XP_v1 4.zip" sh=2C5D922C1478A894C0FBB036C5EBDF6B51C51E9E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Systemtreff-Schaden\Schadensbilder.zip" sh=6BF1E866C44E0931B10A55618F0227D5D9CEB974 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Systemtreff-Schaden\Systemtreff-Schaden.rar" sh=1D0C7520B0237439D695671AC49A4D4C9EB9D211 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\WarChest_GoodOldGames\Deutsch\Medal.of.Honor.Allied.Assault.War.Chest-GoodOldGames.part01.rar" sh=302C71438B13E140D8117EE47791B7A869DC7B2A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\WarChest_GoodOldGames\Deutsch\Medal.of.Honor.Allied.Assault.War.Chest-GoodOldGames.part02.rar" sh=EDD2BC861E5A8E6523855509D0A7AFE640E18775 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\WarChest_GoodOldGames\Deutsch\Medal.of.Honor.Allied.Assault.War.Chest-GoodOldGames.part03.rar" sh=2452EC0A7A481E0E5BC1382EDD0CCFD09AF02AA8 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\WarChest_GoodOldGames\Deutsch\Medal.of.Honor.Allied.Assault.War.Chest-GoodOldGames.part04.rar" sh=CA5B9CADDE4A085A1CBF934A2B7BB603C7E43B4A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\WarChest_GoodOldGames\Deutsch\Medal.of.Honor.Allied.Assault.War.Chest-GoodOldGames.part05.rar" sh=543E130B97998A21FD37FB16697BDD9A04113E2E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\WarChest_GoodOldGames\Deutsch\Medal.of.Honor.Allied.Assault.War.Chest-GoodOldGames.part06.rar" sh=D7E20242EB491445259A5CFC6CAE7DD4E2359DFA ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\WarChest_GoodOldGames\Deutsch\Medal.of.Honor.Allied.Assault.War.Chest-GoodOldGames.part07.rar" sh=F69D7C0BED741F5F01434D256155E451EAB09B07 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\WarChest_GoodOldGames\Deutsch\Medal.of.Honor.Allied.Assault.War.Chest-GoodOldGames.part08.rar" sh=7B2F42760465244E2C08C68C2DCE7460957AC1C6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\WarChest_GoodOldGames\Deutsch\Medal.of.Honor.Allied.Assault.War.Chest-GoodOldGames.part09.rar" sh=A56FA4E119B84EC83AF99B13E4AF8B0D1E347F9C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\WarChest_GoodOldGames\Deutsch\Medal.of.Honor.Allied.Assault.War.Chest-GoodOldGames.part10.rar" sh=4062C727B5B179F206DDC84A9D72192FF252C19E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Bluescreenviewer\bluescreenview_german.zip" sh=646D12FB2AEC5D95E5B77FBE10683BDDB951AE81 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\DVDVideoSoft\FreeYouTubeToMP3Converter\Alt Berliner Melodien - Berliner Luft\ABM-BerL.rar" sh=BA3EE8E1A30DC09D93068247E17D4735F09977EA ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\DVDVideoSoft\FreeYouTubeToMP3Converter\Der Letzte Bulle Vol. 2\DerLetzteBulle2.rar" sh=0CB6EBBDB35EED2D2962C5D66D2B816F0A37E98B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\DVDVideoSoft\FreeYouTubeToMP3Converter\TheNo1Hits-1984\TheNo1Hits-1984.rar" sh=8B690C03285CAD66AA72BCC1A5F46F73A5C6A765 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\DVDVideoSoft\FreeYouTubeToMP3Converter\TheNo1Hits-1988\TheNo1Hits-1988.rar" sh=D6F4519F4DB5CD92D9EB6FE9684DC3D46A7B28AA ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\samsung\CWM.zip" sh=C52E6809391B4CB37B96384D940257BF31AF48C7 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\samsung\UPDATE-SuperSU-v1.25.zip" sh=402C03ED0148D6979BABE3569C6A7CE8996822CF ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\samsung\Odin\Intratech_Odin3.7z" sh=72EF7AA508AB2ABF2C1F931CC3DD7F7CE8B765A5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\samsung\Root\CF-Root-SGS3-v6.4.zip" sh=AE7A1DFAC85E3FA25368317AA328A883579E637F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\samsung\S4\Odin\Odin307.zip" sh=DD46C1CC2B68A72843A898C242801684BE0E82F8 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\samsung\S4\Root\CF-Auto-Root-jflte-jfltexx-gti9505.zip" sh=0C31AC2C4B97FF0BDF759E2998D6EC247B5B9D0E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\samsung\S4\Root\I9505_MODIFIED_CF_AUTOROOT_Package\I9505_MODIFIED_CF_AUTOROOT_Package.rar" sh=EE24EE0ADC486CA34ABD886C618DFF063895E59F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Treiber-Heidi\CardReader_Realtek_Win7_64_Z61760130130.zip" sh=AB67AEDD74EAA8D84E41A2EEDCE55686F40FBE66 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Treiber-Heidi\LAN_Realtek_Compal_Win7_64_Z7499272011.zip" sh=F9C69F56CA9E229CE9B4801FCFEC150A03D3E00D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Treiber-Heidi\VGA_AMD_Compal_Win7_64_Z894143000.zip" sh=279D945404B373A82F37CE915903445204C9BC53 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Treiber-Heidi\WinFlash_Win7_64_Z2411.zip" sh=5FB95413579A8F50FFB8FB7FC36D1AED7AE0C0ED ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Treiber-Heidi\WLAN_Liteon_Compal_Win7_64_Z920470.zip" sh=9376AC748DA48C8E0D96E43FA60175DC21F21157 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Backup\Backup - Gesamtübersicht T6-A2mod., B6-A2mod., KT4Dmod. und KT4Dtmod - 2013-08-09 09_31_45 - 023a7dc3f4b84c8cbf92790f369a2314.zpautobackup.zip" sh=6834A4B28C6914C698F58CF5ED3B08BFD11C3857 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Backup\Output\media\Scripting\ServerSideScripting\PHP\CMS\zpocmsmodule.zip" sh=E87F36D28BB58C70CF8CBB916A58C8BB9488BC9F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Backup\Output\media\Scripting\ServerSideScripting\PHP\guestbook\zpgbmodule.zip" sh=10DAC127F663903B782238AC120F7DBA57B27FCF ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Backup\Output\media\Scripting\ServerSideScripting\PHP\pa\zppamodule.zip" sh=0ADAC64285B446ECB272C4D1ADAC617B35E7367B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Backup\Preview\media\Scripting\ServerSideScripting\PHP\CMS\zpocmsmodule.zip" sh=5353A3204AD53A1D7DC1CE9BF9AE36A32FC0FD6C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Backup\Preview\media\Scripting\ServerSideScripting\PHP\guestbook\zpgbmodule.zip" sh=8753B933EC180CB3E0F547E362B5AC67A8A4EF8C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Backup\Preview\media\Scripting\ServerSideScripting\PHP\pa\zppamodule.zip" sh=F37658A2AE8D714DD34DF04D3DBA1794D36A2ADE ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Gesamtübersicht T6-A2mod., B6-A2mod., KT4Dmod. und KT4Dtmod-01\Ausgabe\media\Scripting\ServerSideScripting\PHP\CMS\zpocmsmodule.zip" sh=DB9D75C11F7D86A302D3AAB99AEE325CDB48620F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Gesamtübersicht T6-A2mod., B6-A2mod., KT4Dmod. und KT4Dtmod-01\Ausgabe\media\Scripting\ServerSideScripting\PHP\guestbook\zpgbmodule.zip" sh=FB2080E557AC4669A2499A355E32045D98946FB1 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Gesamtübersicht T6-A2mod., B6-A2mod., KT4Dmod. und KT4Dtmod-01\Ausgabe\media\Scripting\ServerSideScripting\PHP\pa\zppamodule.zip" sh=00FAD4D550313FFD37594E9A03304911D8C726E0 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Gesamtübersicht T6-A2mod., B6-A2mod., KT4Dmod. und KT4Dtmod-01\Preview\media\Scripting\ServerSideScripting\PHP\CMS\zpocmsmodule.zip" sh=CDCE5FE7A7E85A15D5E3F169815EA329555FC623 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Gesamtübersicht T6-A2mod., B6-A2mod., KT4Dmod. und KT4Dtmod-01\Preview\media\Scripting\ServerSideScripting\PHP\guestbook\zpgbmodule.zip" sh=C01986892EB44F5832BE0E55D5E81B058F175FE1 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Gesamtübersicht