Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Agent.368640.413 - Alle persönlichen Dateien in MP3 umgewandelt und geschrottet

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.03.2016, 20:34   #1
SilverBlue37
 
TR/Agent.368640.413 - Alle persönlichen Dateien in MP3 umgewandelt und geschrottet - Standard

TR/Agent.368640.413 - Alle persönlichen Dateien in MP3 umgewandelt und geschrottet



Hallo und Guten Abend,

Mein PC ist gestern abend ganz normal heruntergefahren und heute nachmittag hatte ich beim Hochfahren des PC's plötzlich folgende Probleme:

Der PC war extrem langsam. Danach erschienen diverse Editor-Dateien, HTML-Dateien und PNG-Dateien mit demselben Inhalt:

"NOT YOUR LANGUAGE?

What happened to your files ?
All of your files were protected by a strong encryption with RSA4096
More information about the encryption keys using RSA4096 can be found here: hxxp://en.wikipedia.org/wiki/RSA_(cryptosystem)

How did this happen ?
!!! Specially for your PC was generated personal RSA4096 Key , both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
!!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server

What do I do ?
So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way.
If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment.

For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1 - hxxp://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/31D744DDEE59D624
2 - hxxp://pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula.com/31D744DDEE59D624
3 - hxxp://yyre45dbvn2nhbefbmh.begumvelic.at/31D744DDEE59D624
If for some reasons the addresses are not available, follow these steps:
1 - Download and install tor-browser: hxxp://www.torproject.org/projects/torbrowser.html.en
2 - After a successful installation, run the browser
3 - Type in the address bar: xlowfznrg4wf7dli.onion/31D744DDEE59D624
4 - Follow the instructions on the site

IMPORTANT INFORMATION
Your personal pages
hxxp://sondr5344ygfweyjbfkw4fhsefv.heliofetch.at/31D744DDEE59D624
hxxp://pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula.com/31D744DDEE59D624
hxxp://yyre45dbvn2nhbefbmh.begumvelic.at/31D744DDEE59D624
Your personal page Tor-Browser xlowfznrg4wf7dli.ONION/31D744DDEE59D624"

Am gesamten PC sind in allen möglichen Verzeichnissen, sowie am Desktop diese Dateien mit dem oben geposteten Text vorhanden:

_ReCoVeRy_+bpody.html, .txt, .png
_ReCoVeRy_+fyrgj.html, .txt, .png
_ReCoVeRy_+vvbtv.html, .txt.png

Alle persönlichen Dateien, wie zB TXT, JPG, ODT, DOC usw. waren in MP3-Dateien umgewandelt und geschrottet. Somit sind viele wichtige Dateien/Inhalte verloren.
Ja, ich hab zwar ältere Sicherungen der wichtigsten Dateien, aber natürlich keine aktuellen

Könnt Ihr mir bitte helfen, kann man diesen Trojaner überhaupt entfernen bzw. kann man die "geschrotteten Dateien" wiederherstellen? Ihr seid meine letzte Rettung

Hier die gewünschten LOG-Files

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:02-03-2016
durchgeführt von Halmi31 (Administrator) auf HALMI31-PC (03-03-2016 19:43:02)
Gestartet von C:\Users\Halmi31\Downloads
Geladene Profile: Halmi31 &  (Verfügbare Profile: Halmi31)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 9 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
( ) C:\Windows\System32\lxbkcoms.exe
() C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
() C:\Windows\System32\Rezip.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) C:\Program Files\bob internet\bobInternet.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-14] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [lxbkbmgr.exe] => C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [74408 2008-02-28] (Lexmark International, Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-05] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [804168 2016-02-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3165278548-3479948120-67840956-1000\...\Run: [Dropbox Update] => C:\Users\Halmi31\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-21] (Dropbox, Inc.)
HKU\S-1-5-21-3165278548-3479948120-67840956-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3165278548-3479948120-67840956-1000\...\Run: [qfjbyju] => C:\windows\system32\CMD.EXE /c start
HKU\S-1-5-21-3165278548-3479948120-67840956-1000\...\Run: [fohjwxf] => C:\windows\system32\CMD.EXE /c start
HKU\S-1-5-21-3165278548-3479948120-67840956-1000\...\Run: [whbjxxi] => C:\windows\system32\CMD.EXE /c start
HKU\S-1-5-21-3165278548-3479948120-67840956-1000\...\MountPoints2: E - E:\Autorun.exe
HKU\S-1-5-21-3165278548-3479948120-67840956-1000\...\MountPoints2: F - F:\Autorun.exe
HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Halmi31\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-21] (Dropbox, Inc.)
HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [qfjbyju] => C:\windows\system32\CMD.EXE /c start
HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [fohjwxf] => C:\windows\system32\CMD.EXE /c start
HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [whbjxxi] => C:\windows\system32\CMD.EXE /c start
HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\Autorun.exe
HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\Autorun.exe
HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Dropbox Update] => C:\Users\Halmi31\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-21] (Dropbox, Inc.)
HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [qfjbyju] => C:\windows\system32\CMD.EXE /c start
HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [fohjwxf] => C:\windows\system32\CMD.EXE /c start
HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [whbjxxi] => C:\windows\system32\CMD.EXE /c start
HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: E - E:\Autorun.exe
HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: F - F:\Autorun.exe
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Halmi31\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Halmi31\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Halmi31\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Halmi31\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Halmi31\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Halmi31\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Halmi31\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Halmi31\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2010-03-04]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+bpody.html [2016-03-03] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+bpody.png [2016-03-03] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+bpody.txt [2016-03-03] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+fyrgj.html [2016-03-03] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+fyrgj.png [2016-03-03] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+fyrgj.txt [2016-03-03] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vvbtv.html [2016-03-02] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vvbtv.png [2016-03-02] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+vvbtv.txt [2016-03-02] ()
Startup: C:\Users\Halmi31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+bpody.html [2016-03-03] ()
Startup: C:\Users\Halmi31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+bpody.png [2016-03-03] ()
Startup: C:\Users\Halmi31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+bpody.txt [2016-03-03] ()
Startup: C:\Users\Halmi31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+fyrgj.html [2016-03-03] ()
Startup: C:\Users\Halmi31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+fyrgj.png [2016-03-03] ()
Startup: C:\Users\Halmi31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_ReCoVeRy_+fyrgj.txt [2016-03-03] ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\..\Interfaces\{7A29546B-3E05-4B6C-B461-1C2123E007F7}: [NameServer] 213.162.69.169 213.162.69.1
Tcpip\..\Interfaces\{B8CCB553-BD7C-4B7E-952D-C93B2767E58E}: [NameServer] 194.48.128.199 194.48.139.254

