Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Alle Dateien durch Howdecrypt Virus verschlüsselt - Entschlüsselungsversuche bisher erfolglos! (https://www.trojaner-board.de/150068-alle-dateien-howdecrypt-virus-verschluesselt-entschluesselungsversuche-bisher-erfolglos.html)

Waldfee99 01.03.2014 08:43
Ich habe ein Problem:
Die Festplatte, die ich während des Eset Scans abgemacht hatte, wird nun von keinem Rechner mehr erkannt. Sie arbeitet zwar, wenn ich sie anschließe, jedoch zeigt sie sich weder im Arbeitsplatz des einen noch des anderen Rechners.

Gruß
Heidi

schrauber 02.03.2014 07:35
Zitat:
Kann ich denn die verschiedenen Laufwerke, die ich zusätzlich mit dem Eset prüfen möchte, selbst auswählen, damit nicht immer Laufwerk C mit untersucht werden muß?
ja

Poste nachher wenn wir hier fertig sind mal FRST LOgs von allen Rechern, ich schau dann mal drüber was zu machen ist :)

Die Funde sind nur im Papierkorb, den Temps und dem Java Cache. Das mit der Festplatte abziehen war nit so prall.


Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Java updaten.

Papierkorb leeren. Frisches FRST Log bitte.

Zu der HDD:

Bitte Mal Systemsteuerung > Verwaltung > Datenträgerverwaltung aufrufen, wird die Platte da angezeigt?

Waldfee99 02.03.2014 22:35
Hallo Schrauber,

ich habe alles gemacht. Allerdings weiß ich nicht, ob ich einen Fehler begangen habe: Nachdem die externe Festplatte nach dem Durchlauf der TFC.exe wieder sichtbar war, habe ich die Howdecrypt-Dateien aus dieser entschlüsseln wollen. Ich habe fast das Gefühl, daß der Computer schon wieder langsamer geworden ist.

Die von Bleepingcomputer.com haben schon wieder eine Verbesserung des Entschlüsselungsprogramms "Howdecrypt" hinbekommen. Aber ich hoffe, daß es noch besser wird.

Hier die aktuelle FRST-Logdatei:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by HT (administrator) on HT-THINK on 02-03-2014 22:28:37
Running from C:\Users\HT\Downloads\FRST-OlderVersion
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

() C:\Windows\system32\DTS.exe
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\system32\ATService.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVEO) C:\Program Files (x86)\AVEO\AVEO USB2.0 PC Camera\CamAppSTI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-09-30] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo)
HKLM\...\Run: [FingerPrintSoftware] - C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582400 2010-02-05] (AuthenTec)
HKLM\...\Run: [FingerPrintSoftwareSplashScreen] - C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2010-02-05] (AuthenTec, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [377712 2009-11-06] (Acronis)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [630784 2007-03-02] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [65536 2006-11-07] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4389592 2009-11-06] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [962688 2009-11-06] (Acronis)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EPSON_UD_START] - C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe [329704 2010-06-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [CamAppSTI.exe] - C:\Program Files (x86)\AVEO\AVEO USB2.0 PC Camera\CamAppSTI.exe [28672 2009-01-04] (AVEO)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2814266497-2799738039-2710065422-1000\...\Run: [Installation Diagnostics] - C:\Program Files (x86)\Brother\Brmfl06d\Brinstck.exe [126976 2006-11-04] (Brother Industries, Ltd.)
HKU\S-1-5-21-2814266497-2799738039-2710065422-1000\...\Policies\Explorer: [DisallowCpl] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2C05EFE153EECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\HT\AppData\Roaming\Mozilla\Firefox\Profiles\h3rdekcs.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: pdfforge.PDF.PDF - C:\Users\HT\AppData\Roaming\Mozilla\Firefox\Profiles\h3rdekcs.default\Extensions\{35884CFF-8A76-EFEC-D03B-2CE8B00E5308} [2013-12-16]
FF Extension: DownloadHelper - C:\Users\HT\AppData\Roaming\Mozilla\Firefox\Profiles\h3rdekcs.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-28]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-01-10]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-01-10]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-01-10]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YouTube) - C:\Users\HT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-10]
CHR Extension: (Google Search) - C:\Users\HT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-10]
CHR Extension: (Google Wallet) - C:\Users\HT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\HT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-10]
CHR HKLM-x32\...\Chrome\Extension: [nibmbnacadfhadkiecpkignkpdfbaahl] - C:\ProgramData\SaveByclick\nibmbnacadfhadkiecpkignkpdfbaahl.crx [2013-01-10]