T6-A2mod., B6-A2mod., KT4Dmod. und KT4Dtmod-01\Preview\media\Scripting\ServerSideScripting\PHP\pa\zppamodule.zip" sh=D817197579E01B5BC41F8C5E72006EF580D7D447 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\kt4dt.lima-city.de\Output\media\Scripting\ServerSideScripting\PHP\CMS\zpocmsmodule.zip" sh=42DA4561B152EB5E7739182E67F65507979C4AD6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\kt4dt.lima-city.de\Output\media\Scripting\ServerSideScripting\PHP\guestbook\zpgbmodule.zip" sh=73394FD6B9C3BCCFFE97B85F37EAFA576E15758D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\kt4dt.lima-city.de\Output\media\Scripting\ServerSideScripting\PHP\pa\zppamodule.zip" sh=DBDD99E8280D2700786F24C0F842AE489EC4E2B5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\kt4dt.lima-city.de\Preview\media\Scripting\ServerSideScripting\PHP\CMS\zpocmsmodule.zip" sh=77C5B373A38376D754740033B7A33462CCF353BB ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\kt4dt.lima-city.de\Preview\media\Scripting\ServerSideScripting\PHP\guestbook\zpgbmodule.zip" sh=7C5107BF1DC9594FB1CC9E47FE01219DFDD5CE08 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\kt4dt.lima-city.de\Preview\media\Scripting\ServerSideScripting\PHP\pa\zppamodule.zip" sh=9C005BA5DEC18A1F80C53C1BD92F5A0C60102A16 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Zeta Producer 11\Output\media\Scripting\ServerSideScripting\PHP\CMS\zpocmsmodule.zip" sh=1CB2462FA6DF2C6752E53D41EB1297B7268F27D9 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Zeta Producer 11\Output\media\Scripting\ServerSideScripting\PHP\guestbook\zpgbmodule.zip" sh=9DB05128A829F913DDF97AC3CF36CB5350D88F56 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Zeta Producer 11\Output\media\Scripting\ServerSideScripting\PHP\pa\zppamodule.zip" sh=D055DC6236A2974ED8B4B9452453755C108878AD ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Zeta Producer 11\Preview\media\Scripting\ServerSideScripting\PHP\CMS\zpocmsmodule.zip" sh=4F09B3E02327596C8742C7E818307B10EA68FD70 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Zeta Producer 11\Preview\media\Scripting\ServerSideScripting\PHP\guestbook\zpgbmodule.zip" sh=15387C107A1B3BFD7D9AFBACA98E223F62EAEBFC ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Zeta Producer 11\Preview\media\Scripting\ServerSideScripting\PHP\pa\zppamodule.zip" sh=2C4410A8968CCC6F6C793DEBB1674CD6E93F8FE7 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\S_Bahn_Sounds.zip" sh=060B702D5715BA421FDA75D85E5963DA2218AE45 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\aksprech.zip" sh=390CE3EB26526E1D4C8BDB331EF8C28905D4EAAF ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\bruederzursonne.zip" sh=8C4F7ABAA65C982FADA608D0994C26D5FA7F9311 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\bummi.zip" sh=B5BAAAABE2D2C2A066D477D04FD2A820DCC4871E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\derkleinetrompeter.zip" sh=6D0A954E0239A917EE7EF1E9C5E9BD9DF4145103 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\dervolkspolizist.zip" sh=CC1FA020813F0D9A07F35C9AFC14320ADE6FFCD0 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\drushba.zip" sh=3AC783589E24CD4FA20324422CB630D22A0B72ED ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\erich.zip" sh=FF6AE3DD7E6DAB2B8128E36162021605BAF2D7E3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\friedenstaube.zip" sh=46F50079126EBEAD48140D23A78854C7E91748A9 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\honni.zip" sh=11CE7A7A0518A4520C83D55E1847CCC08CE07547 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\kanal.zip" sh=28F9BDEC7C00D5B6719BFB85B41ED3A7745F0499 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\mauer.zip" sh=3C1AECD4FD588564EFF511F0453B64A3D8988A84 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\sandmann.zip" sh=766F7B8C04483CE9A1C41647D94CC3FC892FC4D2 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\trabbi.zip" sh=0B428ED6B368C2F5D68EB36B74D7431272A56986 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\Der Letzte Bulle Vol. 2\DerLetzteBulle2.rar" sh=DF8263C24C6BFACAF960D485018D55EBC6D0613C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\Puhdys\Titelarchiv\Titelarchiv.zip" sh=12F51AD2514635F3249719D513A4760F74EC0D9B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\VA_-_Dream_Dance_Vol_40\VA_-_Dream_Dance_Vol_40-2CD-2006-MOD.rar" Code:
ATTFilter Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.8.800.94 Adobe Reader XI ````````Process Check: objlist.exe by Laurent```````` Alwil Software Avast4 aswUpdSv.exe Alwil Software Avast4 ashServ.exe Alwil Software Avast4 ashDisp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-09-2013 04 Ran by HeikeFrank (administrator) on HEIKEFRANK-PC on 02-09-2013 14:27:16 Running from C:\Users\HeikeFrank\Desktop\PC-Schutz Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (ALWIL Software) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashServ.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Quanta Computer Inc.) C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe (Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe () C:\Program Files (x86)\Lenovo\Lenovo EBook&QuickNotes\TMCMonitor.exe (CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Lenovo) C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe (ALWIL Software) C:\Program Files\Alwil Software\Avast4\ashDisp.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Lenovo) C:\Program Files (x86)\Lenovo\Rapidboot\FBService.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Samsung Electronics Co., Ltd.) C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Opera Software) C:\Program Files\Opera x64\opera.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-16] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor) HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [456704 2012-02-20] () HKLM\...\Policies\Explorer: [NoDrives] 0 HKCU\...\Policies\Explorer: [NoDrives] 0 HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation) HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [OSD Utility] - C:\Program Files (x86)\Lenovo\Lenovo BrgVolOSD\BrgVolOSD.exe [18275840 2012-03-15] (Quanta Computer Inc.) HKLM-x32\...\Run: [Lenovo Silver Silk Wireless Keyboard] - C:\Program Files (x86)\Lenovo\Lenovo Silver Silk Wireless Keyboard\skd8861.exe [391680 2011-11-21] (Lenovo) HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM-x32\...\Run: [TMCMonitor] - C:\Program Files (x86)\Lenovo\Lenovo EBook&QuickNotes\TMCMonitor.exe [53248 2009-11-09] () HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-01-10] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [230696 2012-01-10] (CyberLink Corp.) HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.) HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe [1251120 2012-03-02] (Lenovo) HKLM-x32\...\Run: [SetDefaultSCR] - C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe [102400 2009-12-30] (Lenovo) HKLM-x32\...\Run: [avast!] - C:\Program Files\Alwil Software\Avast4\ashDisp.exe [79224 2007-12-04] (ALWIL Software) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] () HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKU\Default\...\RunOnce: [themeset] - C:\Users\Default\AppData\Local\lenovo\SetWindow.exe [354816 2011-07-11] (Lenovo) HKU\Default User\...