Internet Explorer:
==================
HKU\S-1-5-21-3165278548-3479948120-67840956-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3165278548-3479948120-67840956-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000 -> {0EAC58AB-AFD8-487D-A711-332A4C9D2DEA} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000 -> {206CE0A5-F24B-459C-A2EF-577445ECA9C1} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000 -> {37B1C5FE-3A88-4966-B88D-BFD608BD66EB} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000 -> {8454FDAF-F492-43E6-A6DE-06523C3F8B6D} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://avg.nation.com/avgtbavg/search/web?cid={8752CA46-9F1C-47C4-9822-ECF2CDC07F36}&mid=6686352e8e7e47d3bd0bd16d12825b19-b27c567cacf102ebaf285e358de3ec350a56c94f&lang=de&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-29 17:02:40&v=17.0.1.12&pid=nation&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0EAC58AB-AFD8-487D-A711-332A4C9D2DEA} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {206CE0A5-F24B-459C-A2EF-577445ECA9C1} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {37B1C5FE-3A88-4966-B88D-BFD608BD66EB} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {8454FDAF-F492-43E6-A6DE-06523C3F8B6D} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://avg.nation.com/avgtbavg/search/web?cid={8752CA46-9F1C-47C4-9822-ECF2CDC07F36}&mid=6686352e8e7e47d3bd0bd16d12825b19-b27c567cacf102ebaf285e358de3ec350a56c94f&lang=de&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-29 17:02:40&v=17.0.1.12&pid=nation&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {0EAC58AB-AFD8-487D-A711-332A4C9D2DEA} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {206CE0A5-F24B-459C-A2EF-577445ECA9C1} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {37B1C5FE-3A88-4966-B88D-BFD608BD66EB} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {8454FDAF-F492-43E6-A6DE-06523C3F8B6D} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://avg.nation.com/avgtbavg/search/web?cid={8752CA46-9F1C-47C4-9822-ECF2CDC07F36}&mid=6686352e8e7e47d3bd0bd16d12825b19-b27c567cacf102ebaf285e358de3ec350a56c94f&lang=de&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-29 17:02:40&v=17.0.1.12&pid=nation&sg=0&sap=dsp&q={searchTerms}
BHO: Kein Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> Keine Datei
BHO: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Keine Datei
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-18] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Kein Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Keine Datei
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-18] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-12-15] (DVDVideoSoft Ltd.)
Toolbar: HKLM - Kein Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  Keine Datei
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-3165278548-3479948120-67840956-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-3165278548-3479948120-67840956-1000 -> Kein Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  Keine Datei
Toolbar: HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Kein Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  Keine Datei
Toolbar: HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> Kein Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  Keine Datei
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} hxxp://www.king.com/ctl/kingcomie.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://www.airport-nuernberg.de/_/tools/AxisCamControl.cab
DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} hxxps://as.photoprintit.com/ips-opdata/activex/ImageUploader6.cab
DPF: {CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-09] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\Halmi31\AppData\Roaming\Mozilla\Firefox\Profiles\useah0ng.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-06] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3165278548-3479948120-67840956-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Halmi31\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-08-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Halmi31\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-08-27] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3165278548-3479948120-67840956-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Halmi31\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-08-27] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\Halmi31\AppData\Roaming\Mozilla\Firefox\Profiles\useah0ng.default\Extensions\abs@avira.com [2016-03-03]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Halmi31\AppData\Roaming\Mozilla\Firefox\Profiles\useah0ng.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-15] [ist nicht signiert]
FF Extension: Adblock Plus - C:\Users\Halmi31\AppData\Roaming\Mozilla\Firefox\Profiles\useah0ng.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]