==================== Services (Whitelisted) =================

S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2010-02-05] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 ATService; C:\Windows\system32\ATService.exe [2713920 2010-02-05] (AuthenTec, Inc.)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-10-04] (Lenovo.)
R2 dtsvc; C:\Windows\system32\DTS.exe [117760 2010-02-05] ()
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [104424 2010-06-09] (SEIKO EPSON CORPORATION)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2010-02-04] (Intel Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522912 2012-12-14] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [906464 2012-12-14] (pdfforge GbR)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2010-02-04] (Intel Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [586280 2011-02-23] (Ericsson AB)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 e36gbus; C:\Windows\system32\drivers\e36gbus.sys [328704 2009-06-30] (MCCI Corporation)
S3 e36gmgmt; C:\Windows\system32\drivers\e36gmgmt.sys [376320 2009-06-30] (MCCI Corporation)
S3 e36wgps; C:\Windows\system32\drivers\e36wgps64.sys [96296 2009-07-10] (Ericsson AB)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [12800 2009-09-22] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [17408 2009-09-22] (Ericsson AB)
S3 l36wgps; C:\Windows\system32\drivers\l36wgps64.sys [101416 2010-12-01] (Ericsson AB)
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [411208 2010-10-31] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [419912 2010-10-31] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-10-31] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-10-31] (MCCI Corporation)
R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [1455648 2013-01-10] (Acronis)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [276520 2011-02-08] (Ericsson AB)
S1 axlaltnl; \??\C:\Windows\system32\drivers\axlaltnl.sys [X]
S1 bxutmaxl; \??\C:\Windows\system32\drivers\bxutmaxl.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 dzehtfmr; \??\C:\Windows\system32\drivers\dzehtfmr.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 gjehruoe; \??\C:\Windows\system32\drivers\gjehruoe.sys [X]
S1 jobrmrfq; \??\C:\Windows\system32\drivers\jobrmrfq.sys [X]
S1 lwfdbnqy; \??\C:\Windows\system32\drivers\lwfdbnqy.sys [X]
S1 pnjigteg; \??\C:\Windows\system32\drivers\pnjigteg.sys [X]
S1 qdjrswnc; \??\C:\Windows\system32\drivers\qdjrswnc.sys [X]
S1 qrfukebx; \??\C:\Windows\system32\drivers\qrfukebx.sys [X]
S1 rfkccchq; \??\C:\Windows\system32\drivers\rfkccchq.sys [X]
S1 rrkcddqb; \??\C:\Windows\system32\drivers\rrkcddqb.sys [X]
S1 ttibdnli; \??\C:\Windows\system32\drivers\ttibdnli.sys [X]
S1 uagaldfs; \??\C:\Windows\system32\drivers\uagaldfs.sys [X]
S1 uoydbgey; \??\C:\Windows\system32\drivers\uoydbgey.sys [X]
S1 vcciuaig; \??\C:\Windows\system32\drivers\vcciuaig.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-02 11:18 - 2014-03-02 11:18 - 08908700 _____ () C:\Users\HT\Desktop\Anti-CryptorBitV2.zip
2014-03-02 10:03 - 2014-03-02 22:02 - 00006214 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-03-02 10:00 - 2014-03-02 10:00 - 00000000 ____D () C:\Users\HT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-03-02 09:56 - 2014-03-02 09:56 - 00000000 ____D () C:\Users\HT\AppData\Local\{6FC0060F-FFA5-4EFE-BEA4-243B1AC0D290}
2014-03-02 08:35 - 2014-03-02 08:35 - 00000000 ____D () C:\ProgramData\Sun
2014-03-02 08:35 - 2014-03-02 08:35 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-02 08:35 - 2014-03-02 08:34 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-02 08:35 - 2014-03-02 08:34 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-02 08:35 - 2014-03-02 08:34 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-02 08:35 - 2014-03-02 08:34 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-02 08:32 - 2014-03-02 08:32 - 00921512 _____ (Oracle Corporation) C:\Users\HT\Downloads\JavaSetup7u51.exe
2014-03-02 07:58 - 2014-03-02 07:57 - 00448512 _____ (OldTimer Tools) C:\Users\HT\TFC.exe
2014-03-02 07:58 - 2014-03-02 07:57 - 00448512 _____ (OldTimer Tools) C:\Users\HT\Desktop\TFC.exe
2014-03-02 07:57 - 2014-03-02 07:57 - 00448512 _____ (OldTimer Tools) C:\Users\HT\Downloads\TFC.exe
2014-03-02 05:15 - 2014-03-02 05:32 - 00000000 ____D () C:\Users\HT\Buerstadt3
2014-03-02 05:03 - 2014-03-02 05:09 - 00000000 ____D () C:\Users\HT\Buerstadt2
2014-03-02 05:01 - 2014-03-02 05:01 - 00001149 _____ () C:\Users\HT\Desktop\Anti-CryptorBit.zip - Verknüpfung.lnk
2014-03-01 08:21 - 2014-03-02 09:09 - 00000000 ____D () C:\Users\HT\Familie2
2014-03-01 08:03 - 2014-03-01 08:03 - 00016643 _____ () C:\Users\HT\Desktop\log.7z
2014-03-01 08:00 - 2014-03-01 08:00 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-01 07:59 - 2014-03-01 07:59 - 01110476 _____ () C:\Users\HT\Downloads\7z920.exe
2014-03-01 07:16 - 2014-03-01 07:16 - 00987425 _____ () C:\Users\HT\Downloads\SecurityCheck.exe
2014-03-01 03:28 - 2014-03-01 03:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-01 03:18 - 2014-03-01 03:18 - 02347384 _____ (ESET) C:\Users\HT\Downloads\esetsmartinstaller_enu.exe
2014-02-27 12:15 - 2014-02-27 14:59 - 00000000 ____D () C:\Users\HT\Th-Knorr-Str entschl
2014-02-27 10:05 - 2014-03-02 22:28 - 00000000 ____D () C:\Users\HT\Downloads\FRST-OlderVersion
2014-02-27 09:54 - 2014-02-27 09:54 - 00002782 _____ () C:\Users\HT\Desktop\JRT.txt
2014-02-27 09:48 - 2014-02-27 09:48 - 00000000 ____D () C:\Windows\ERUNT
2014-02-27 09:46 - 2014-02-27 09:46 - 01037734 _____ (Thisisu) C:\Users\HT\Downloads\JRT.exe
2014-02-27 09:35 - 2014-02-27 09:37 - 00000000 ____D () C:\AdwCleaner
2014-02-27 09:32 - 2014-02-27 09:32 - 01241834 _____ () C:\Users\HT\Downloads\adwcleaner.exe
2014-02-26 06:04 - 2014-02-26 06:04 - 00029136 _____ () C:\ComboFix.txt
2014-02-26 02:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-26 02:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-26 02:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-26 02:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-26 02:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-26 02:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-26 02:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-26 02:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-26 02:54 - 2014-02-26 06:08 - 00000000 ____D () C:\Qoobox
2014-02-26 02:54 - 2014-02-26 06:02 - 00000000 ____D () C:\Windows\erdnt
2014-02-26 02:49 - 2014-02-26 02:49 - 05185084 ____R (Swearware) C:\Users\HT\Downloads\ComboFix.exe
2014-02-24 05:30 - 2014-02-24 05:30 - 01005568 _____ (Microsoft Corporation) C:\Users\HT\Downloads\dotNetFx45_Full_setup.exe
2014-02-24 05:06 - 2014-02-24 05:06 - 04604921 _____ () C:\Users\HT\Downloads\Anti-CryptorBit.zip
2014-02-21 20:59 - 2014-02-21 20:59 - 00001234 _____ () C:\Users\HT\Desktop\Sicherung Th_Knorr_Str.lnk
2014-02-21 19:44 - 2014-02-21 19:46 - 00000000 ____D () C:\Users\HT\Sicherung Familie
2014-02-21 19:44 - 2014-02-21 19:44 - 00000000 ____D () C:\Users\HT\Sicherung Bürstadt
2014-02-21 19:32 - 2014-02-21 19:32 - 00001038 _____ () C:\Users\HT\Desktop\Sicherung Gesundheit.lnk
2014-02-21 19:29 - 2014-02-21 19:31 - 00000000 ____D () C:\Users\HT\SicherungGesundheit
2014-02-21 18:35 - 2014-02-21 18:35 - 00000866 _____ () C:\Users\HT\Desktop\Sicherung WallenfelsJan2014.lnk
2014-02-21 18:34 - 2014-02-21 18:34 - 00001122 _____ () C:\Users\HT\Desktop\Sicherung Lichte Jan14.lnk
2014-02-21 18:32 - 2014-02-21 18:32 - 00001180 _____ () C:\Users\HT\Desktop\Sicherung Steuer Feb2014.lnk
2014-02-21 18:29 - 2014-03-02 22:22 - 00000000 ____D () C:\Users\HT\Sicherung Th_Knorr_Str
2014-02-21 17:50 - 2014-02-21 20:59 - 00000000 ____D () C:\Users\HT\SicherungFeb2014
2014-02-21 16:41 - 2014-02-21 16:42 - 00023842 _____ () C:\Users\HT\Downloads\Addition.txt
2014-02-21 16:39 - 2014-03-02 22:28 - 00000000 ____D () C:\FRST
2014-02-21 16:39 - 2014-02-21 16:42 - 00063115 _____ () C:\Users\HT\Downloads\FRST.txt
2014-02-21 16:37 - 2014-02-27 10:05 - 01984679 _____ () C:\Users\HT\Downloads\FRST64.exe
2014-02-20 18:18 - 2014-02-20 18:18 - 00000000 ____D () C:\Users\HT\Documents\ransom_file_unlocker
2014-02-20 17:37 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-02-20 17:37 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-02-20 17:37 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-02-20 17:37 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-02-20 17:34 - 2014-02-20 17:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-20 17:23 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-20 17:23 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-20 17:23 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-20 17:23 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-20 17:23 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-20 17:23 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-20 17:23 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-20 17:23 - 2014-02-01 07:45 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-20 17:23 - 2014-02-01 07:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-20 17:23 - 2013-12-21 10:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-20 17:23 - 2013-12-21 08:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-20 17:22 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-20 17:22 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-20 17:14 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-20 17:14 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-20 17:14 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-02-20 17:14 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-02-20 17:14 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-02-20 17:14 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-02-20 17:14 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-02-20 17:14 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-02-20 17:14 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-02-20 17:14 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-02-20 17:14 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-02-20 17:14 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-02-20 17:14 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-02-20 17:14 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-02-20 17:14 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-02-20 17:14 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-02-20 17:14 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-02-20 17:14 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-02-20 17:14 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-02-20 17:14 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-02-20 17:13 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-20 17:13 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-20 17:13 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-20 17:13 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-20 17:13 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-20 17:13 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-20 17:13 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-20 17:13 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-20 17:13 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-20 17:13 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-20 17:13 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-20 17:13 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-20 17:13 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-20 17:13 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-20 17:13 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-20 17:13 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-20 17:13 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-20 17:13 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-20 17:13 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-20 17:13 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-20 17:13 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-20 17:13 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-20 17:13 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-20 17:13 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-20 17:13 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-20 17:13 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-02-20 17:13 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-20 17:13 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-20 17:13 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-20 17:13 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-20 17:13 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-02-20 17:13 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-02-20 17:13 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-02-20 17:13 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-02-20 17:13 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-02-20 17:13 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-02-20 17:13 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-02-20 17:13 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-02-20 17:13 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-02-20 17:13 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-02-20 17:13 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-02-20 17:13 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-02-20 17:13 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-02-20 17:13 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-02-20 17:13 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-02-20 17:13 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-02-20 17:13 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-02-20 17:13 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-02-20 17:13 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-02-20 17:13 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-02-20 17:13 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-02-20 17:13 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-02-20 17:13 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-02-20 17:13 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-02-20 17:13 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-02-20 17:13 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-02-20 17:13 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-02-20 17:13 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-02-20 17:12 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-20 17:12 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-20 17:12 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-20 17:12 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-20 17:12 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-20 17:12 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-02-20 17:12 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-02-20 12:25 - 2014-02-20 12:29 - 00004598 _____ () C:\Users\HT\Downloads\PandaRamsonwareDecrypt.log
2014-02-20 12:22 - 2014-02-20 12:22 - 02760672 _____ () C:\Users\HT\Downloads\pandaunransom.exe
2014-02-20 10:40 - 2014-02-20 10:41 - 00147258 _____ () C:\Users\HT\Desktop\SpeicherungRegistry.reg
2014-02-20 10:38 - 2014-02-20 10:38 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-20 10:38 - 2014-02-20 10:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-20 10:36 - 2014-02-20 10:37 - 03645064 _____ (Piriform Ltd) C:\Users\HT\Downloads\ccsetup410_slim(1).exe
2014-02-20 10:36 - 2014-02-20 10:36 - 03645064 _____ (Piriform Ltd) C:\Users\HT\Downloads\ccsetup410_slim.exe
2014-02-20 10:25 - 2014-02-20 11:09 - 00000000 ____D () C:\Users\HT\AppData\Local\LogMeIn Rescue Applet
2014-02-20 10:25 - 2014-02-20 10:25 - 01295200 _____ (LogMeIn, Inc.) C:\Users\HT\Downloads\Support-LogMeInRescue.exe
2014-02-19 16:46 - 2014-02-19 16:46 - 03084860 _____ () C:\Users\HT\Downloads\Beispielbilder_Win7(1).zip
2014-02-19 16:27 - 2014-02-19 16:27 - 03084860 _____ () C:\Users\HT\Downloads\Beispielbilder_Win7.zip
2014-02-19 16:00 - 2014-02-19 16:00 - 00062065 _____ () C:\Users\HT\Downloads\Avira-RansomFileUnlocker-1.0.1.zip
2014-02-19 14:57 - 2014-02-19 14:57 - 00019458 _____ () C:\Users\HT\Downloads\DecryptHelper-0.5.3(1).jar
2014-02-19 12:08 - 2014-02-19 12:08 - 00000000 ____D () C:\Users\HT\Documents\scareuncrypt-2
2014-02-19 12:05 - 2014-02-19 12:05 - 00000000 ____D () C:\Users\HT\Documents\scareuncrypt-1
2014-02-19 11:41 - 2014-02-19 11:41 - 00000000 ____D () C:\Users\HT\Documents\scareuncrypt
2014-02-19 11:02 - 2014-02-21 06:47 - 00000000 _____ () C:\Users\HT\Downloads\DecryptHelper.txt
2014-02-19 11:02 - 2014-02-21 06:47 - 00000000 _____ () C:\Users\HT\Downloads\DecryptException.txt
2014-02-19 07:06 - 2014-02-19 07:06 - 00000525 _____ () C:\Users\HT\Downloads\Vergleich.bat
2014-02-18 10:19 - 2014-02-18 23:05 - 00000000 ____D () C:\ProgramData\nttw
2014-02-18 10:19 - 2014-02-18 23:04 - 00000000 ____D () C:\ProgramData\jsmmmt
2014-02-18 10:19 - 2014-02-18 22:44 - 00000000 ____D () C:\ProgramData\lcvs
2014-02-18 10:19 - 2014-02-18 22:33 - 00000000 ____D () C:\ProgramData\vyemk
2014-02-18 10:19 - 2014-02-18 10:19 - 00000000 ____D () C:\ProgramData\hgfx
2014-02-18 09:53 - 2014-02-18 09:53 - 00001331 _____ () C:\Users\HT\AppData\Local\HOWDECRYPT.HTM
2014-02-18 09:53 - 2014-02-18 09:53 - 00001069 _____ () C:\Users\HT\HOWDECRYPT.TXT
2014-02-18 09:53 - 2014-02-18 09:53 - 00001069 _____ () C:\Users\HT\AppData\Local\HOWDECRYPT.TXT
2014-02-18 09:45 - 2014-02-18 22:44 - 00000000 ____D () C:\ProgramData\dubmrnw
2014-02-17 03:56 - 2014-02-17 03:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2b8bce5c340c.job
2014-02-14 06:35 - 2014-02-14 06:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-09 08:45 - 2014-02-09 08:45 - 00002500 _____ () C:\Users\HT\Downloads\ESt_1_A_2012.xml
2014-02-09 08:13 - 2014-02-09 08:13 - 00001446 _____ () C:\Users\HT\Downloads\Anlage_N_2012(1).xml
2014-02-08 00:15 - 2014-02-08 00:15 - 00001247 _____ () C:\Users\HT\Downloads\Anlage_N_2012.xml
2014-02-06 11:50 - 2014-02-28 03:50 - 00000000 ____D () C:\Users\HT\Versicherungen
2014-02-04 02:17 - 2014-02-28 03:50 - 00000000 ____D () C:\Users\HT\Gemälde und Inventar
2014-02-02 07:07 - 2014-02-28 03:50 - 00000000 ___SD () C:\Users\HT\Documents\Eigene Datenquellen