\RunOnce: [themeset] - C:\Users\Default\AppData\Local\lenovo\SetWindow.exe [354816 2011-07-11] (Lenovo) Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe (Samsung Electronics Co., Ltd.) Startup: C:\Users\HeikeFrank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} hxxp://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR Extension: (MiaigNiPiC) - C:\Users\HEIKEF~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dncaejdgeiblfepebafplhiphiikmdgb\1 CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx ==================== Services (Whitelisted) ================= R2 aswUpdSv; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [17272 2007-12-04] (ALWIL Software) R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [140664 2007-12-04] (ALWIL Software) S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [247160 2007-12-04] (ALWIL Software) S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [345464 2007-12-04] (ALWIL Software) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [1084192 2011-12-14] (Broadcom Corporation.) R2 FastbootService; C:\Program Files (x86)\Lenovo\Rapidboot\FBService.exe [169776 2012-03-02] (Lenovo) R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-07-12] (Freemake) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [237056 2012-04-26] (Samsung Electronics Co., Ltd.) S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x] S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [x] ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\System32\DRIVERS\aswMonFlt.sys [55888 2007-12-04] (ALWIL Software) R2 aswMonFlt; C:\Windows\SysWow64\DRIVERS\aswMonFlt.sys [45648 2007-12-04] (ALWIL Software) R3 AVer7231_x64; C:\Windows\System32\DRIVERS\AVer7231_x64.sys [1800448 2011-03-31] (AVerMedia TECHNOLOGIES, Inc.) R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [71440 2012-03-02] (Windows (R) Win 7 DDK provider) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [257128 2011-09-02] (Realtek Semiconductor Corp.) R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1094248 2011-12-30] (Realtek Semiconductor Corporation ) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2013-02-23] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S2 Aspi32; No ImagePath S3 catchme; \??\C:\ComboFix\catchme.sys [x] S2 DLPortIO; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-02 14:22 - 2013-09-02 14:22 - 00891115 _____ C:\Users\HeikeFrank\Desktop\SecurityCheck.exe 2013-08-30 13:13 - 2013-08-30 13:13 - 00044280 _____ C:\Users\HeikeFrank\Documents\Antwort Fuererscheinbehoerde 30.08.2013.odt 2013-08-30 11:24 - 2013-08-30 11:25 - 00000000 ___SD C:\ComboFix 2013-08-30 11:23 - 2013-09-02 14:27 - 00000000 ____D C:\Users\HeikeFrank\Desktop\PC-Schutz 2013-08-30 11:03 - 2013-08-30 11:03 - 00000000 ____D C:\Windows\ERUNT 2013-08-30 10:56 - 2013-08-30 10:58 - 00000000 ____D C:\AdwCleaner 2013-08-30 10:33 - 2013-08-30 10:33 - 00000000 ____D C:\Users\HeikeFrank\AppData\Roaming\Malwarebytes 2013-08-30 10:33 - 2013-08-30 10:33 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-30 10:33 - 2013-08-30 10:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-30 10:33 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-08-29 17:46 - 2013-08-30 11:24 - 00000000 ____D C:\Qoobox 2013-08-29 17:46 - 2013-08-29 17:56 - 00000000 ____D C:\Windows\erdnt 2013-08-29 17:46 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-08-29 17:46 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-08-29 17:46 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-08-29 17:46 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-08-29 17:46 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-08-29 17:46 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-08-29 17:46 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-08-29 17:46 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-08-29 17:45 - 2013-08-29 17:45 - 05114906 ____R (Swearware) C:\Users\HeikeFrank\Desktop\ComboFix.exe 2013-08-27 22:28 - 2013-08-27 22:28 - 00000000 ____D C:\FRST 2013-08-27 21:23 - 2013-08-27 21:23 - 00048200 _____ C:\Users\HeikeFrank\Documents\Antwort-Klage-O2-Berufungvom27.8.13.odt 2013-08-27 20:20 - 2013-08-27 20:53 - 00000000 ____D C:\Users\HeikeFrank\Documents\DecryptHelper 2013-08-27 18:52 - 2013-08-27 18:52 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-08-27 18:52 - 2013-08-27 18:52 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-08-27 18:52 - 2013-08-27 18:52 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-27 18:52 - 2013-08-27 18:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-27 18:52 - 2013-08-27 18:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-27 18:52 - 2013-08-27 18:52 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-27 18:52 - 2013-08-27 18:52 - 00000000 ____D C:\ProgramData\Sun 2013-08-27 18:52 - 2013-08-27 18:52 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-27 18:48 - 2013-08-27 18:47 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-08-27 18:48 - 2013-08-27 18:47 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-08-27 18:48 - 2013-08-27 18:47 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-08-27 18:47 - 2013-08-27 18:47 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-08-27 18:47 - 2013-08-27 18:47 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-08-27 18:47 - 2013-08-27 18:47 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-08-27 18:47 - 2013-08-27 18:47 - 00000000 ____D C:\Program Files\Java 2013-08-27 18:35 - 2013-08-27 18:35 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2013-08-27 18:16 - 2013-08-27 18:36 - 00000000 ____D C:\ProgramData\HitmanPro 2013-08-27 11:23 - 2013-08-27 11:51 - 00000000 ____D C:\Windows\pss 2013-08-26 18:24 - 2013-08-26 18:24 - 00000000 ____D C:\Users\HEIKEF~1\AppData\Local\qAoHrCTf 2013-08-26 18:24 - 2013-08-26 18:24 - 00000000 ____D C:\Users\HEIKEF~1\AppData\Local\iQrBJXva 2013-08-26 17:27 - 2013-08-27 11:52 - 00000000 ____D C:\Program Files (x86)\dreamboxEDIT 2013-08-26 17:27 - 2013-08-27 11:51 - 00000000 ____D C:\Users\HeikeFrank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dreamboxEDIT 2013-08-23 10:18 - 2013-08-30 10:58 - 00000000 ____D C:\ProgramData\Uniblue 2013-08-20 01:55 - 2013-08-20 01:55 - 04812567 _____ (Tim Kosse) C:\Users\HeikeFrank\Downloads\FileZilla_3.7.3_win32-setup.exe 2013-08-16 14:42 - 2013-08-16 14:42 - 00082984 _____ C:\Users\HeikeFrank\Documents\Esther Mahnung Laerm und Betriebskostenabrehcnung 16.08.2013.odt 2013-08-15 13:12 - 2013-08-15 13:12 - 00041048 _____ C:\Users\HeikeFrank\Documents\Anwalt-Anfrage-Schlotte 15.08.2013.odt 2013-08-15 11:39 - 2013-08-15 11:39 - 00070318 _____ C:\Users\HeikeFrank\Documents\Antwort-Klage-12 C 200-13vom15.8.13.odt 2013-08-14 11:25 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-14 11:25 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-14 11:25 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-14 11:25 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-14 11:25 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-14 11:25 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-14 11:25 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-14 11:25 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-14 11:25 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-14 11:25 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-14 11:25 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-14 11:25 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-14 11:25 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-14 11:25 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-14 11:14 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-14 11:14 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 11:14 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-14 11:14 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-14 11:14 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-14 11:14 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-14 11:14 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-14 11:14 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 11:14 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 11:14 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 11:14 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 11:14 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 11:13 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-14 11:13 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 11:13 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-14 11:13 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-14 11:13 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-14 11:13 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 11:13 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 11:13 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 11:13 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 11:13 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 11:13 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 11:13 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 11:13 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-14 11:13 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-14 11:13 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-13 16:12 - 2013-08-13 16:12 - 00041781 _____ C:\Users\HeikeFrank\Documents\Antwort Fuererscheinbehoerde Nachtrag 13.08.2013.odt 2013-08-13 13:09 - 2013-08-13 13:09 - 00047569 _____ C:\Users\HeikeFrank\Documents\Antwort Fuererscheinbehoerde 13.08.2013.odt 2013-08-13 11:00 - 2013-06-21 02:07 - 00188232 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadmdm.sys 2013-08-13 11:00 - 2013-06-21 02:07 - 00169288 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadbus.sys 2013-08-13 11:00 - 2013-06-21 02:07 - 00038080 _____ (Google Inc) C:\Windows\system32\Drivers\ssadadb.sys 2013-08-13 11:00 - 2013-06-21 02:07 - 00021320 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadmdfl.sys 2013-08-13 11:00 - 2013-06-21 02:07 - 00017736 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadwhnt.sys 2013-08-13 11:00 - 2013-06-21 02:07 - 00017224 _____ (MCCI Corporation) C:\Windows\system32\Drivers\ssadcmnt.sys 2013-08-13 10:59 - 2013-06-21 02:07 - 00188232 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdmdm.sys 2013-08-13 10:59 - 2013-06-21 02:07 - 00169288 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdbus.sys 2013-08-13 10:59 - 2013-06-21 02:07 - 00021320 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdmdfl.sys 2013-08-13 10:59 - 2013-06-21 02:07 - 00017736 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdwhnt.sys 2013-08-13 10:59 - 2013-06-21 02:07 - 00017224 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdcmnt.sys 2013-08-13 10:56 - 2013-08-13 12:12 - 00000000 ____D C:\Users\Public\Documents\CrashDump 2013-08-12 14:38 - 2013-08-12 14:38 - 00087151 _____ C:\Users\HeikeFrank\Documents\Esther Mahnung Laerm und Betriebskostenabrehcnung 12.08.2013.odt ==================== One Month Modified Files and Folders ======= 2013-09-02 14:24 - 2013-09-02 14:24 - 00000843 _____ C:\Users\HeikeFrank\Desktop\checkup.txt 2013-09-02 14:22 - 2013-09-02 14:22 - 00891115 _____ C:\Users\HeikeFrank\Desktop\SecurityCheck.exe 2013-09-02 13:31 - 2013-01-18 02:55 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-02 13:13 - 2012-07-05 11:42 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2013-09-02 11:35 - 2009-07-14 06:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-02 11:35 - 2009-07-14 06:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-02 11:31 - 2012-07-05 11:36 - 01367872 _____ C:\Windows\WindowsUpdate.log 2013-09-02 11:25 - 2012-07-05 11:42 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2013-09-02 11:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-02 11:25 - 2009-07-14 06:51 - 00121768 _____ C:\Windows\setupact.log 2013-08-30 18:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-08-30 13:47 - 2013-04-24 08:29 - 00000000 ____D C:\Users\HeikeFrank\Documents\BP_10107_Kurzanleitung_IT_Downgrade_Windows8_auf_Windows7 2013-08-30 13:14 - 2013-01-22 11:52 - 00000072 _____ C:\Users\Public\LMDebug.log 2013-08-30 13:13 - 2013-08-30 13:13 - 00044280 _____ C:\Users\HeikeFrank\Documents\Antwort Fuererscheinbehoerde 30.08.2013.odt 2013-08-30 13:01 - 2012-07-05 21:02 - 00698752 _____ C:\Windows\system32\perfh007.dat 2013-08-30 13:01 - 2012-07-05 21:02 - 00148802 _____ C:\Windows\system32\perfc007.dat 2013-08-30 13:01 - 2009-07-14 07:13 - 01618852 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-30 11:25 - 2013-08-30 11:24 - 00000000 ___SD C:\ComboFix 2013-08-30 11:25 - 2010-11-21 05:47 - 00144300 _____ C:\Windows\PFRO.log 2013-08-30 11:24 - 2013-08-29 17:46 - 00000000 ____D C:\Qoobox 2013-08-30 11:03 - 2013-08-30 11:03 - 00000000 ____D C:\Windows\ERUNT 2013-08-30 10:58 - 2013-08-30 10:56 - 00000000 ____D C:\AdwCleaner 2013-08-30 10:58 - 2013-08-23 10:18 - 00000000 ____D C:\ProgramData\Uniblue 2013-08-30 10:33 - 2013-08-30 10:33 - 00000000 ____D C:\Users\HeikeFrank\AppData\Roaming\Malwarebytes 2013-08-30 10:33 - 2013-08-30 10:33 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-30 10:33 - 2013-08-30 10:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-29 18:33 - 2013-01-17 23:54 - 00000000 ____D C:\Program Files\Opera x64 2013-08-29 17:56 - 2013-08-29 17:46 - 00000000 ____D C:\Windows\erdnt 2013-08-29 17:56 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2013-08-29 17:45 - 2013-08-29 17:45 - 05114906 ____R (Swearware) C:\Users\HeikeFrank\Desktop\ComboFix.exe 2013-08-27 22:28 - 2013-08-27 22:28 - 00000000 ____D C:\FRST 2013-08-27 21:23 - 2013-08-27 21:23 - 00048200 _____ C:\Users\HeikeFrank\Documents\Antwort-Klage-O2-Berufungvom27.8.13.odt 2013-08-27 20:53 - 2013-08-27 20:20 - 00000000 ____D C:\Users\HeikeFrank\Documents\DecryptHelper 2013-08-27 18:52 - 2013-08-27 18:52 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-08-27 18:52 - 2013-08-27 18:52 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-08-27 18:52 - 2013-08-27 18:52 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-27 18:52 - 2013-08-27 18:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-27 18:52 - 2013-08-27 18:52 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-27 18:52 - 2013-08-27 18:52 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-27 18:52 - 2013-08-27 18:52 - 00000000 ____D C:\ProgramData\Sun 2013-08-27 18:52 - 2013-08-27 18:52 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-27 18:47 - 2013-08-27 18:48 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-08-27 18:47 - 2013-08-27 18:48 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-08-27 18:47 - 2013-08-27 18:48 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-08-27 