==================== One Month Modified Files and Folders =======

2014-03-02 22:28 - 2014-02-27 10:05 - 00000000 ____D () C:\Users\HT\Downloads\FRST-OlderVersion
2014-03-02 22:28 - 2014-02-21 16:39 - 00000000 ____D () C:\FRST
2014-03-02 22:22 - 2014-02-21 18:29 - 00000000 ____D () C:\Users\HT\Sicherung Th_Knorr_Str
2014-03-02 22:02 - 2014-03-02 10:03 - 00006214 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-03-02 22:02 - 2009-07-14 05:45 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-02 22:02 - 2009-07-14 05:45 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-02 21:54 - 2013-09-11 03:45 - 00031044 _____ () C:\Windows\setupact.log
2014-03-02 21:33 - 2013-06-23 13:10 - 02074278 _____ () C:\Windows\WindowsUpdate.log
2014-03-02 11:43 - 2013-01-10 16:55 - 00000000 ____D () C:\Users\HT\Buerstadt
2014-03-02 11:37 - 2013-01-10 16:55 - 00000000 ____D () C:\Users\HT\Beruf
2014-03-02 11:37 - 2013-01-09 11:24 - 00000000 ____D () C:\Users\HT
2014-03-02 11:32 - 2013-01-24 16:41 - 00000000 ___RD () C:\Users\HT\Auto
2014-03-02 11:29 - 2013-01-10 16:55 - 00000000 ____D () C:\Users\HT\Bach
2014-03-02 11:18 - 2014-03-02 11:18 - 08908700 _____ () C:\Users\HT\Desktop\Anti-CryptorBitV2.zip
2014-03-02 10:00 - 2014-03-02 10:00 - 00000000 ____D () C:\Users\HT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-03-02 09:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-02 09:56 - 2014-03-02 09:56 - 00000000 ____D () C:\Users\HT\AppData\Local\{6FC0060F-FFA5-4EFE-BEA4-243B1AC0D290}
2014-03-02 09:09 - 2014-03-01 08:21 - 00000000 ____D () C:\Users\HT\Familie2
2014-03-02 08:35 - 2014-03-02 08:35 - 00000000 ____D () C:\ProgramData\Sun
2014-03-02 08:35 - 2014-03-02 08:35 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-02 08:34 - 2014-03-02 08:35 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-02 08:34 - 2014-03-02 08:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-02 08:34 - 2014-03-02 08:35 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-02 08:34 - 2014-03-02 08:35 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-02 08:34 - 2012-01-10 13:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-02 08:32 - 2014-03-02 08:32 - 00921512 _____ (Oracle Corporation) C:\Users\HT\Downloads\JavaSetup7u51.exe
2014-03-02 07:57 - 2014-03-02 07:58 - 00448512 _____ (OldTimer Tools) C:\Users\HT\TFC.exe
2014-03-02 07:57 - 2014-03-02 07:58 - 00448512 _____ (OldTimer Tools) C:\Users\HT\Desktop\TFC.exe
2014-03-02 07:57 - 2014-03-02 07:57 - 00448512 _____ (OldTimer Tools) C:\Users\HT\Downloads\TFC.exe
2014-03-02 05:32 - 2014-03-02 05:15 - 00000000 ____D () C:\Users\HT\Buerstadt3
2014-03-02 05:09 - 2014-03-02 05:03 - 00000000 ____D () C:\Users\HT\Buerstadt2
2014-03-02 05:01 - 2014-03-02 05:01 - 00001149 _____ () C:\Users\HT\Desktop\Anti-CryptorBit.zip - Verknüpfung.lnk
2014-03-01 08:03 - 2014-03-01 08:03 - 00016643 _____ () C:\Users\HT\Desktop\log.7z
2014-03-01 08:00 - 2014-03-01 08:00 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-01 07:59 - 2014-03-01 07:59 - 01110476 _____ () C:\Users\HT\Downloads\7z920.exe
2014-03-01 07:16 - 2014-03-01 07:16 - 00987425 _____ () C:\Users\HT\Downloads\SecurityCheck.exe
2014-03-01 07:04 - 2013-01-10 16:50 - 00000000 ____D () C:\Users\HT\Wallenfels
2014-03-01 06:40 - 2013-01-10 16:55 - 00000000 ____D () C:\Users\HT\Buergerstimme
2014-03-01 03:28 - 2014-03-01 03:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-01 03:21 - 2013-01-13 21:37 - 00000000 ____D () C:\Users\HT\Computer
2014-03-01 03:18 - 2014-03-01 03:18 - 02347384 _____ (ESET) C:\Users\HT\Downloads\esetsmartinstaller_enu.exe
2014-02-28 03:50 - 2014-02-06 11:50 - 00000000 ____D () C:\Users\HT\Versicherungen
2014-02-28 03:50 - 2014-02-04 02:17 - 00000000 ____D () C:\Users\HT\Gemälde und Inventar
2014-02-28 03:50 - 2014-02-02 07:07 - 00000000 ___SD () C:\Users\HT\Documents\Eigene Datenquellen
2014-02-28 03:50 - 2013-11-16 14:26 - 00000000 ____D () C:\Users\HT\Th_Knorr_Str 47
2014-02-28 03:50 - 2013-11-15 02:08 - 00000000 ____D () C:\Users\HT\ThomasKnorr
2014-02-28 03:50 - 2013-08-29 06:59 - 00000000 ____D () C:\Users\HT\Verwaltungsimmobilie
2014-02-28 03:50 - 2013-08-14 17:50 - 00000000 ____D () C:\Users\HT\Buecher
2014-02-28 03:50 - 2013-04-20 05:33 - 00000000 ____D () C:\Users\HT\SusanneBeschaeftigung
2014-02-28 03:50 - 2013-01-14 05:37 - 00000000 ____D () C:\Users\HT\Vorlagen2
2014-02-28 03:50 - 2013-01-13 04:37 - 00000000 ____D () C:\Users\HT\Gesundheit
2014-02-28 03:50 - 2013-01-13 04:35 - 00000000 ____D () C:\Users\HT\Familie
2014-02-28 03:50 - 2013-01-12 23:31 - 00000000 ____D () C:\Users\HT\Bundespolitik
2014-02-28 03:50 - 2013-01-10 20:40 - 00000000 ____D () C:\Users\HT\Documents\MeineBackups
2014-02-28 03:50 - 2013-01-10 18:47 - 00000000 ____D () C:\Users\HT\BilderRosenzweig
2014-02-28 03:50 - 2013-01-10 16:56 - 00000000 ____D () C:\Users\HT\Verein zur kommunalpolitischen Aufklärung
2014-02-28 03:50 - 2013-01-10 16:56 - 00000000 ____D () C:\Users\HT\Thomas
2014-02-28 03:50 - 2013-01-10 16:56 - 00000000 ____D () C:\Users\HT\Telefon
2014-02-28 03:50 - 2013-01-10 16:55 - 00000000 ____D () C:\Users\HT\Politik
2014-02-28 03:50 - 2013-01-10 16:55 - 00000000 ____D () C:\Users\HT\Olympia2022
2014-02-28 03:50 - 2013-01-10 16:53 - 00000000 ____D () C:\Users\HT\Hupfleitenweg
2014-02-28 03:50 - 2013-01-10 16:51 - 00000000 ____D () C:\Users\HT\Lichte
2014-02-28 03:50 - 2013-01-10 16:49 - 00000000 ____D () C:\Users\HT\Steuer
2014-02-28 03:50 - 2013-01-10 14:42 - 00000000 ____D () C:\Users\HT\Downloads\ger
2014-02-28 03:50 - 2013-01-10 13:52 - 00000000 ____D () C:\Users\HT\Downloads\OFFICE11
2014-02-28 03:50 - 2013-01-10 13:04 - 00000000 ____D () C:\Users\HT\Downloads\Photoshop
2014-02-27 14:59 - 2014-02-27 12:15 - 00000000 ____D () C:\Users\HT\Th-Knorr-Str entschl
2014-02-27 10:05 - 2014-02-21 16:37 - 01984679 _____ () C:\Users\HT\Downloads\FRST64.exe
2014-02-27 09:54 - 2014-02-27 09:54 - 00002782 _____ () C:\Users\HT\Desktop\JRT.txt
2014-02-27 09:48 - 2014-02-27 09:48 - 00000000 ____D () C:\Windows\ERUNT
2014-02-27 09:46 - 2014-02-27 09:46 - 01037734 _____ (Thisisu) C:\Users\HT\Downloads\JRT.exe
2014-02-27 09:37 - 2014-02-27 09:35 - 00000000 ____D () C:\AdwCleaner
2014-02-27 09:32 - 2014-02-27 09:32 - 01241834 _____ () C:\Users\HT\Downloads\adwcleaner.exe
2014-02-26 06:08 - 2014-02-26 02:54 - 00000000 ____D () C:\Qoobox
2014-02-26 06:04 - 2014-02-26 06:04 - 00029136 _____ () C:\ComboFix.txt
2014-02-26 06:02 - 2014-02-26 02:54 - 00000000 ____D () C:\Windows\erdnt
2014-02-26 06:00 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-26 03:25 - 2013-09-11 03:44 - 00101174 _____ () C:\Windows\PFRO.log
2014-02-26 02:49 - 2014-02-26 02:49 - 05185084 ____R (Swearware) C:\Users\HT\Downloads\ComboFix.exe
2014-02-24 05:30 - 2014-02-24 05:30 - 01005568 _____ (Microsoft Corporation) C:\Users\HT\Downloads\dotNetFx45_Full_setup.exe
2014-02-24 05:06 - 2014-02-24 05:06 - 04604921 _____ () C:\Users\HT\Downloads\Anti-CryptorBit.zip
2014-02-21 20:59 - 2014-02-21 20:59 - 00001234 _____ () C:\Users\HT\Desktop\Sicherung Th_Knorr_Str.lnk
2014-02-21 20:59 - 2014-02-21 17:50 - 00000000 ____D () C:\Users\HT\SicherungFeb2014
2014-02-21 19:46 - 2014-02-21 19:44 - 00000000 ____D () C:\Users\HT\Sicherung Familie
2014-02-21 19:44 - 2014-02-21 19:44 - 00000000 ____D () C:\Users\HT\Sicherung Bürstadt
2014-02-21 19:32 - 2014-02-21 19:32 - 00001038 _____ () C:\Users\HT\Desktop\Sicherung Gesundheit.lnk
2014-02-21 19:31 - 2014-02-21 19:29 - 00000000 ____D () C:\Users\HT\SicherungGesundheit
2014-02-21 18:35 - 2014-02-21 18:35 - 00000866 _____ () C:\Users\HT\Desktop\Sicherung WallenfelsJan2014.lnk
2014-02-21 18:34 - 2014-02-21 18:34 - 00001122 _____ () C:\Users\HT\Desktop\Sicherung Lichte Jan14.lnk
2014-02-21 18:32 - 2014-02-21 18:32 - 00001180 _____ () C:\Users\HT\Desktop\Sicherung Steuer Feb2014.lnk
2014-02-21 16:42 - 2014-02-21 16:41 - 00023842 _____ () C:\Users\HT\Downloads\Addition.txt
2014-02-21 16:42 - 2014-02-21 16:39 - 00063115 _____ () C:\Users\HT\Downloads\FRST.txt
2014-02-21 15:55 - 2013-01-10 05:35 - 00002182 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-21 06:47 - 2014-02-19 11:02 - 00000000 _____ () C:\Users\HT\Downloads\DecryptHelper.txt
2014-02-21 06:47 - 2014-02-19 11:02 - 00000000 _____ () C:\Users\HT\Downloads\DecryptException.txt
2014-02-20 18:18 - 2014-02-20 18:18 - 00000000 ____D () C:\Users\HT\Documents\ransom_file_unlocker
2014-02-20 18:10 - 2009-07-14 05:45 - 00437256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-20 17:37 - 2014-02-20 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-20 17:34 - 2009-07-14 03:34 - 00000534 _____ () C:\Windows\win.ini
2014-02-20 17:26 - 2013-01-10 13:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-02-20 12:29 - 2014-02-20 12:25 - 00004598 _____ () C:\Users\HT\Downloads\PandaRamsonwareDecrypt.log
2014-02-20 12:22 - 2014-02-20 12:22 - 02760672 _____ () C:\Users\HT\Downloads\pandaunransom.exe
2014-02-20 11:09 - 2014-02-20 10:25 - 00000000 ____D () C:\Users\HT\AppData\Local\LogMeIn Rescue Applet
2014-02-20 10:41 - 2014-02-20 10:40 - 00147258 _____ () C:\Users\HT\Desktop\SpeicherungRegistry.reg
2014-02-20 10:38 - 2014-02-20 10:38 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-20 10:38 - 2014-02-20 10:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-20 10:37 - 2014-02-20 10:36 - 03645064 _____ (Piriform Ltd) C:\Users\HT\Downloads\ccsetup410_slim(1).exe
2014-02-20 10:36 - 2014-02-20 10:36 - 03645064 _____ (Piriform Ltd) C:\Users\HT\Downloads\ccsetup410_slim.exe
2014-02-20 10:25 - 2014-02-20 10:25 - 01295200 _____ (LogMeIn, Inc.) C:\Users\HT\Downloads\Support-LogMeInRescue.exe
2014-02-19 16:46 - 2014-02-19 16:46 - 03084860 _____ () C:\Users\HT\Downloads\Beispielbilder_Win7(1).zip
2014-02-19 16:27 - 2014-02-19 16:27 - 03084860 _____ () C:\Users\HT\Downloads\Beispielbilder_Win7.zip