18:47 - 2013-08-27 18:47 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-08-27 18:47 - 2013-08-27 18:47 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-08-27 18:47 - 2013-08-27 18:47 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-08-27 18:47 - 2013-08-27 18:47 - 00000000 ____D C:\Program Files\Java 2013-08-27 18:36 - 2013-08-27 18:16 - 00000000 ____D C:\ProgramData\HitmanPro 2013-08-27 18:35 - 2013-08-27 18:35 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe 2013-08-27 11:52 - 2013-08-26 17:27 - 00000000 ____D C:\Program Files (x86)\dreamboxEDIT 2013-08-27 11:52 - 2013-04-12 23:09 - 00000000 ____D C:\Program Files (x86)\DivX 2013-08-27 11:52 - 2012-07-05 12:04 - 00000000 ____D C:\Windows\system32\Macromed 2013-08-27 11:51 - 2013-08-27 11:23 - 00000000 ____D C:\Windows\pss 2013-08-27 11:51 - 2013-08-26 17:27 - 00000000 ____D C:\Users\HeikeFrank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dreamboxEDIT 2013-08-27 11:51 - 2013-04-14 03:15 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2013-08-27 11:51 - 2013-04-12 23:09 - 00000000 ____D C:\ProgramData\DivX 2013-08-27 11:51 - 2013-02-16 01:11 - 00000000 ____D C:\Users\HeikeFrank\AppData\Roaming\DVDVideoSoft 2013-08-27 11:51 - 2013-01-17 23:33 - 00000000 ____D C:\Users\HeikeFrank 2013-08-27 11:51 - 2011-02-25 00:01 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-08-27 11:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2013-08-27 11:23 - 2013-01-17 23:36 - 00000000 ___RD C:\Users\HeikeFrank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-08-26 18:24 - 2013-08-26 18:24 - 00000000 ____D C:\Users\HEIKEF~1\AppData\Local\qAoHrCTf 2013-08-26 18:24 - 2013-08-26 18:24 - 00000000 ____D C:\Users\HEIKEF~1\AppData\Local\iQrBJXva 2013-08-26 12:32 - 2013-04-03 17:33 - 00023992 _____ C:\Users\HeikeFrank\AppData\Roaming\Notepad2.ini 2013-08-21 12:31 - 2013-01-18 02:55 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-21 12:31 - 2013-01-18 02:55 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-21 12:31 - 2012-07-05 12:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-21 01:16 - 2013-01-30 21:41 - 00000000 ____D C:\Users\HeikeFrank\Documents\DVDVideoSoft 2013-08-20 02:06 - 2013-03-14 13:45 - 00000000 ____D C:\Users\HeikeFrank\AppData\Roaming\FileZilla 2013-08-20 01:56 - 2013-03-14 13:45 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client 2013-08-20 01:55 - 2013-08-20 01:55 - 04812567 _____ (Tim Kosse) C:\Users\HeikeFrank\Downloads\FileZilla_3.7.3_win32-setup.exe 2013-08-20 01:06 - 2013-04-03 17:36 - 00000000 ____D C:\Program Files (x86)\Notepad++ 2013-08-16 14:42 - 2013-08-16 14:42 - 00082984 _____ C:\Users\HeikeFrank\Documents\Esther Mahnung Laerm und Betriebskostenabrehcnung 16.08.2013.odt 2013-08-15 13:12 - 2013-08-15 13:12 - 00041048 _____ C:\Users\HeikeFrank\Documents\Anwalt-Anfrage-Schlotte 15.08.2013.odt 2013-08-15 11:39 - 2013-08-15 11:39 - 00070318 _____ C:\Users\HeikeFrank\Documents\Antwort-Klage-12 C 200-13vom15.8.13.odt 2013-08-14 11:18 - 2013-07-11 11:02 - 00000000 ____D C:\Windows\system32\MRT 2013-08-14 11:15 - 2013-01-18 01:43 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-13 16:12 - 2013-08-13 16:12 - 00041781 _____ C:\Users\HeikeFrank\Documents\Antwort Fuererscheinbehoerde Nachtrag 13.08.2013.odt 2013-08-13 13:09 - 2013-08-13 13:09 - 00047569 _____ C:\Users\HeikeFrank\Documents\Antwort Fuererscheinbehoerde 13.08.2013.odt 2013-08-13 12:12 - 2013-08-13 10:56 - 00000000 ____D C:\Users\Public\Documents\CrashDump 2013-08-13 10:56 - 2012-07-05 11:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-08-13 10:55 - 2013-03-08 01:47 - 00000000 ____D C:\Users\HEIKEF~1\AppData\Local\Downloaded Installations 2013-08-13 10:55 - 2013-01-22 11:40 - 00000000 ____D C:\Program Files (x86)\Samsung 2013-08-12 14:38 - 2013-08-12 14:38 - 00087151 _____ C:\Users\HeikeFrank\Documents\Esther Mahnung Laerm und Betriebskostenabrehcnung 12.08.2013.odt 2013-08-07 04:22 - 2010-11-21 05:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-30 14:13 ==================== End Of Log ============================ --- --- --- 146 gefunden, sehr viel? Sonst keine Probleme. Danke für die Hilfe.
__________________ GLG.......................Diebaer |
02.09.2013, 18:34 | #10 |
/// the machine /// TB-Ausbilder | Bundeskriminalamttrojaner bekämpft, aber verschlüsselte Dateien noch da, weil neue Art der verschlüsselung. Joah, dann lösch mal bitte die angemeckerten Ordner von hand. Das ist zuviel zum Scripten, und alles nur Schund in deinem persönlichen Ordner. Ansonsten sind wir Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.09.2013, 13:00 | #11 | ||||||
| Bundeskriminalamttrojaner bekämpft, aber verschlüsselte Dateien noch da, weil neue Art der verschlüsselung.Zitat:
Code:
ATTFilter sh=4B2FDC279234C593B0083ADEB151A0C1B687DC8B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\ProLight DJ-24\Driver\Enttec Open DMX\dmxusb2esp.zip" sh=3E48C8D25B196D67722ED20CD36BF3448A4C9136 ft=1 fh=8ca2da5db5514665 vn="a variant of Win32/Adware.MultiPlug.I application" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\MiaigNiPiC\51632d766a056.dll.vir" sh=142BC8389282E6F8846718982F58D3E0C3561F07 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Users\HeikeFrank\AppData\Local\Google\Chrome\User Data\Default\Extensions\dncaejdgeiblfepebafplhiphiikmdgb\1\51632d7669e1a6.97707864.js" sh=A8B9BE30E1FA342D7622DB9EAE75A7A872D0E219 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Baufusch.rar" sh=C580DE6D36C8247C07ECF66B14F656F1BEEA4859 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Beispielbilder_Win7.zip" sh=BA50FDF06D2EA84909DFCACCC594FCEE9554CC17 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\M5A78L-M-LX-V2-ASUS-1201.zip" sh=BC57F92E32FB64B31EB724AB32C95D8AF0A43094 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\proton2508.zip" sh=7C8D426C85E8DFD30431F1A02E31FDF95BA384BC ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\CCcam 2.3.0 for BH Image also Nabilo E2\Ccam 2.3.0 for BH Image also Nabilo E2.rar" sh=06F4F37F903168F2FB0427AC3E1C6805B771BE53 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\CCcam 2.3.0 for Image NoviTeam\cccam2.3.0_0 NoviTeam.1-r0_mipsel.rar" sh=5A07F8D1F2B8EBB0E7EC3D6A3DC8BA9AA8141B7F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\CCcam 2.3.0 for ViX images\enigma2-plugin-cams-cccam.2.3.0_1.0_mipsel.rar" sh=47810F50C9B5CF19A5F858BA870E1557FC93A637 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\Cccam 2.3.0 für gigablue\Cccam 2.3.0 gigablue.rar" sh=B223A64A1D62F708200FE2A91A3B273BE32B9EDA ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\Cccam 2.3.0 GPGP2and GP3\CCcam-2.3.0_Config_gp_gp2_gp3.zip" sh=BD96E9AC592B130BDD5C7A4317643528F9152307 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\CCcam.2.3.0 for freetz\CCcam-2.3.0.freetz.tar.rar" sh=B185B77D923FB919D4460DDBC5E5FC10F697D97F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\CCcam2.3.0 ET9000 PLI\CCcam2.3.0__ET9000_PLI.zip" sh=09A8EF17EFCA9A9E35125794EBE5C3BF130E89B1 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\cccam2.3.0 für azboxHD\cccam2.3.0 für azbox HD Enigma2.zip" sh=C6560A2163EA98BADE7B12ED65B548154E49D427 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\dbox2\CCcam-2.3.0-dbox2-geshrinkt.rar" sh=A0CF34A569B4989F808A692DFC1EDDB92F5AD6F4 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\Evolution_CCcam_2.3.0\Evolution_CCcam_2.3.0.rar" sh=B49BDF2DC5462C04D2B8F5D15A066B14C6B52C3F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\For LS Image\LS-cccam_r2.3.0.ipk.zip" sh=A4B61693F6080E6B4022CB57368C43C1D99A6DA6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\for OoZooN Images E2\enigma2-plugin-camd-cccam.2.3.0_1.0-r0_mipsel.rar" sh=FDC10E7929DB8325C0319344CA1620E462B0FFDF ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\Newnigma cccam 2.3.0\newnigmacamd-cccam2.3.0_2.3.r0_mipsel.rar" sh=AB832A206E808A01B7EB19AE9573F5E990AF5591 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Cccam-all\CCcam-2.3.0 all Images\open AAF CCcam 2.3.0 IPK\enigma2-plugin-softcams-cccam-aaf_2.3.0_all.ipk.zip" sh=B9A2A31E6724E2C74ED19D2A7AA4FB91689E4360 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\GLJ-Image-Light2x\alternative_cables_xml_07_12_08.zip" sh=5219D70ADEC173B3F73301E712A53CD6CC1EA3F5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\GLJ-Image-Light2x\hdd_tools.zip" sh=B8DEDFCAE6F4CC4918C8A0FEBB50EC594BCFC57C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\GLJ-Image-Light2x\2.77\glj_neutrino_310812_V2.77_kabel_2x.zip" sh=3C0601A35E027B44A128F2F6318E479ED59E580B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\GLJ-Image2.66\alternative_cables_xml_31_08_12.zip" sh=82BBE0C36DC402BE39995AEACCEB06DF34476EDC ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\GLJ-Image2.66\glj_neutrino_310812_V2.66_kabel_2x.zip" sh=FB45E00FD7D79C2A05807873FA4B5EDC022C3B3D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\GLJ-Image2.66\hdd_tools.zip" sh=09C4369C95987A9D961ED66E42D5729CFB048893 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Hausi-Sicherung\GLJ-Image\astra_settings.zip" sh=C24DB0B771BDA33212136B79DD78651433F7AA1E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Hausi-Sicherung\GLJ-Image\glj_neutrino_120909_sat_2x.zip" sh=575767A1A55C3ED7C109887B1EC9F9249EBFFD0E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Hausi-Sicherung\GLJ-Image\hdd_tools.zip" sh=857DC4296008C49D9B64FE5555D940315AF07E7A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Neutrino Kabel Deutschland Settings\dbox_kabel-deutschland_matze.zip" sh=85FBB24E3CF75C897711E39290C440D1DFDE6FB8 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Sicherung cccam.cfg-G-Türk\CCcam.rar" sh=8D77A02A0F9EF52D1A5DCB93C8ABB6EF1515ABFE ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Sicherung cccam.cfg-G-Türk-D-Box\CCcam.rar" sh=EA51655AFC320918F80EADBF0FE18F6350499D97 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Brummi\Sicherung cccam.cfg-G-Türk-Ela\CCcam.rar" sh=BA281B749BB46B87FAFC3E91ADF5A7A2C4ECE50B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dart\nscore016.zip" sh=724BB98168CC6DEBC27CEA49955B5E4844CBDA41 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\A-HB-UM-Triple-Settings.zip" sh=2F60EFA8D8B7E7C188878A1F78CBCFB5404D59A5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\dreamboxEDIT_setup_5.0.2.0.zip" sh=F64225F62E8536F6D8DA49140F16E863F73E27F2 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\enigma_2_kabel-deutschland_matze_offensive.zip" sh=2417DCA37A1437B15839FDE8CC5B27D2D95962DC ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Newnigma2 v3.3.2-Sunray sr4_DM800se-2012.03.28-ssl84b-sim210.rar" sh=838BD1FE24841F2F80101D36860D9EE80F779D09 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Oscam only i12 und um02.zip" sh=C8507FB925DBA0074814295D73C69D7430080864 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Settings_Astra_HB_UM.zip" sh=72E824875A39198A1C88BB15C7E6E3F016D34141 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\sim2_800SE_SSL84B-nfi.rar" sh=36CDDCE233577F44E6A4DB24731FB2B70AD97993 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\TripleTuner.zip" sh=BC46E1E0B7C1200FD96BEACBD0249D5FB2210917 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\xmls_neu.zip" sh=F31BBA73E5CE2F878084AE537961910E73CCAD64 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\[dvb-cracks]BootLoader_SSL_84b_sim_2.1_1353077613.zip" sh=87B57C97D697A0CFA7AB7EE7EF2FC9D642698A1D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\[dvb-cracks]Newnigma2_v3.3.2-Sunray_sr4-2012.03.28-e3-ssl84b-sim210_1353079288.zip" sh=BB2A51819D92505A361BF9FDC72606C21282B574 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\[dvb-cracks]Sunray4_Combo_Tuner_Driver_1353109746.zip" sh=261F200B92A89A165215F12A4769BADB51BE5BF6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Anleitung Combo_Tuner\Anleitung Combo_Tuner.zip" sh=BD13EC2FF183ACA8B490C01C75E7924AB3E48161 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Anleitung Combo_Tuner\Settings_Astra_HB_UM.zip" sh=20FFDD21528B66A5141F077FB67952E42F44A0D5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Anleitung Combo_Tuner\xmls_neu.zip" sh=814F969400CD0FC37ED39E3CAD26FAC620F8ECC2 ft=0 fh=0000000000000000 vn="a variant of PDF/Exploit.Pidief.PHR trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Dreambox-Updater\bedienungsanleitung_dm800hdse.pdf" sh=D05198CCA03B99818CAB38A14EA1BD766C068E02 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Dreambox-Updater\DreamUP1339.zip" sh=F87DAB48AD177A399CA6C1B211701FDF54B2E311 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\DreamboxControl\dcce2_142.zip" sh=AEE1B81A49BD72B0B331B05CC342626C853CA437 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\DreamboxControl\dcce2_150.zip" sh=C700A8C11A09EA81253207D4BD9FF9619776CA29 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Firmeware7020HD\OneStep_GP3_Cam_Feed\OneStep_GP3_Cam_Feed.zip" sh=20274D5461A1D4A30A4DEB6954D50C74079451A7 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Firmeware7020HD\OneStep_GP3_Cam_Feed\OneStep_GP3_Cam_Feed\OneStep_GP3_Cam_Feed.rar" sh=9F330D52BF3A5456331FF2CE8E5D126E89F9D3A3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Image-S N O W F L A K E 4 . 0_7020HD\Snowflake4.0_7020hd.rar" sh=23A5DFA1F1E2F8EB707464EC4D8A0A44F6C6050B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\TRIBLE KD und ASTRA 19.2 setting\TRIBLE KD und ASTRA 19.2 setting.rar" sh=3B66B3276A05447E853F5B40ECE3663024139D8C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Triple_13.11.2012\A-HB-UM-Triple-Settings.zip" sh=AA58AD25E88FB4D3D56CABE1C6AE07736F752452 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Triple_13.11.2012\Oscam only i12 und um02.zip" sh=F0B8B4001FF9C577C7337214CC72BB0ED239D388 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Triple_13.11.2012\TripleTuner.zip" sh=F4964169DFEF768E1CB94716EC7E3C756E6615C6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Dreambox\Triple_13.11.2012\xmls_neu.zip" sh=172C43D1FDF42B65C8B0D916C64F715B1DB3E78B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\ImgBurn\german.zip" sh=5CEE5325B6B590670E1548A18562F0F9554D4175 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Medall of Honor\mohbde.part1.rar" sh=68AA0F3CF8533705B6A307970E3D17184B162A72 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Medall of Honor\mohbde.part2.rar" sh=37F41466474BE8A1D1DFC5EABD931FB04DC31D13 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Medall of Honor\mohbde.part3.rar" sh=B2CA6752996AA7741ECD89B4091DE88BE8F2CDBB ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Medall of Honor\mohbde.part4.rar" sh=9BFAF1FD9383D28B0FBBEEC4DC7CB57908D901D7 