2014-02-19 16:00 - 2014-02-19 16:00 - 00062065 _____ () C:\Users\HT\Downloads\Avira-RansomFileUnlocker-1.0.1.zip
2014-02-19 14:57 - 2014-02-19 14:57 - 00019458 _____ () C:\Users\HT\Downloads\DecryptHelper-0.5.3(1).jar
2014-02-19 12:08 - 2014-02-19 12:08 - 00000000 ____D () C:\Users\HT\Documents\scareuncrypt-2
2014-02-19 12:05 - 2014-02-19 12:05 - 00000000 ____D () C:\Users\HT\Documents\scareuncrypt-1
2014-02-19 11:41 - 2014-02-19 11:41 - 00000000 ____D () C:\Users\HT\Documents\scareuncrypt
2014-02-19 07:06 - 2014-02-19 07:06 - 00000525 _____ () C:\Users\HT\Downloads\Vergleich.bat
2014-02-18 23:05 - 2014-02-18 10:19 - 00000000 ____D () C:\ProgramData\nttw
2014-02-18 23:04 - 2014-02-18 10:19 - 00000000 ____D () C:\ProgramData\jsmmmt
2014-02-18 22:44 - 2014-02-18 10:19 - 00000000 ____D () C:\ProgramData\lcvs
2014-02-18 22:44 - 2014-02-18 09:45 - 00000000 ____D () C:\ProgramData\dubmrnw
2014-02-18 22:33 - 2014-02-18 10:19 - 00000000 ____D () C:\ProgramData\vyemk
2014-02-18 10:19 - 2014-02-18 10:19 - 00000000 ____D () C:\ProgramData\hgfx
2014-02-18 10:06 - 2014-01-24 16:13 - 01777040 _____ () C:\Users\HT\Desktop\Galaxy_S_Plus_Bedienungsanleitung.zip
2014-02-18 10:06 - 2014-01-24 16:12 - 01777040 _____ () C:\Users\HT\Downloads\Galaxy_S_Plus_Bedienungsanleitung.zip
2014-02-18 10:06 - 2014-01-16 03:44 - 00014457 _____ () C:\Users\HT\Desktop\Louise L. Hay - Heilende Gedanken für Körper und Seele - Verknüpfung.lnk
2014-02-18 10:06 - 2014-01-14 12:04 - 00014336 _____ () C:\Users\HT\Documents\DrGazertStr3.xls
2014-02-18 10:06 - 2014-01-05 13:56 - 01642352 _____ () C:\Users\HT\Downloads\Glendel und die Prinzessin des Lichts -  Teil 1 von 2_ Oder_ Warum die Sonne täglich auf- und untergeht (German Edition).azw3
2014-02-18 10:06 - 2014-01-05 13:56 - 00346692 _____ () C:\Users\HT\Downloads\Perry Rhodan 2600_ Das Thanatos-Programm (Heftroman)_ Perry Rhodan-Zyklus _Neuroversum_ (Perry Rhodan-Erstauflage) (German Edition).azw3
2014-02-18 10:06 - 2014-01-05 13:56 - 00339964 _____ () C:\Users\HT\Downloads\Lacunars Fluch, Teil 1_ Der Auftrag (German Edition).azw3
2014-02-18 10:06 - 2014-01-05 13:56 - 00186416 _____ () C:\Users\HT\Downloads\Die schwarze Hostie_ Teil 1 - Dämonen Serial (German Edition).azw3
2014-02-18 10:06 - 2014-01-05 13:56 - 00167811 _____ () C:\Users\HT\Downloads\Sohn des Meeres (German Edition).azw
2014-02-18 10:06 - 2014-01-05 13:51 - 00477280 _____ () C:\Users\HT\Downloads\Raya und Kill - Gefährliche Grenze (German Edition).azw3
2014-02-18 10:06 - 2014-01-05 13:51 - 00427540 _____ () C:\Users\HT\Downloads\Niklas Pettersson - Im Labyrinth der Finsternis (German Edition).azw3
2014-02-18 10:06 - 2014-01-05 13:46 - 00558364 _____ () C:\Users\HT\Downloads\Unsterblich geliebt (German Edition).azw3
2014-02-18 10:06 - 2014-01-05 13:46 - 00428216 _____ () C:\Users\HT\Downloads\Zwanzigtausend Meilen unter'm Meer - Zweiter Band (German Edition).azw
2014-02-18 10:06 - 2014-01-05 13:46 - 00419020 _____ () C:\Users\HT\Downloads\Zwanzigtausend Meilen unter'm Meer - Erster Band (German Edition).azw
2014-02-18 10:06 - 2013-12-28 19:38 - 00352560 _____ () C:\Users\HT\Downloads\Das Nibelungenlied (German Edition).azw3
2014-02-18 10:06 - 2013-12-28 19:11 - 01444428 _____ () C:\Users\HT\Downloads\Sagen des klassischen Altertums (German Edition).azw
2014-02-18 10:06 - 2013-12-28 19:11 - 00819836 _____ () C:\Users\HT\Downloads\Walhall. Germanische Götter- und Heldensagen (German Edition).azw
2014-02-18 10:06 - 2013-12-28 19:11 - 00809948 _____ () C:\Users\HT\Downloads\Deutsche Sagen (German Edition).azw
2014-02-18 10:06 - 2013-12-28 19:11 - 00809948 _____ () C:\Users\HT\Downloads\Deutsche Sagen (German Edition)(1).azw
2014-02-18 10:06 - 2013-12-28 19:11 - 00313516 _____ () C:\Users\HT\Downloads\Reise um die Erde in 80 Tagen (German Edition).azw3
2014-02-18 10:06 - 2013-12-28 19:11 - 00150860 _____ () C:\Users\HT\Downloads\Heldensagen (German Edition).azw
2014-02-18 10:06 - 2013-12-28 19:10 - 00451827 _____ () C:\Users\HT\Downloads\Der Trotzkopf (German Edition).azw
2014-02-18 10:06 - 2013-12-28 19:00 - 00264920 _____ () C:\Users\HT\Downloads\Das Feuer der Zeit_ Für kurze Zeit kostenlos (German Edition).azw3
2014-02-18 10:06 - 2013-12-28 18:59 - 00628604 _____ () C:\Users\HT\Downloads\Der Hexer von Hymal, Buch I_ Ein Junge aus den Bergen (German Edition).azw3
2014-02-18 10:06 - 2013-12-28 18:59 - 00228821 _____ () C:\Users\HT\Downloads\Das Antlitz der Göttin. Der Ursprung der Liebe - Teil 1. (German Edition).azw3
2014-02-18 10:06 - 2013-12-28 18:43 - 00511464 _____ () C:\Users\HT\Downloads\Am dreizehnten Tag_ Kis-Ba-Shahid (German Edition).azw3
2014-02-18 10:06 - 2013-12-28 18:43 - 00411732 _____ () C:\Users\HT\Downloads\Am dreizehnten Tag_ Flaschengeister (German Edition).azw3
2014-02-18 10:06 - 2013-12-24 20:10 - 00695051 _____ () C:\Users\HT\Downloads\Die Dunkelmagierchroniken - Die Erben der Flamme (Episode 1 - Spiel mit dem Feuer) (German Edition)(1).azw3
2014-02-18 10:06 - 2013-12-24 20:00 - 00211616 _____ () C:\Users\HT\Downloads\Am dreizehnten Tag_ Die Bestimmung (German Edition)(2).azw3
2014-02-18 10:06 - 2013-12-24 19:58 - 00211616 _____ () C:\Users\HT\Downloads\Am dreizehnten Tag_ Die Bestimmung (German Edition)(1).azw3
2014-02-18 10:06 - 2013-02-13 16:52 - 15263645 _____ () C:\Users\HT\Desktop\How Mercury Destroys the Brain - University of Calgary.mp4
2014-02-18 10:06 - 2013-01-13 21:41 - 00077100 _____ () C:\Users\HT\Downloads\POORICH.TTF
2014-02-18 10:06 - 2013-01-10 21:26 - 71762432 _____ () C:\Users\HT\Desktop\NotfallBootT500.iso
2014-02-18 10:06 - 2013-01-10 20:30 - 08540672 _____ () C:\Users\HT\Downloads\FRITZ.Box_Fon_WLAN_7170.29.04.87.image
2014-02-18 10:06 - 2013-01-10 18:41 - 00637587 _____ () C:\Users\HT\Downloads\Outlook.NK2
2014-02-18 10:06 - 2013-01-10 11:59 - 10353240 _____ () C:\Users\HT\Downloads\Windows6.1-KB958559-x64.msu
2014-02-18 10:06 - 2013-01-10 11:15 - 00901650 _____ () C:\Users\HT\Downloads\HAV Detection Tool - User Guide.mht
2014-02-18 10:04 - 2013-12-16 18:15 - 00000000 ____D () C:\Users\HT\AppData\Local\UXDmedia
2014-02-18 10:04 - 2013-01-10 16:43 - 00000000 ____D () C:\Users\HT\AppData\Roaming\FileZilla
2014-02-18 10:04 - 2013-01-09 11:24 - 00000000 ____D () C:\Users\HT\AppData\Local\Windows Live
2014-02-18 09:57 - 2013-01-09 11:24 - 00122592 _____ () C:\Users\HT\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-18 09:53 - 2014-02-18 09:53 - 00001331 _____ () C:\Users\HT\AppData\Local\HOWDECRYPT.HTM
2014-02-18 09:53 - 2014-02-18 09:53 - 00001069 _____ () C:\Users\HT\HOWDECRYPT.TXT
2014-02-18 09:53 - 2014-02-18 09:53 - 00001069 _____ () C:\Users\HT\AppData\Local\HOWDECRYPT.TXT
2014-02-18 09:53 - 2013-01-17 23:53 - 00014848 _____ () C:\Users\HT\BerechnungenGauting.xls
2014-02-18 09:53 - 2013-01-11 06:26 - 00637587 _____ () C:\Users\HT\Outlook.NK2
2014-02-18 09:53 - 2012-01-10 19:56 - 00000000 ____D () C:\RPKTools
2014-02-17 03:56 - 2014-02-17 03:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2b8bce5c340c.job
2014-02-16 07:39 - 2013-01-10 19:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-14 06:35 - 2014-02-14 06:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-09 08:45 - 2014-02-09 08:45 - 00002500 _____ () C:\Users\HT\Downloads\ESt_1_A_2012.xml
2014-02-09 08:13 - 2014-02-09 08:13 - 00001446 _____ () C:\Users\HT\Downloads\Anlage_N_2012(1).xml
2014-02-08 00:15 - 2014-02-08 00:15 - 00001247 _____ () C:\Users\HT\Downloads\Anlage_N_2012.xml
2014-02-04 19:09 - 2012-01-10 13:07 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-01 10:20 - 2014-02-20 17:23 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-20 17:23 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-01 10:19 - 2014-02-20 17:23 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-01 10:18 - 2014-02-20 17:23 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-20 17:23 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-20 17:23 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-20 17:23 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-01 10:18 - 2014-02-20 17:23 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-20 17:23 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-01 10:18 - 2014-02-20 17:23 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-01 10:18 - 2014-02-20 17:23 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-20 17:23 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-20 17:23 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-20 17:23 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-01 10:18 - 2014-02-20 17:22 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-01 08:58 - 2014-02-20 17:23 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-20 17:23 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-01 08:57 - 2014-02-20 17:23 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-20 17:23 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-20 17:23 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-20 17:23 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-20 17:23 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-20 17:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-01 08:57 - 2014-02-20 17:23 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-20 17:23 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-20 17:23 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-20 17:23 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-20 17:23 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-01 08:57 - 2014-02-20 17:22 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-01 08:40 - 2014-02-20 17:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-20 17:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-01 07:45 - 2014-02-20 17:23 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-01 07:38 - 2014-02-20 17:23 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