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Medall of Honor\mohbde.part5.rar" sh=9A0AACB394AF86EAB15C4EC143E7070F2AF75824 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Medall of Honor\mohbde.part6.rar" sh=46DC67DC18A1ACD566FB8E177191ED863D1E0E86 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Medall of Honor\mohbde.part7.rar" sh=EF4209780F06D046B392DE14091F382B1B2B6076 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Medall of Honor\mohbde.part8.rar" sh=F9C8C1C97450CCD39769973005ECEA905062B503 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Omsi-136-236\SpandauReal-136236N34-By-BusDriver30-Final1.rar" sh=BD5868749AB8FF575E822BA13FFA58B03C1D76F9 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Omsi-136-236\Sceneryobjects\ADDON Spandau Real Projekte By BusDriver30\Projekt 136 236 andere Kreuzungen\Kreuz_MC\texture\WinterSnowfall\WinterSnowfall.rar" sh=8452401A2192F9F72E8438A8BC8FAE5C0DBF8642 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Pearl\Aux-Out-SysEx-3.30.11\Aux-Out-SysEx-3.30.11.zip" sh=E7F445609ABEA499363C6C74BD2E1D7F8E9BDA7D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Pearl\Elektron_C6_XP_v1 4\Elektron_C6_XP_v1 4.zip" sh=2C5D922C1478A894C0FBB036C5EBDF6B51C51E9E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Systemtreff-Schaden\Schadensbilder.zip" sh=6BF1E866C44E0931B10A55618F0227D5D9CEB974 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\Systemtreff-Schaden\Systemtreff-Schaden.rar" sh=1D0C7520B0237439D695671AC49A4D4C9EB9D211 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\WarChest_GoodOldGames\Deutsch\Medal.of.Honor.Allied.Assault.War.Chest-GoodOldGames.part01.rar" sh=302C71438B13E140D8117EE47791B7A869DC7B2A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\WarChest_GoodOldGames\Deutsch\Medal.of.Honor.Allied.Assault.War.Chest-GoodOldGames.part02.rar" sh=EDD2BC861E5A8E6523855509D0A7AFE640E18775 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\WarChest_GoodOldGames\Deutsch\Medal.of.Honor.Allied.Assault.War.Chest-GoodOldGames.part03.rar" sh=2452EC0A7A481E0E5BC1382EDD0CCFD09AF02AA8 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\WarChest_GoodOldGames\Deutsch\Medal.of.Honor.Allied.Assault.War.Chest-GoodOldGames.part04.rar" sh=CA5B9CADDE4A085A1CBF934A2B7BB603C7E43B4A ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\WarChest_GoodOldGames\Deutsch\Medal.of.Honor.Allied.Assault.War.Chest-GoodOldGames.part05.rar" sh=543E130B97998A21FD37FB16697BDD9A04113E2E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\WarChest_GoodOldGames\Deutsch\Medal.of.Honor.Allied.Assault.War.Chest-GoodOldGames.part06.rar" sh=D7E20242EB491445259A5CFC6CAE7DD4E2359DFA ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\WarChest_GoodOldGames\Deutsch\Medal.of.Honor.Allied.Assault.War.Chest-GoodOldGames.part07.rar" sh=F69D7C0BED741F5F01434D256155E451EAB09B07 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\WarChest_GoodOldGames\Deutsch\Medal.of.Honor.Allied.Assault.War.Chest-GoodOldGames.part08.rar" sh=7B2F42760465244E2C08C68C2DCE7460957AC1C6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\WarChest_GoodOldGames\Deutsch\Medal.of.Honor.Allied.Assault.War.Chest-GoodOldGames.part09.rar" sh=A56FA4E119B84EC83AF99B13E4AF8B0D1E347F9C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Alle Ordner\WarChest_GoodOldGames\Deutsch\Medal.of.Honor.Allied.Assault.War.Chest-GoodOldGames.part10.rar" sh=4062C727B5B179F206DDC84A9D72192FF252C19E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Bluescreenviewer\bluescreenview_german.zip" sh=646D12FB2AEC5D95E5B77FBE10683BDDB951AE81 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\DVDVideoSoft\FreeYouTubeToMP3Converter\Alt Berliner Melodien - Berliner Luft\ABM-BerL.rar" sh=BA3EE8E1A30DC09D93068247E17D4735F09977EA ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\DVDVideoSoft\FreeYouTubeToMP3Converter\Der Letzte Bulle Vol. 2\DerLetzteBulle2.rar" sh=0CB6EBBDB35EED2D2962C5D66D2B816F0A37E98B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\DVDVideoSoft\FreeYouTubeToMP3Converter\TheNo1Hits-1984\TheNo1Hits-1984.rar" sh=8B690C03285CAD66AA72BCC1A5F46F73A5C6A765 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\DVDVideoSoft\FreeYouTubeToMP3Converter\TheNo1Hits-1988\TheNo1Hits-1988.rar" sh=D6F4519F4DB5CD92D9EB6FE9684DC3D46A7B28AA ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\samsung\CWM.zip" sh=C52E6809391B4CB37B96384D940257BF31AF48C7 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\samsung\UPDATE-SuperSU-v1.25.zip" sh=402C03ED0148D6979BABE3569C6A7CE8996822CF ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\samsung\Odin\Intratech_Odin3.7z" sh=72EF7AA508AB2ABF2C1F931CC3DD7F7CE8B765A5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\samsung\Root\CF-Root-SGS3-v6.4.zip" sh=AE7A1DFAC85E3FA25368317AA328A883579E637F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\samsung\S4\Odin\Odin307.zip" sh=DD46C1CC2B68A72843A898C242801684BE0E82F8 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\samsung\S4\Root\CF-Auto-Root-jflte-jfltexx-gti9505.zip" sh=0C31AC2C4B97FF0BDF759E2998D6EC247B5B9D0E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\samsung\S4\Root\I9505_MODIFIED_CF_AUTOROOT_Package\I9505_MODIFIED_CF_AUTOROOT_Package.rar" sh=EE24EE0ADC486CA34ABD886C618DFF063895E59F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Treiber-Heidi\CardReader_Realtek_Win7_64_Z61760130130.zip" sh=AB67AEDD74EAA8D84E41A2EEDCE55686F40FBE66 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Treiber-Heidi\LAN_Realtek_Compal_Win7_64_Z7499272011.zip" sh=F9C69F56CA9E229CE9B4801FCFEC150A03D3E00D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Treiber-Heidi\VGA_AMD_Compal_Win7_64_Z894143000.zip" sh=279D945404B373A82F37CE915903445204C9BC53 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Treiber-Heidi\WinFlash_Win7_64_Z2411.zip" sh=5FB95413579A8F50FFB8FB7FC36D1AED7AE0C0ED ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Treiber-Heidi\WLAN_Liteon_Compal_Win7_64_Z920470.zip" sh=9376AC748DA48C8E0D96E43FA60175DC21F21157 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Backup\Backup - Gesamtübersicht T6-A2mod., B6-A2mod., KT4Dmod. und KT4Dtmod - 2013-08-09 09_31_45 - 023a7dc3f4b84c8cbf92790f369a2314.zpautobackup.zip" sh=6834A4B28C6914C698F58CF5ED3B08BFD11C3857 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Backup\Output\media\Scripting\ServerSideScripting\PHP\CMS\zpocmsmodule.zip" sh=E87F36D28BB58C70CF8CBB916A58C8BB9488BC9F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Backup\Output\media\Scripting\ServerSideScripting\PHP\guestbook\zpgbmodule.zip" sh=10DAC127F663903B782238AC120F7DBA57B27FCF ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Backup\Output\media\Scripting\ServerSideScripting\PHP\pa\zppamodule.zip" sh=0ADAC64285B446ECB272C4D1ADAC617B35E7367B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Backup\Preview\media\Scripting\ServerSideScripting\PHP\CMS\zpocmsmodule.zip" sh=5353A3204AD53A1D7DC1CE9BF9AE36A32FC0FD6C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Backup\Preview\media\Scripting\ServerSideScripting\PHP\guestbook\zpgbmodule.zip" sh=8753B933EC180CB3E0F547E362B5AC67A8A4EF8C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Backup\Preview\media\Scripting\ServerSideScripting\PHP\pa\zppamodule.zip" sh=F37658A2AE8D714DD34DF04D3DBA1794D36A2ADE ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Gesamtübersicht T6-A2mod., B6-A2mod., KT4Dmod. und KT4Dtmod-01\Ausgabe\media\Scripting\ServerSideScripting\PHP\CMS\zpocmsmodule.zip" sh=DB9D75C11F7D86A302D3AAB99AEE325CDB48620F ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Gesamtübersicht T6-A2mod., B6-A2mod., KT4Dmod. und KT4Dtmod-01\Ausgabe\media\Scripting\ServerSideScripting\PHP\guestbook\zpgbmodule.zip" sh=FB2080E557AC4669A2499A355E32045D98946FB1 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Gesamtübersicht T6-A2mod., B6-A2mod., KT4Dmod. und KT4Dtmod-01\Ausgabe\media\Scripting\ServerSideScripting\PHP\pa\zppamodule.zip" sh=00FAD4D550313FFD37594E9A03304911D8C726E0 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Gesamtübersicht T6-A2mod., B6-A2mod., KT4Dmod. und KT4Dtmod-01\Preview\media\Scripting\ServerSideScripting\PHP\CMS\zpocmsmodule.zip" sh=CDCE5FE7A7E85A15D5E3F169815EA329555FC623 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Gesamtübersicht T6-A2mod., B6-A2mod., KT4Dmod. und KT4Dtmod-01\Preview\media\Scripting\ServerSideScripting\PHP\guestbook\zpgbmodule.zip" sh=C01986892EB44F5832BE0E55D5E81B058F175FE1 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Gesamtübersicht T6-A2mod., B6-A2mod., KT4Dmod. und KT4Dtmod-01\Preview\media\Scripting\ServerSideScripting\PHP\pa\zppamodule.zip" sh=D817197579E01B5BC41F8C5E72006EF580D7D447 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\kt4dt.lima-city.de\Output\media\Scripting\ServerSideScripting\PHP\CMS\zpocmsmodule.zip" sh=42DA4561B152EB5E7739182E67F65507979C4AD6 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\kt4dt.lima-city.de\Output\media\Scripting\ServerSideScripting\PHP\guestbook\zpgbmodule.zip" sh=73394FD6B9C3BCCFFE97B85F37EAFA576E15758D ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\kt4dt.lima-city.de\Output\media\Scripting\ServerSideScripting\PHP\pa\zppamodule.zip" sh=DBDD99E8280D2700786F24C0F842AE489EC4E2B5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\kt4dt.lima-city.de\Preview\media\Scripting\ServerSideScripting\PHP\CMS\zpocmsmodule.zip" sh=77C5B373A38376D754740033B7A33462CCF353BB ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\kt4dt.lima-city.de\Preview\media\Scripting\ServerSideScripting\PHP\guestbook\zpgbmodule.zip" sh=7C5107BF1DC9594FB1CC9E47FE01219DFDD5CE08 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\kt4dt.lima-city.de\Preview\media\Scripting\ServerSideScripting\PHP\pa\zppamodule.zip" sh=9C005BA5DEC18A1F80C53C1BD92F5A0C60102A16 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Zeta Producer 11\Output\media\Scripting\ServerSideScripting\PHP\CMS\zpocmsmodule.zip" sh=1CB2462FA6DF2C6752E53D41EB1297B7268F27D9 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Zeta Producer 11\Output\media\Scripting\ServerSideScripting\PHP\guestbook\zpgbmodule.zip" sh=9DB05128A829F913DDF97AC3CF36CB5350D88F56 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Zeta Producer 11\Output\media\Scripting\ServerSideScripting\PHP\pa\zppamodule.zip" sh=D055DC6236A2974ED8B4B9452453755C108878AD ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Zeta Producer 11\Preview\media\Scripting\ServerSideScripting\PHP\CMS\zpocmsmodule.zip" sh=4F09B3E02327596C8742C7E818307B10EA68FD70 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Zeta Producer 11\Preview\media\Scripting\ServerSideScripting\PHP\guestbook\zpgbmodule.zip" sh=15387C107A1B3BFD7D9AFBACA98E223F62EAEBFC ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Documents\Zeta Producer 11\Projects\Zeta Producer 11\Preview\media\Scripting\ServerSideScripting\PHP\pa\zppamodule.zip" sh=2C4410A8968CCC6F6C793DEBB1674CD6E93F8FE7 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\S_Bahn_Sounds.zip" sh=060B702D5715BA421FDA75D85E5963DA2218AE45 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\aksprech.zip" sh=390CE3EB26526E1D4C8BDB331EF8C28905D4EAAF ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\bruederzursonne.zip" sh=8C4F7ABAA65C982FADA608D0994C26D5FA7F9311 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\bummi.zip" sh=B5BAAAABE2D2C2A066D477D04FD2A820DCC4871E ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\derkleinetrompeter.zip" sh=6D0A954E0239A917EE7EF1E9C5E9BD9DF4145103 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\dervolkspolizist.zip" sh=CC1FA020813F0D9A07F35C9AFC14320ADE6FFCD0 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\drushba.zip" sh=3AC783589E24CD4FA20324422CB630D22A0B72ED ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\erich.zip" sh=FF6AE3DD7E6DAB2B8128E36162021605BAF2D7E3 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\friedenstaube.zip" sh=46F50079126EBEAD48140D23A78854C7E91748A9 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\honni.zip" sh=11CE7A7A0518A4520C83D55E1847CCC08CE07547 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\kanal.zip" sh=28F9BDEC7C00D5B6719BFB85B41ED3A7745F0499 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\mauer.zip" sh=3C1AECD4FD588564EFF511F0453B64A3D8988A84 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\sandmann.zip" sh=766F7B8C04483CE9A1C41647D94CC3FC892FC4D2 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\DDR-Sounds\Zip\trabbi.zip" sh=0B428ED6B368C2F5D68EB36B74D7431272A56986 ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\Der Letzte Bulle Vol. 2\DerLetzteBulle2.rar" sh=DF8263C24C6BFACAF960D485018D55EBC6D0613C ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\Puhdys\Titelarchiv\Titelarchiv.zip" sh=12F51AD2514635F3249719D513A4760F74EC0D9B ft=0 fh=0000000000000000 vn="Win32/Filecoder.BH.Gen trojan" ac=I fn="C:\Users\HeikeFrank\Music\VA_-_Dream_Dance_Vol_40\VA_-_Dream_Dance_Vol_40-2CD-2006-MOD.rar" Zitat:
Ist immer Aktuell und auch so Eingeschaltet und somit immer auf dem neusten Stand. Zitat:
Zitat:
Zitat:
Zitat:
Sonst Achte ich schon darauf, da es nicht das erste mal Passiert ist. Damals war es Unwissen, diesmal Ausgetrickst. Soweit alles O.K. und Danke für die Hilfe. Lösche nur noch die 146 Dateien von Hand.
__________________ GLG.......................Diebaer |
03.09.2013, 18:06 | #12 |
/// the machine /// TB-Ausbilder | Bundeskriminalamttrojaner bekämpft, aber verschlüsselte Dateien noch da, weil neue Art der verschlüsselung. Ab Fund nummer 4, die Sachen in dem Dokumente-Ordner
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
05.09.2013, 13:06 | #13 |
| Bundeskriminalamttrojaner bekämpft, aber verschlüsselte Dateien noch da, weil neue Art der verschlüsselung. Hallöchen. Jupp, die habe ich alle gelöscht. Danke für die Hilfe.
__________________ GLG.......................Diebaer |
05.09.2013, 13:58 | #14 |
/// the machine /// TB-Ausbilder | Bundeskriminalamttrojaner bekämpft, aber verschlüsselte Dateien noch da, weil neue Art der verschlüsselung. Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Bundeskriminalamttrojaner bekämpft, aber verschlüsselte Dateien noch da, weil neue Art der verschlüsselung. |
.dll, appdatalow, avast, dateien, forensic, gebraucht, kaspersky, nicht mehr, pdf/exploit.pidief.phr, problem, pup.optional.babylon.a, pup.optional.conduit.a, pup.optional.datamngr, pup.optional.delta.a, pup.optional.iminent.a, pup.optional.searchprotect.a, pup.optional.tarma.a, scan, suche, traces, unterschiedlich, verschlüsselung, win32/adware.multiplug.h, win32/adware.multiplug.i, win32/filecoder.bh.gen, windows |