Files to move or delete:
====================
C:\Users\HT\TFC.exe


Some content of TEMP:
====================
C:\Users\HT\AppData\Local\Temp\avgnt.exe
C:\Users\HT\AppData\Local\Temp\OLMAPI32.DLL


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-02 11:41

==================== End Of Log ============================
--- --- ---

--- --- ---


Danke für Deine Geduld und Mühe!

Herzliche Grüße
Heidi

schrauber 03.03.2014 18:28
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
S1 axlaltnl; \??\C:\Windows\system32\drivers\axlaltnl.sys [X]
S1 bxutmaxl; \??\C:\Windows\system32\drivers\bxutmaxl.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 gjehruoe; \??\C:\Windows\system32\drivers\gjehruoe.sys [X]
S1 jobrmrfq; \??\C:\Windows\system32\drivers\jobrmrfq.sys [X]
S1 lwfdbnqy; \??\C:\Windows\system32\drivers\lwfdbnqy.sys [X]
S1 pnjigteg; \??\C:\Windows\system32\drivers\pnjigteg.sys [X]
S1 qdjrswnc; \??\C:\Windows\system32\drivers\qdjrswnc.sys [X]
S1 qrfukebx; \??\C:\Windows\system32\drivers\qrfukebx.sys [X]
S1 rfkccchq; \??\C:\Windows\system32\drivers\rfkccchq.sys [X]
S1 rrkcddqb; \??\C:\Windows\system32\drivers\rrkcddqb.sys [X]
S1 ttibdnli; \??\C:\Windows\system32\drivers\ttibdnli.sys [X]
S1 uagaldfs; \??\C:\Windows\system32\drivers\uagaldfs.sys [X]
S1 uoydbgey; \??\C:\Windows\system32\drivers\uoydbgey.sys [X]
S1 vcciuaig; \??\C:\Windows\system32\drivers\vcciuaig.sys [X]
C:\Program Files\Enigma Software Group

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Waldfee99 04.03.2014 01:21
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo Schrauber,

ich habe die Fixlog.txt erstellt und füge diese unten ein. Da ich sehr stutzig geworden bin, daß wieder einmal etwas vom "SpyHunter" gemeldet wird, und das Verzeichnis nicht zu finden war, habe ich dieses in der DOS-Ebene gesucht, aber auch nicht gefunden. Ich hänge Dir einen Screenshot von dieser Suche an.

Letztendlich habe ich schon die ganze Zeit den Spyhunter in Verdacht, daß dieser das ganze Verschlüsselungsproblem (Howdecrypt) verursacht hat. Ich hatte den Spyhunter vor ca. einem halben Jahr selbst installiert, als ich einen Virus oder Wurm hatte und sich dauernd ein Popup-Fenster gemeldet hat. Nachdem ich in Google nachgeschaut hatte, was zu tun wäre, und alles auf den Spyhunter verwies, lud ich mir diesen runter und installierte ihn. Kurz nachdem ich ihn mir installiert hatte, merkte ich aber, daß ich mir eine Schadsoftware installiert hatte. Damals machte ich alles, um diese aus dem System zu bekommen. U. a. suchte und löschte ich alles was "Spyhunter" enthielt auch auf der DOS-Ebene. Bei der aktuellen Bekämpfung bzw. den Entschlüsselungsversuchen von Howdecrypt verwies auch wieder alles auf den Spyhunter, den ich aber dieses mal nicht installiert habe.

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2014
Ran by HT at 2014-03-04 01:00:41 Run:1
Running from C:\Users\HT\Downloads\FRST-OlderVersion
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S1 axlaltnl; \??\C:\Windows\system32\drivers\axlaltnl.sys [X]
S1 bxutmaxl; \??\C:\Windows\system32\drivers\bxutmaxl.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 gjehruoe; \??\C:\Windows\system32\drivers\gjehruoe.sys [X]
S1 jobrmrfq; \??\C:\Windows\system32\drivers\jobrmrfq.sys [X]
S1 lwfdbnqy; \??\C:\Windows\system32\drivers\lwfdbnqy.sys [X]
S1 pnjigteg; \??\C:\Windows\system32\drivers\pnjigteg.sys [X]
S1 qdjrswnc; \??\C:\Windows\system32\drivers\qdjrswnc.sys [X]
S1 qrfukebx; \??\C:\Windows\system32\drivers\qrfukebx.sys [X]
S1 rfkccchq; \??\C:\Windows\system32\drivers\rfkccchq.sys [X]
S1 rrkcddqb; \??\C:\Windows\system32\drivers\rrkcddqb.sys [X]
S1 ttibdnli; \??\C:\Windows\system32\drivers\ttibdnli.sys [X]
S1 uagaldfs; \??\C:\Windows\system32\drivers\uagaldfs.sys [X]
S1 uoydbgey; \??\C:\Windows\system32\drivers\uoydbgey.sys [X]
S1 vcciuaig; \??\C:\Windows\system32\drivers\vcciuaig.sys [X]
C:\Program Files\Enigma Software Group
*****************

axlaltnl => Service deleted successfully.
bxutmaxl => Service deleted successfully.
esgiguard => Service deleted successfully.
gjehruoe => Service deleted successfully.
jobrmrfq => Service deleted successfully.
lwfdbnqy => Service deleted successfully.
pnjigteg => Service deleted successfully.
qdjrswnc => Service deleted successfully.
qrfukebx => Service deleted successfully.
rfkccchq => Service deleted successfully.
rrkcddqb => Service deleted successfully.
ttibdnli => Service deleted successfully.
uagaldfs => Service deleted successfully.
uoydbgey => Service deleted successfully.
vcciuaig => Service deleted successfully.
"C:\Program Files\Enigma Software Group" => File/Directory not found.

==== End of Fixlog ====
Herzliche Grüße

Heidi

schrauber 04.03.2014 18:15
Sieht gut aus, bitte nochmal ein frisches FRST log. Noch probleme?

Waldfee99 05.03.2014 02:56
Hallo Schrauber,

hier die FRST. log-Datei:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2014
Ran by HT (administrator) on HT-THINK on 04-03-2014 21:48:59
Running from C:\Users\HT\Downloads\FRST-OlderVersion
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

() C:\Windows\system32\DTS.exe
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\system32\ATService.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVEO) C:\Program Files (x86)\AVEO\AVEO USB2.0 PC Camera\CamAppSTI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-09-30] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo)
HKLM\...\Run: [FingerPrintSoftware] - C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582400 2010-02-05] (AuthenTec)
HKLM\...\Run: [FingerPrintSoftwareSplashScreen] - C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2010-02-05] (AuthenTec, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [377712 2009-11-06] (Acronis)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [630784 2007-03-02] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [65536 2006-11-07] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [4389592 2009-11-06] (Acronis)
HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [962688 2009-11-06] (Acronis)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EPSON_UD_START] - C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe [329704 2010-06-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [CamAppSTI.exe] - C:\Program Files (x86)\AVEO\AVEO USB2.0 PC Camera\CamAppSTI.exe [28672 2009-01-04] (AVEO)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2814266497-2799738039-2710065422-1000\...\Run: [Installation Diagnostics] - C:\Program Files (x86)\Brother\Brmfl06d\Brinstck.exe [126976 2006-11-04] (Brother Industries, Ltd.)
HKU\S-1-5-21-2814266497-2799738039-2710065422-1000\...\Policies\Explorer: [DisallowCpl] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2C05EFE153EECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\HT\AppData\Roaming\Mozilla\Firefox\Profiles\h3rdekcs.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: pdfforge.PDF.PDF - C:\Users\HT\AppData\Roaming\Mozilla\Firefox\Profiles\h3rdekcs.default\Extensions\{35884CFF-8A76-EFEC-D03B-2CE8B00E5308} [2013-12-16]
FF Extension: DownloadHelper - C:\Users\HT\AppData\Roaming\Mozilla\Firefox\Profiles\h3rdekcs.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-28]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-01-10]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-01-10]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-01-10]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YouTube) - C:\Users\HT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-10]
CHR Extension: (Google Search) - C:\Users\HT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-10]
CHR Extension: (Google Wallet) - C:\Users\HT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\HT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-10]
CHR HKLM-x32\...\Chrome\Extension: [nibmbnacadfhadkiecpkignkpdfbaahl] - C:\ProgramData\SaveByclick\nibmbnacadfhadkiecpkignkpdfbaahl.crx [2013-01-10]

==================== Services (Whitelisted) =================

S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2010-02-05] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 ATService; C:\Windows\system32\ATService.exe [2713920 2010-02-05] (AuthenTec, Inc.)
R3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-10-04] (Lenovo.)
R2 dtsvc; C:\Windows\system32\DTS.exe [117760 2010-02-05] ()
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [104424 2010-06-09] (SEIKO EPSON CORPORATION)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2010-02-04] (Intel Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522912 2012-12-14] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [906464 2012-12-14] (pdfforge GbR)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2010-02-04] (Intel Corporation)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [586280 2011-02-23] (Ericsson AB)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 e36gbus; C:\Windows\system32\drivers\e36gbus.sys [328704 2009-06-30] (MCCI Corporation)
S3 e36gmgmt; C:\Windows\system32\drivers\e36gmgmt.sys [376320 2009-06-30] (MCCI Corporation)
S3 e36wgps; C:\Windows\system32\drivers\e36wgps64.sys [96296 2009-07-10] (Ericsson AB)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [12800 2009-09-22] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [17408 2009-09-22] (Ericsson AB)
S3 l36wgps; C:\Windows\system32\drivers\l36wgps64.sys [101416 2010-12-01] (Ericsson AB)
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [411208 2010-10-31] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [419912 2010-10-31] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2010-10-31] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [472648 2010-10-31] (MCCI Corporation)
R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [1455648 2013-01-10] (Acronis)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [276520 2011-02-08] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 dzehtfmr; \??\C:\Windows\system32\drivers\dzehtfmr.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-02 11:18 - 2014-03-02 11:18 - 08908700 _____ () C:\Users\HT\Desktop\Anti-CryptorBitV2.zip
2014-03-02 10:03 - 2014-03-02 22:02 - 00006214 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-03-02 10:00 - 2014-03-02 10:00 - 00000000 ____D () C:\Users\HT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-03-02 09:56 - 2014-03-02 09:56 - 00000000 ____D () C:\Users\HT\AppData\Local\{6FC0060F-FFA5-4EFE-BEA4-243B1AC0D290}
2014-03-02 08:35 - 2014-03-02 08:35 - 00000000 ____D () C:\ProgramData\Sun
2014-03-02 08:35 - 2014-03-02 08:35 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-02 08:35 - 2014-03-02 08:34 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-02 08:35 - 2014-03-02 08:34 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-02 08:35 - 2014-03-02 08:34 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-02 08:35 - 2014-03-02 08:34 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-02 08:32 - 2014-03-02 08:32 - 00921512 _____ (Oracle Corporation) C:\Users\HT\Downloads\JavaSetup7u51.exe
2014-03-02 07:58 - 2014-03-02 07:57 - 00448512 _____ (OldTimer Tools) C:\Users\HT\TFC.exe
2014-03-02 07:58 - 2014-03-02 07:57 - 00448512 _____ (OldTimer Tools) C:\Users\HT\Desktop\TFC.exe
2014-03-02 07:57 - 2014-03-02 07:57 - 00448512 _____ (OldTimer Tools) C:\Users\HT\Downloads\TFC.exe
2014-03-02 05:15 - 2014-03-02 05:32 - 00000000 ____D () C:\Users\HT\Buerstadt3
2014-03-02 05:03 - 2014-03-02 05:09 - 00000000 ____D () C:\Users\HT\Buerstadt2
2014-03-02 05:01 - 2014-03-02 05:01 - 00001149 _____ () C:\Users\HT\Desktop\Anti-CryptorBit.zip - Verknüpfung.lnk
2014-03-01 08:21 - 2014-03-03 11:02 - 00000000 ____D () C:\Users\HT\Familie2
2014-03-01 08:03 - 2014-03-01 08:03 - 00016643 _____ () C:\Users\HT\Desktop\log.7z
2014-03-01 08:00 - 2014-03-01 08:00 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-01 07:59 - 2014-03-01 07:59 - 01110476 _____ () C:\Users\HT\Downloads\7z920.exe
2014-03-01 07:16 - 2014-03-01 07:16 - 00987425 _____ () C:\Users\HT\Downloads\SecurityCheck.exe
2014-03-01 03:28 - 2014-03-01 03:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-01 03:18 - 2014-03-01 03:18 - 02347384 _____ (ESET) C:\Users\HT\Downloads\esetsmartinstaller_enu.exe
2014-02-27 12:15 - 2014-03-03 17:34 - 00000000 ____D () C:\Users\HT\Th-Knorr-Str entschl
2014-02-27 10:05 - 2014-03-04 21:48 - 00000000 ____D () C:\Users\HT\Downloads\FRST-OlderVersion
2014-02-27 09:54 - 2014-02-27 09:54 - 00002782 _____ () C:\Users\HT\Desktop\JRT.txt
2014-02-27 09:48 - 2014-02-27 09:48 - 00000000 ____D () C:\Windows\ERUNT
2014-02-27 09:46 - 2014-02-27 09:46 - 01037734 _____ (Thisisu) C:\Users\HT\Downloads\JRT.exe
2014-02-27 09:35 - 2014-02-27 09:37 - 00000000 ____D () C:\AdwCleaner
2014-02-27 09:32 - 2014-02-27 09:32 - 01241834 _____ () C:\Users\HT\Downloads\adwcleaner.exe
2014-02-26 06:04 - 2014-02-26 06:04 - 00029136 _____ () C:\ComboFix.txt
2014-02-26 02:57 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-26 02:57 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-26 02:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-26 02:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-26 02:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-26 02:57 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-26 02:57 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-26 02:57 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-26 02:54 - 2014-02-26 06:08 - 00000000 ____D () C:\Qoobox
2014-02-26 02:54 - 2014-02-26 06:02 - 00000000 ____D () C:\Windows\erdnt
2014-02-26 02:49 - 2014-02-26 02:49 - 05185084 ____R (Swearware) C:\Users\HT\Downloads\ComboFix.exe
2014-02-24 05:30 - 2014-02-24 05:30 - 01005568 _____ (Microsoft Corporation) C:\Users\HT\Downloads\dotNetFx45_Full_setup.exe
2014-02-24 05:06 - 2014-02-24 05:06 - 04604921 _____ () C:\Users\HT\Downloads\Anti-CryptorBit.zip
2014-02-21 20:59 - 2014-02-21 20:59 - 00001234 _____ () C:\Users\HT\Desktop\Sicherung Th_Knorr_Str.lnk
2014-02-21 19:44 - 2014-02-21 19:46 - 00000000 ____D () C:\Users\HT\Sicherung Familie
2014-02-21 19:44 - 2014-02-21 19:44 - 00000000 ____D () C:\Users\HT\Sicherung Bürstadt
2014-02-21 19:32 - 2014-02-21 19:32 - 00001038 _____ () C:\Users\HT\Desktop\Sicherung Gesundheit.lnk
2014-02-21 19:29 - 2014-02-21 19:31 - 00000000 ____D () C:\Users\HT\SicherungGesundheit
2014-02-21 18:35 - 2014-02-21 18:35 - 00000866 _____ () C:\Users\HT\Desktop\Sicherung WallenfelsJan2014.lnk
2014-02-21 18:34 - 2014-02-21 18:34 - 00001122 _____ () C:\Users\HT\Desktop\Sicherung Lichte Jan14.lnk
2014-02-21 18:32 - 2014-02-21 18:32 - 00001180 _____ () C:\Users\HT\Desktop\Sicherung Steuer Feb2014.lnk
2014-02-21 18:29 - 2014-03-04 08:11 - 00000000 ____D () C:\Users\HT\Sicherung Th_Knorr_Str
2014-02-21 17:50 - 2014-02-21 20:59 - 00000000 ____D () C:\Users\HT\SicherungFeb2014
2014-02-21 16:41 - 2014-02-21 16:42 - 00023842 _____ () C:\Users\HT\Downloads\Addition.txt
2014-02-21 16:39 - 2014-03-04 21:48 - 00000000 ____D () C:\FRST
2014-02-21 16:39 - 2014-02-21 16:42 - 00063115 _____ () C:\Users\HT\Downloads\FRST.txt
2014-02-21 16:37 - 2014-02-27 10:05 - 01984679 _____ () C:\Users\HT\Downloads\FRST64.exe
2014-02-20 18:18 - 2014-02-20 18:18 - 00000000 ____D () C:\Users\HT\Documents\ransom_file_unlocker
2014-02-20 17:37 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-02-20 17:37 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-02-20 17:37 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-02-20 17:37 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-02-20 17:34 - 2014-02-20 17:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-20 17:23 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-20 17:23 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-20 17:23 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-20 17:23 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-20 17:23 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-20 17:23 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-20 17:23 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-20 17:23 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-20 17:23 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-20 17:23 - 2014-02-01 07:45 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-20 17:23 - 2014-02-01 07:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-20 17:23 - 2013-12-21 10:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-20 17:23 - 2013-12-21 08:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-20 17:22 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-20 17:22 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-20 17:14 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-20 17:14 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-20 17:14 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-02-20 17:14 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-02-20 17:14 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-02-20 17:14 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-02-20 17:14 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-02-20 17:14 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-02-20 17:14 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-02-20 17:14 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-02-20 17:14 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-02-20 17:14 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-02-20 17:14 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-02-20 17:14 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-02-20 17:14 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-02-20 17:14 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-02-20 17:14 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-02-20 17:14 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-02-20 17:14 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-02-20 17:14 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-02-20 17:13 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-20 17:13 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-20 17:13 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-20 17:13 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-20 17:13 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-20 17:13 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-20 17:13 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-20 17:13 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-20 17:13 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-20 17:13 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-20 17:13 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-20 17:13 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-20 17:13 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-20 17:13 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-20 17:13 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-20 17:13 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-20 17:13 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-20 17:13 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-20 17:13 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-20 17:13 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-20 17:13 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-02-20 17:13 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-02-20 17:13 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-02-20 17:13 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-02-20 17:13 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-02-20 17:13 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-02-20 17:13 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-02-20 17:13 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-02-20 17:13 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-20 17:13 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-20 17:13 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-02-20 17:13 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-02-20 17:13 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-02-20 17:13 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-02-20 17:13 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-02-20 17:13 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-02-20 17:13 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-02-20 17:13 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-02-20 17:13 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-02-20 17:13 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-02-20 17:13 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-02-20 17:13 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-02-20 17:13 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-02-20 17:13 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-02-20 17:13 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-02-20 17:13 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-02-20 17:13 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-02-20 17:13 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-02-20 17:13 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-02-20 17:13 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-02-20 17:13 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-02-20 17:13 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-02-20 17:13 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-02-20 17:13 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-02-20 17:13 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-02-20 17:13 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-02-20 17:13 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-02-20 17:13 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-02-20 17:12 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-20 17:12 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-20 17:12 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-20 17:12 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-20 17:12 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-20 17:12 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-02-20 17:12 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-02-20 12:25 - 2014-02-20 12:29 - 00004598 _____ () C:\Users\HT\Downloads\PandaRamsonwareDecrypt.log
2014-02-20 12:22 - 2014-02-20 12:22 - 02760672 _____ () C:\Users\HT\Downloads\pandaunransom.exe
2014-02-20 10:40 - 2014-02-20 10:41 - 00147258 _____ () C:\Users\HT\Desktop\SpeicherungRegistry.reg
2014-02-20 10:38 - 2014-02-20 10:38 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-20 10:38 - 2014-02-20 10:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-20 10:36 - 2014-02-20 10:37 - 03645064 _____ (Piriform Ltd) C:\Users\HT\Downloads\ccsetup410_slim(1).exe
2014-02-20 10:36 - 2014-02-20 10:36 - 03645064 _____ (Piriform Ltd) C:\Users\HT\Downloads\ccsetup410_slim.exe
2014-02-20 10:25 - 2014-02-20 11:09 - 00000000 ____D () C:\Users\HT\AppData\Local\LogMeIn Rescue Applet
2014-02-20 10:25 - 2014-02-20 10:25 - 01295200 _____ (LogMeIn, Inc.) C:\Users\HT\Downloads\Support-LogMeInRescue.exe
2014-02-19 16:46 - 2014-02-19 16:46 - 03084860 _____ () C:\Users\HT\Downloads\Beispielbilder_Win7(1).zip
2014-02-19 16:27 - 2014-02-19 16:27 - 03084860 _____ () C:\Users\HT\Downloads\Beispielbilder_Win7.zip
2014-02-19 16:00 - 2014-02-19 16:00 - 00062065 _____ () C:\Users\HT\Downloads\Avira-RansomFileUnlocker-1.0.1.zip
2014-02-19 14:57 - 2014-02-19 14:57 - 00019458 _____ () C:\Users\HT\Downloads\DecryptHelper-0.5.3(1).jar
2014-02-19 12:08 - 2014-02-19 12:08 - 00000000 ____D () C:\Users\HT\Documents\scareuncrypt-2
2014-02-19 12:05 - 2014-02-19 12:05 - 00000000 ____D () C:\Users\HT\Documents\scareuncrypt-1
2014-02-19 11:41 - 2014-02-19 11:41 - 00000000 ____D () C:\Users\HT\Documents\scareuncrypt
2014-02-19 11:02 - 2014-02-21 06:47 - 00000000 _____ () C:\Users\HT\Downloads\DecryptHelper.txt
2014-02-19 11:02 - 2014-02-21 06:47 - 00000000 _____ () C:\Users\HT\Downloads\DecryptException.txt
2014-02-19 07:06 - 2014-02-19 07:06 - 00000525 _____ () C:\Users\HT\Downloads\Vergleich.bat
2014-02-18 10:19 - 2014-02-18 23:05 - 00000000 ____D () C:\ProgramData\nttw
2014-02-18 10:19 - 2014-02-18 23:04 - 00000000 ____D () C:\ProgramData\jsmmmt
2014-02-18 10:19 - 2014-02-18 22:44 - 00000000 ____D () C:\ProgramData\lcvs
2014-02-18 10:19 - 2014-02-18 22:33 - 00000000 ____D () C:\ProgramData\vyemk
2014-02-18 10:19 - 2014-02-18 10:19 - 00000000 ____D () C:\ProgramData\hgfx
2014-02-18 09:53 - 2014-02-18 09:53 - 00001331 _____ () C:\Users\HT\AppData\Local\HOWDECRYPT.HTM
2014-02-18 09:53 - 2014-02-18 09:53 - 00001069 _____ () C:\Users\HT\HOWDECRYPT.TXT
2014-02-18 09:53 - 2014-02-18 09:53 - 00001069 _____ () C:\Users\HT\AppData\Local\HOWDECRYPT.TXT
2014-02-18 09:45 - 2014-02-18 22:44 - 00000000 ____D () C:\ProgramData\dubmrnw
2014-02-17 03:56 - 2014-02-17 03:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2b8bce5c340c.job
2014-02-14 06:35 - 2014-02-14 06:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-09 08:45 - 2014-02-09 08:45 - 00002500 _____ () C:\Users\HT\Downloads\ESt_1_A_2012.xml
2014-02-09 08:13 - 2014-02-09 08:13 - 00001446 _____ () C:\Users\HT\Downloads\Anlage_N_2012(1).xml
2014-02-08 00:15 - 2014-02-08 00:15 - 00001247 _____ () C:\Users\HT\Downloads\Anlage_N_2012.xml
2014-02-06 11:50 - 2014-02-28 03:50 - 00000000 ____D () C:\Users\HT\Versicherungen
2014-02-04 02:17 - 2014-02-28 03:50 - 00000000 ____D () C:\Users\HT\Gemälde und Inventar
2014-02-02 07:07 - 2014-02-28 03:50 - 00000000 ___SD () C:\Users\HT\Documents\Eigene Datenquellen

==================== One Month Modified Files and Folders =======

2014-03-04 21:48 - 2014-02-27 10:05 - 00000000 ____D () C:\Users\HT\Downloads\FRST-OlderVersion
2014-03-04 21:48 - 2014-02-21 16:39 - 00000000 ____D () C:\FRST
2014-03-04 21:32 - 2013-01-10 05:35 - 00002182 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-04 08:11 - 2014-02-21 18:29 - 00000000 ____D () C:\Users\HT\Sicherung Th_Knorr_Str
2014-03-04 07:58 - 2013-06-23 13:10 - 01084073 _____ () C:\Windows\WindowsUpdate.log
2014-03-04 06:49 - 2009-07-14 05:45 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-04 06:49 - 2009-07-14 05:45 - 00022592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-04 06:40 - 2013-09-11 03:45 - 00031548 _____ () C:\Windows\setupact.log
2014-03-04 01:08 - 2013-01-13 21:37 - 00000000 ____D () C:\Users\HT\Computer
2014-03-03 17:34 - 2014-02-27 12:15 - 00000000 ____D () C:\Users\HT\Th-Knorr-Str entschl
2014-03-03 11:02 - 2014-03-01 08:21 - 00000000 ____D () C:\Users\HT\Familie2
2014-03-02 22:02 - 2014-03-02 10:03 - 00006214 _____ () C:\Windows\system32\PerfStringBackup.TMP
2014-03-02 11:43 - 2013-01-10 16:55 - 00000000 ____D () C:\Users\HT\Buerstadt
2014-03-02 11:37 - 2013-01-10 16:55 - 00000000 ____D () C:\Users\HT\Beruf
2014-03-02 11:37 - 2013-01-09 11:24 - 00000000 ____D () C:\Users\HT
2014-03-02 11:32 - 2013-01-24 16:41 - 00000000 ___RD () C:\Users\HT\Auto
2014-03-02 11:29 - 2013-01-10 16:55 - 00000000 ____D () C:\Users\HT\Bach
2014-03-02 11:18 - 2014-03-02 11:18 - 08908700 _____ () C:\Users\HT\Desktop\Anti-CryptorBitV2.zip
2014-03-02 10:00 - 2014-03-02 10:00 - 00000000 ____D () C:\Users\HT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2014-03-02 09:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-02 09:56 - 2014-03-02 09:56 - 00000000 ____D () C:\Users\HT\AppData\Local\{6FC0060F-FFA5-4EFE-BEA4-243B1AC0D290}
2014-03-02 08:35 - 2014-03-02 08:35 - 00000000 ____D () C:\ProgramData\Sun
2014-03-02 08:35 - 2014-03-02 08:35 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-02 08:34 - 2014-03-02 08:35 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-02 08:34 - 2014-03-02 08:35 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-02 08:34 - 2014-03-02 08:35 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-02 08:34 - 2014-03-02 08:35 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-02 08:34 - 2012-01-10 13:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-02 08:32 - 2014-03-02 08:32 - 00921512 _____ (Oracle Corporation) C:\Users\HT\Downloads\JavaSetup7u51.exe
2014-03-02 07:57 - 2014-03-02 07:58 - 00448512 _____ (OldTimer Tools) C:\Users\HT\TFC.exe
2014-03-02 07:57 - 2014-03-02 07:58 - 00448512 _____ (OldTimer Tools) C:\Users\HT\Desktop\TFC.exe
2014-03-02 07:57 - 2014-03-02 07:57 - 00448512 _____ (OldTimer Tools) C:\Users\HT\Downloads\TFC.exe
2014-03-02 05:32 - 2014-03-02 05:15 - 00000000 ____D () C:\Users\HT\Buerstadt3
2014-03-02 05:09 - 2014-03-02 05:03 - 00000000 ____D () C:\Users\HT\Buerstadt2
2014-03-02 05:01 - 2014-03-02 05:01 - 00001149 _____ () C:\Users\HT\Desktop\Anti-CryptorBit.zip - Verknüpfung.lnk
2014-03-01 08:03 - 2014-03-01 08:03 - 00016643 _____ () C:\Users\HT\Desktop\log.7z
2014-03-01 08:00 - 2014-03-01 08:00 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-01 07:59 - 2014-03-01 07:59 - 01110476 _____ () C:\Users\HT\Downloads\7z920.exe
2014-03-01 07:16 - 2014-03-01 07:16 - 00987425 _____ () C:\Users\HT\Downloads\SecurityCheck.exe
2014-03-01 07:04 - 2013-01-10 16:50 - 00000000 ____D () C:\Users\HT\Wallenfels
2014-03-01 06:40 - 2013-01-10 16:55 - 00000000 ____D () C:\Users\HT\Buergerstimme
2014-03-01 03:28 - 2014-03-01 03:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-01 03:18 - 2014-03-01 03:18 - 02347384 _____ (ESET) C:\Users\HT\Downloads\esetsmartinstaller_enu.exe
2014-02-28 03:50 - 2014-02-06 11:50 - 00000000 ____D () C:\Users\HT\Versicherungen
2014-02-28 03:50 - 2014-02-04 02:17 - 00000000 ____D () C:\Users\HT\Gemälde und Inventar
2014-02-28 03:50 - 2014-02-02 07:07 - 00000000 ___SD () C:\Users\HT\Documents\Eigene Datenquellen
2014-02-28 03:50 - 2013-11-16 14:26 - 00000000 ____D () C:\Users\HT\Th_Knorr_Str 47
2014-02-28 03:50 - 2013-11-15 02:08 - 00000000 ____D () C:\Users\HT\ThomasKnorr
2014-02-28 03:50 - 2013-08-29 06:59 - 00000000 ____D () C:\Users\HT\Verwaltungsimmobilie
2014-02-28 03:50 - 2013-08-14 17:50 - 00000000 ____D () C:\Users\HT\Buecher
2014-02-28 03:50 - 2013-04-20 05:33 - 00000000 ____D () C:\Users\HT\SusanneBeschaeftigung
2014-02-28 03:50 - 2013-01-14 05:37 - 00000000 ____D () C:\Users\HT\Vorlagen2
2014-02-28 03:50 - 2013-01-13 04:37 - 00000000 ____D () C:\Users\HT\Gesundheit
2014-02-28 03:50 - 2013-01-13 04:35 - 00000000 ____D () C:\Users\HT\Familie
2014-02-28 03:50 - 2013-01-12 23:31 - 00000000 ____D () C:\Users\HT\Bundespolitik
2014-02-28 03:50 - 2013-01-10 20:40 - 00000000 ____D () C:\Users\HT\Documents\MeineBackups
2014-02-28 03:50 - 2013-01-10 18:47 - 00000000 ____D () C:\Users\HT\BilderRosenzweig
2014-02-28 03:50 - 2013-01-10 16:56 - 00000000 ____D () C:\Users\HT\Verein zur kommunalpolitischen Aufklärung
2014-02-28 03:50 - 2013-01-10 16:56 - 00000000 ____D () C:\Users\HT\Thomas
2014-02-28 03:50 - 2013-01-10 16:56 - 00000000 ____D () C:\Users\HT\Telefon
2014-02-28 03:50 - 2013-01-10 16:55 - 00000000 ____D () C:\Users\HT\Politik
2014-02-28 03:50 - 2013-01-10 16:55 - 00000000 ____D () C:\Users\HT\Olympia2022
2014-02-28 03:50 - 2013-01-10 16:53 - 00000000 ____D () C:\Users\HT\Hupfleitenweg
2014-02-28 03:50 - 2013-01-10 16:51 - 00000000 ____D () C:\Users\HT\Lichte
2014-02-28 03:50 - 2013-01-10 16:49 - 00000000 ____D () C:\Users\HT\Steuer
2014-02-28 03:50 - 2013-01-10 14:42 - 00000000 ____D () C:\Users\HT\Downloads\ger
2014-02-28 03:50 - 2013-01-10 13:52 - 00000000 ____D () C:\Users\HT\Downloads\OFFICE11
2014-02-28 03:50 - 2013-01-10 13:04 - 00000000 ____D () C:\Users\HT\Downloads\Photoshop
2014-02-27 10:05 - 2014-02-21 16:37 - 01984679 _____ () C:\Users\HT\Downloads\FRST64.exe
2014-02-27 09:54 - 2014-02-27 09:54 - 00002782 _____ () C:\Users\HT\Desktop\JRT.txt
2014-02-27 09:48 - 2014-02-27 09:48 - 00000000 ____D () C:\Windows\ERUNT
2014-02-27 09:46 - 2014-02-27 09:46 - 01037734 _____ (Thisisu) C:\Users\HT\Downloads\JRT.exe
2014-02-27 09:37 - 2014-02-27 09:35 - 00000000 ____D () C:\AdwCleaner
2014-02-27 09:32 - 2014-02-27 09:32 - 01241834 _____ () C:\Users\HT\Downloads\adwcleaner.exe
2014-02-26 06:08 - 2014-02-26 02:54 - 00000000 ____D () C:\Qoobox
2014-02-26 06:04 - 2014-02-26 06:04 - 00029136 _____ () C:\ComboFix.txt
2014-02-26 06:02 - 2014-02-26 02:54 - 00000000 ____D () C:\Windows\erdnt
2014-02-26 06:00 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-26 03:25 - 2013-09-11 03:44 - 00101174 _____ () C:\Windows\PFRO.log
2014-02-26 02:49 - 2014-02-26 02:49 - 05185084 ____R (Swearware) C:\Users\HT\Downloads\ComboFix.exe
2014-02-24 05:30 - 2014-02-24 05:30 - 01005568 _____ (Microsoft Corporation) C:\Users\HT\Downloads\dotNetFx45_Full_setup.exe
2014-02-24 05:06 - 2014-02-24 05:06 - 04604921 _____ () C:\Users\HT\Downloads\Anti-CryptorBit.zip
2014-02-21 20:59 - 2014-02-21 20:59 - 00001234 _____ () C:\Users\HT\Desktop\Sicherung Th_Knorr_Str.lnk
2014-02-21 20:59 - 2014-02-21 17:50 - 00000000 ____D () C:\Users\HT\SicherungFeb2014
2014-02-21 19:46 - 2014-02-21 19:44 - 00000000 ____D () C:\Users\HT\Sicherung Familie
2014-02-21 19:44 - 2014-02-21 19:44 - 00000000 ____D () C:\Users\HT\Sicherung Bürstadt
2014-02-21 19:32 - 2014-02-21 19:32 - 00001038 _____ () C:\Users\HT\Desktop\Sicherung Gesundheit.lnk
2014-02-21 19:31 - 2014-02-21 19:29 - 00000000 ____D () C:\Users\HT\SicherungGesundheit
2014-02-21 18:35 - 2014-02-21 18:35 - 00000866 _____ () C:\Users\HT\Desktop\Sicherung WallenfelsJan2014.lnk
2014-02-21 18:34 - 2014-02-21 18:34 - 00001122 _____ () C:\Users\HT\Desktop\Sicherung Lichte Jan14.lnk
2014-02-21 18:32 - 2014-02-21 18:32 - 00001180 _____ () C:\Users\HT\Desktop\Sicherung Steuer Feb2014.lnk
2014-02-21 16:42 - 2014-02-21 16:41 - 00023842 _____ () C:\Users\HT\Downloads\Addition.txt
2014-02-21 16:42 - 2014-02-21 16:39 - 00063115 _____ () C:\Users\HT\Downloads\FRST.txt
2014-02-21 06:47 - 2014-02-19 11:02 - 00000000 _____ () C:\Users\HT\Downloads\DecryptHelper.txt
2014-02-21 06:47 - 2014-02-19 11:02 - 00000000 _____ () C:\Users\HT\Downloads\DecryptException.txt
2014-02-20 18:18 - 2014-02-20 18:18 - 00000000 ____D () C:\Users\HT\Documents\ransom_file_unlocker
2014-02-20 18:10 - 2009-07-14 05:45 - 00437256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-20 17:37 - 2014-02-20 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-20 17:34 - 2009-07-14 03:34 - 00000534 _____ () C:\Windows\win.ini
2014-02-20 17:26 - 2013-01-10 13:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-02-20 12:29 - 2014-02-20 12:25 - 00004598 _____ () C:\Users\HT\Downloads\PandaRamsonwareDecrypt.log
2014-02-20 12:22 - 2014-02-20 12:22 - 02760672 _____ () C:\Users\HT\Downloads\pandaunransom.exe
2014-02-20 11:09 - 2014-02-20 10:25 - 00000000 ____D () C:\Users\HT\AppData\Local\LogMeIn Rescue Applet
2014-02-20 10:41 - 2014-02-20 10:40 - 00147258 _____ () C:\Users\HT\Desktop\SpeicherungRegistry.reg
2014-02-20 10:38 - 2014-02-20 10:38 - 00000829 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-20 10:38 - 2014-02-20 10:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-20 10:37 - 2014-02-20 10:36 - 03645064 _____ (Piriform Ltd) C:\Users\HT\Downloads\ccsetup410_slim(1).exe
2014-02-20 10:36 - 2014-02-20 10:36 - 03645064 _____ (Piriform Ltd) C:\Users\HT\Downloads\ccsetup410_slim.exe
2014-02-20 10:25 - 2014-02-20 10:25 - 01295200 _____ (LogMeIn, Inc.) C:\Users\HT\Downloads\Support-LogMeInRescue.exe
2014-02-19 16:46 - 2014-02-19 16:46 - 03084860 _____ () C:\Users\HT\Downloads\Beispielbilder_Win7(1).zip
2014-02-19 16:27 - 2014-02-19 16:27 - 03084860 _____ () C:\Users\HT\Downloads\Beispielbilder_Win7.zip
2014-02-19 16:00 - 2014-02-19 16:00 - 00062065 _____ () C:\Users\HT\Downloads\Avira-RansomFileUnlocker-1.0.1.zip
2014-02-19 14:57 - 2014-02-19 14:57 - 00019458 _____ () C:\Users\HT\Downloads\DecryptHelper-0.5.3(1).jar
2014-02-19 12:08 - 2014-02-19 12:08 - 00000000 ____D () C:\Users\HT\Documents\scareuncrypt-2
2014-02-19 12:05 - 2014-02-19 12:05 - 00000000 ____D () C:\Users\HT\Documents\scareuncrypt-1
2014-02-19 11:41 - 2014-02-19 11:41 - 00000000 ____D () C:\Users\HT\Documents\scareuncrypt
2014-02-19 07:06 - 2014-02-19 07:06 - 00000525 _____ () C:\Users\HT\Downloads\Vergleich.bat
2014-02-18 23:05 - 2014-02-18 10:19 - 00000000 ____D () C:\ProgramData\nttw
2014-02-18 23:04 - 2014-02-18 10:19 - 00000000 ____D () C:\ProgramData\jsmmmt
2014-02-18 22:44 - 2014-02-18 10:19 - 00000000 ____D () C:\ProgramData\lcvs
2014-02-18 22:44 - 2014-02-18 09:45 - 00000000 ____D () C:\ProgramData\dubmrnw
2014-02-18 22:33 - 2014-02-18 10:19 - 00000000 ____D () C:\ProgramData\vyemk
2014-02-18 10:19 - 2014-02-18 10:19 - 00000000 ____D () C:\ProgramData\hgfx
2014-02-18 10:06 - 2014-01-24 16:13 - 01777040 _____ () C:\Users\HT\Desktop\Galaxy_S_Plus_Bedienungsanleitung.zip
2014-02-18 10:06 - 2014-01-24 16:12 - 01777040 _____ () C:\Users\HT\Downloads\Galaxy_S_Plus_Bedienungsanleitung.zip
2014-02-18 10:06 - 2014-01-16 03:44 - 00014457 _____ () C:\Users\HT\Desktop\Louise L. Hay - Heilende Gedanken für Körper und Seele - Verknüpfung.lnk
2014-02-18 10:06 - 2014-01-14 12:04 - 00014336 _____ () C:\Users\HT\Documents\DrGazertStr3.xls
2014-02-18 10:06 - 2014-01-05 13:56 - 01642352 _____ () C:\Users\HT\Downloads\Glendel und die Prinzessin des Lichts -  Teil 1 von 2_ Oder_ Warum die Sonne täglich auf- und untergeht (German Edition).azw3
2014-02-18 10:06 - 2014-01-05 13:56 - 00346692 _____ () C:\Users\HT\Downloads\Perry Rhodan 2600_ Das Thanatos-Programm (Heftroman)_ Perry Rhodan-Zyklus _Neuroversum_ (Perry Rhodan-Erstauflage) (German Edition).azw3
2014-02-18 10:06 - 2014-01-05 13:56 - 00339964 _____ () C:\Users\HT\Downloads\Lacunars Fluch, Teil 1_ Der Auftrag (German Edition).azw3
2014-02-18 10:06 - 2014-01-05 13:56 - 00186416 _____ () C:\Users\HT\Downloads\Die schwarze Hostie_ Teil 1 - Dämonen Serial (German Edition).azw3
2014-02-18 10:06 - 2014-01-05 13:56 - 00167811 _____ () C:\Users\HT\Downloads\Sohn des Meeres (German Edition).azw
2014-02-18 10:06 - 2014-01-05 13:51 - 00477280 _____ () C:\Users\HT\Downloads\Raya und Kill - Gefährliche Grenze (German Edition).azw3
2014-02-18 10:06 - 2014-01-05 13:51 - 00427540 _____ () C:\Users\HT\Downloads\Niklas Pettersson - Im Labyrinth der Finsternis (German Edition).azw3
2014-02-18 10:06 - 2014-01-05 13:46 - 00558364 _____ () C:\Users\HT\Downloads\Unsterblich geliebt (German Edition).azw3
2014-02-18 10:06 - 2014-01-05 13:46 - 00428216 _____ () C:\Users\HT\Downloads\Zwanzigtausend Meilen unter'm Meer - Zweiter Band (German Edition).azw
2014-02-18 10:06 - 2014-01-05 13:46 - 00419020 _____ () C:\Users\HT\Downloads\Zwanzigtausend Meilen unter'm Meer - Erster Band (German Edition).azw
2014-02-18 10:06 - 2013-12-28 19:38 - 00352560 _____ () C:\Users\HT\Downloads\Das Nibelungenlied (German Edition).azw3
2014-02-18 10:06 - 2013-12-28 19:11 - 01444428 _____ () C:\Users\HT\Downloads\Sagen des klassischen Altertums (German Edition).azw
2014-02-18 10:06 - 2013-12-28 19:11 - 00819836 _____ () C:\Users\HT\Downloads\Walhall. Germanische Götter- und Heldensagen (German Edition).azw
2014-02-18 10:06 - 2013-12-28 19:11 - 00809948 _____ () C:\Users\HT\Downloads\Deutsche Sagen (German Edition).azw
2014-02-18 10:06 - 2013-12-28 19:11 - 00809948 _____ () C:\Users\HT\Downloads\Deutsche Sagen (German Edition)(1).azw
2014-02-18 10:06 - 2013-12-28 19:11 - 00313516 _____ () C:\Users\HT\Downloads\Reise um die Erde in 80 Tagen (German Edition).azw3
2014-02-18 10:06 - 2013-12-28 19:11 - 00150860 _____ () C:\Users\HT\Downloads\Heldensagen (German Edition).azw
2014-02-18 10:06 - 2013-12-28 19:10 - 00451827 _____ () C:\Users\HT\Downloads\Der Trotzkopf (German Edition).azw
2014-02-18 10:06 - 2013-12-28 19:00 - 00264920 _____ () C:\Users\HT\Downloads\Das Feuer der Zeit_ Für kurze Zeit kostenlos (German Edition).azw3
2014-02-18 10:06 - 2013-12-28 18:59 - 00628604 _____ () C:\Users\HT\Downloads\Der Hexer von Hymal, Buch I_ Ein Junge aus den Bergen (German Edition).azw3
2014-02-18 10:06 - 2013-12-28 18:59 - 00228821 _____ () C:\Users\HT\Downloads\Das Antlitz der Göttin. Der Ursprung der Liebe - Teil 1. (German Edition).azw3
2014-02-18 10:06 - 2013-12-28 18:43 - 00511464 _____ () C:\Users\HT\Downloads\Am dreizehnten Tag_ Kis-Ba-Shahid (German Edition).azw3
2014-02-18 10:06 - 2013-12-28 18:43 - 00411732 _____ () C:\Users\HT\Downloads\Am dreizehnten Tag_ Flaschengeister (German Edition).azw3
2014-02-18 10:06 - 2013-12-24 20:10 - 00695051 _____ () C:\Users\HT\Downloads\Die Dunkelmagierchroniken - Die Erben der Flamme (Episode 1 - Spiel mit dem Feuer) (German Edition)(1).azw3
2014-02-18 10:06 - 2013-12-24 20:00 - 00211616 _____ () C:\Users\HT\Downloads\Am dreizehnten Tag_ Die Bestimmung (German Edition)(2).azw3
2014-02-18 10:06 - 2013-12-24 19:58 - 00211616 _____ () C:\Users\HT\Downloads\Am dreizehnten Tag_ Die Bestimmung (German Edition)(1).azw3
2014-02-18 10:06 - 2013-02-13 16:52 - 15263645 _____ () C:\Users\HT\Desktop\How Mercury Destroys the Brain - University of Calgary.mp4
2014-02-18 10:06 - 2013-01-13 21:41 - 00077100 _____ () C:\Users\HT\Downloads\POORICH.TTF
2014-02-18 10:06 - 2013-01-10 21:26 - 71762432 _____ () C:\Users\HT\Desktop\NotfallBootT500.iso
2014-02-18 10:06 - 2013-01-10 20:30 - 08540672 _____ () C:\Users\HT\Downloads\FRITZ.Box_Fon_WLAN_7170.29.04.87.image
2014-02-18 10:06 - 2013-01-10 18:41 - 00637587 _____ () C:\Users\HT\Downloads\Outlook.NK2
2014-02-18 10:06 - 2013-01-10 11:59 - 10353240 _____ () C:\Users\HT\Downloads\Windows6.1-KB958559-x64.msu
2014-02-18 10:06 - 2013-01-10 11:15 - 00901650 _____ () C:\Users\HT\Downloads\HAV Detection Tool - User Guide.mht
2014-02-18 10:04 - 2013-12-16 18:15 - 00000000 ____D () C:\Users\HT\AppData\Local\UXDmedia
2014-02-18 10:04 - 2013-01-10 16:43 - 00000000 ____D () C:\Users\HT\AppData\Roaming\FileZilla
2014-02-18 10:04 - 2013-01-09 11:24 - 00000000 ____D () C:\Users\HT\AppData\Local\Windows Live
2014-02-18 09:57 - 2013-01-09 11:24 - 00122592 _____ () C:\Users\HT\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-18 09:53 - 2014-02-18 09:53 - 00001331 _____ () C:\Users\HT\AppData\Local\HOWDECRYPT.HTM
2014-02-18 09:53 - 2014-02-18 09:53 - 00001069 _____ () C:\Users\HT\HOWDECRYPT.TXT
2014-02-18 09:53 - 2014-02-18 09:53 - 00001069 _____ () C:\Users\HT\AppData\Local\HOWDECRYPT.TXT
2014-02-18 09:53 - 2013-01-17 23:53 - 00014848 _____ () C:\Users\HT\BerechnungenGauting.xls
2014-02-18 09:53 - 2013-01-11 06:26 - 00637587 _____ () C:\Users\HT\Outlook.NK2
2014-02-18 09:53 - 2012-01-10 19:56 - 00000000 ____D () C:\RPKTools
2014-02-17 03:56 - 2014-02-17 03:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2b8bce5c340c.job
2014-02-16 07:39 - 2013-01-10 19:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-14 06:35 - 2014-02-14 06:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-09 08:45 - 2014-02-09 08:45 - 00002500 _____ () C:\Users\HT\Downloads\ESt_1_A_2012.xml
2014-02-09 08:13 - 2014-02-09 08:13 - 00001446 _____ () C:\Users\HT\Downloads\Anlage_N_2012(1).xml
2014-02-08 00:15 - 2014-02-08 00:15 - 00001247 _____ () C:\Users\HT\Downloads\Anlage_N_2012.xml
2014-02-04 19:09 - 2012-01-10 13:07 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\HT\TFC.exe


Some content of TEMP:
====================
C:\Users\HT\AppData\Local\Temp\avgnt.exe
C:\Users\HT\AppData\Local\Temp\OLMAPI32.DLL


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-02 11:41

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---



Ich versuche mich ja im Log-Datei lesen, vor allem weil ich wissen möchte, wie diese Howdecrypt-Schadsoftware auf meinen Rechner kam. Hiermit scheint es begonnen zu haben:

Zitat:
C:\Users\HT\Downloads\Windows6.1-KB958559-x64.msu
2014-02-18 10:06 - 2013-01-10 11:15 - 00901650 _____ () C:\Users\HT\Downloads\HAV Detection Tool - User Guide.mht
2014-02-18 10:04 - 2013-12-16 18:15 - 00000000 ____D () C:\Users\HT\AppData\Local\UXDmedia
2014-02-18 10:04 - 2013-01-10 16:43 - 00000000 ____D () C:\Users\HT\AppData\Roaming\FileZilla
2014-02-18 10:04 - 2013-01-09 11:24 - 00000000 ____D () C:\Users\HT\AppData\Local\Windows Live
2014-02-18 09:57 - 2013-01-09 11:24 - 00122592 _____ () C:\Users\HT\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-18 09:53 - 2014-02-18 09:53 - 00001331 _____ () C:\Users\HT\AppData\Local\HOWDECRYPT.HTM
2014-02-18 09:53 - 2014-02-18 09:53 - 00001069 _____ () C:\Users\HT\HOWDECRYPT.TXT
2014-02-18 09:53 - 2014-02-18 09:53 - 00001069 _____ () C:\Users\HT\AppData\Local\HOWDECRYPT.TXT
2014-02-18 09:53 - 2013-01-17 23:53 - 00014848 _____ () C:\Users\HT\BerechnungenGauting.xls
2014-02-18 09:53 - 2013-01-11 06:26 - 00637587 _____ () C:\Users\HT\Outlook.NK2
2014-02-18 09:53 - 2012-01-10 19:56 - 00000000 ____D () C:\RPKTools
2014-02-17 03:56 - 2014-02-17 03:56 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2b8bce5c340c.Job
Anscheinend macht ja Chrome noch irgendwelche Probleme:

Zitat:
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YouTube) - C:\Users\HT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-10]
CHR Extension: (Google Search) - C:\Users\HT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-10]
CHR Extension: (Google Wallet) - C:\Users\HT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\HT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-10]
CHR HKLM-x32\...\Chrome\Extension: [nibmbnacadfhadkiecpkignkpdfbaahl] - C:\ProgramData\SaveByclick\nibmbnacadfhadkiecpkignkpdfbaahl.crx [2013-01-10]
Falls Du weißt, durch was ich mir das Problem eingefangen habe, wäre ich dankbar, wenn Du es mir mitteilen könntest.

Erst einmal aber herzlichen Dank.

Gruß

Heidi

Ich hatte wohl im Dezember einmal etwas mit dem Trojanischen Pferd "TR ATRAPS" zu tun (habe dazu ein Word-Dokument erstellt, welches aber nicht mehr lesbar ist). Kann das mit dem Howdecrypt zusammenhängen?

Gruß

Heidi

schrauber 05.03.2014 17:17
Unwarscheinlich. Aber woher das kam kann man nicht nachvollziehen. Chrome bitte einmal deinstallieren und neu installieren.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
S1 dzehtfmr; \??\C:\Windows\system32\drivers\dzehtfmr.sys [X]
2014-02-18 09:53 - 2014-02-18 09:53 - 00001331 _____ () C:\Users\HT\AppData\Local\HOWDECRYPT.HTM
2014-02-18 09:53 - 2014-02-18 09:53 - 00001069 _____ () C:\Users\HT\HOWDECRYPT.TXT
2014-02-18 09:53 - 2014-02-18 09:53 - 00001069 _____ () C:\Users\HT\AppData\Local\HOWDECRYPT.TXT

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Waldfee99 06.03.2014 03:09
Hallo Schrauber,

Danke für Deine unermüdliche Mühe. Hier die neue Fixlog:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2014
Ran by HT at 2014-03-06 03:09:39 Run:2
Running from C:\Users\HT\Downloads\FRST-OlderVersion
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S1 dzehtfmr; \??\C:\Windows\system32\drivers\dzehtfmr.sys [X]
2014-02-18 09:53 - 2014-02-18 09:53 - 00001331 _____ () C:\Users\HT\AppData\Local\HOWDECRYPT.HTM
2014-02-18 09:53 - 2014-02-18 09:53 - 00001069 _____ () C:\Users\HT\HOWDECRYPT.TXT
2014-02-18 09:53 - 2014-02-18 09:53 - 00001069 _____ () C:\Users\HT\AppData\Local\HOWDECRYPT.TXT
*****************

dzehtfmr => Service deleted successfully.
C:\Users\HT\AppData\Local\HOWDECRYPT.HTM => Moved successfully.
C:\Users\HT\HOWDECRYPT.TXT => Moved successfully.
C:\Users\HT\AppData\Local\HOWDECRYPT.TXT => Moved successfully.

==== End of Fixlog ====

schrauber 06.03.2014 19:48
Noch irgendwelche Probleme? :)

Waldfee99 08.03.2014 06:40
Hallo Schrauber,

dann hoffe ich ja einmal, das alles paßt. Nachdem ich immer mit einem aktuellen Antivir arbeite, stellt sich die Frage, ob dieser kostenlose Virenscanner so effizient ist. Normalerweise hätte er ja die Howdecrypt-Schadsoftware erkennen müssen. Hast Du eine Empfehlung für mich?

Ich habe mich jetzt einmal mit einer Spende erkenntlich gezeigt.

Wenn wir mit den Rechnern meiner drei Kinder und meines Mannes anfangen, soll ich dann die Logfiles in diesen Thread stellen?

Liebe Grüße
Heidi

schrauber 08.03.2014 20:26
Ja enfach hier rein posten. Ich empfehle immer Emsisoft. Aber alles is besser als Antivir.


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:43 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131