Chrome: 
=======
CHR Profile: C:\Users\Halmi31\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Halmi31\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-03]
CHR Extension: (Google-Suche) - C:\Users\Halmi31\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-03]
CHR Extension: (Google Mail) - C:\Users\Halmi31\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-03]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [948392 2016-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [466408 2016-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [466408 2016-02-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1417592 2016-02-20] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [249120 2016-01-05] (Avira Operations GmbH & Co. KG)
R2 lxbk_device; C:\windows\system32\lxbkcoms.exe [537256 2008-02-19] ( )
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 OberonGameConsoleService; C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [44312 2009-08-13] ()
R2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] () [Datei ist nicht signiert]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [106968 2015-12-17] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [42272 2014-04-28] (AVG Technologies)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [135760 2016-02-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37896 2015-09-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\windows\System32\DRIVERS\avnetflt.sys [55456 2015-12-17] (Avira Operations GmbH & Co. KG)
S3 massfilter; C:\windows\System32\drivers\massfilter.sys [9216 2010-02-22] (MBB Incorporated)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 samsung_hspa_datacard_cdc_acm; C:\windows\System32\DRIVERS\samsung_hspa_datacard_cdc_acm.sys [68608 2010-01-15] (Samsung)
R3 samsung_hspa_datacard_cdc_ecm; C:\windows\System32\DRIVERS\samsung_hspa_datacard_cdc_ecm.sys [81920 2010-01-15] (Samsung)
R3 samsung_hspa_datacard_dc_enum; C:\windows\System32\DRIVERS\samsung_hspa_datacard_dc_enum.sys [62464 2010-01-15] (Samsung)
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [31848 2015-09-01] (Avira Operations GmbH & Co. KG)
S3 ss_bbus; C:\windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [201168 2009-12-07] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-03 19:43 - 2016-03-03 19:44 - 00030055 _____ C:\Users\Halmi31\Downloads\FRST.txt
2016-03-03 19:42 - 2016-03-03 19:43 - 00000000 ____D C:\FRST
2016-03-03 19:42 - 2016-03-03 19:42 - 01722368 _____ (Farbar) C:\Users\Halmi31\Downloads\FRST.exe
2016-03-03 17:53 - 2016-03-03 18:27 - 00170200 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-03 17:52 - 2016-03-03 17:52 - 00001020 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-03-03 17:52 - 2016-03-03 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-03-03 17:52 - 2016-03-03 17:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-03 17:52 - 2016-03-03 17:52 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2016-03-03 17:52 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-03-03 17:52 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-03-03 17:52 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-03-03 17:49 - 2016-03-03 17:50 - 22908888 _____ (Malwarebytes ) C:\Users\Halmi31\Downloads\mbam-setup-org-2.2.0.1024.exe
2016-03-03 15:46 - 2016-03-03 15:46 - 00012326 _____ C:\windows\_ReCoVeRy_+bpody.html
2016-03-03 15:46 - 2016-03-03 15:46 - 00001989 _____ C:\windows\_ReCoVeRy_+bpody.txt
2016-03-03 15:43 - 2016-03-03 15:43 - 00012326 _____ C:\windows\Tasks\_ReCoVeRy_+bpody.html
2016-03-03 15:43 - 2016-03-03 15:43 - 00012326 _____ C:\windows\system32\_ReCoVeRy_+bpody.html
2016-03-03 15:43 - 2016-03-03 15:43 - 00001989 _____ C:\windows\Tasks\_ReCoVeRy_+bpody.txt
2016-03-03 15:43 - 2016-03-03 15:43 - 00001989 _____ C:\windows\system32\_ReCoVeRy_+bpody.txt
2016-03-03 15:40 - 2016-03-03 15:40 - 00012326 _____ C:\windows\system32\Drivers\etc\_ReCoVeRy_+bpody.html
2016-03-03 15:40 - 2016-03-03 15:40 - 00012326 _____ C:\windows\system32\Drivers\_ReCoVeRy_+bpody.html
2016-03-03 15:40 - 2016-03-03 15:40 - 00001989 _____ C:\windows\system32\Drivers\etc\_ReCoVeRy_+bpody.txt
2016-03-03 15:40 - 2016-03-03 15:40 - 00001989 _____ C:\windows\system32\Drivers\_ReCoVeRy_+bpody.txt
2016-03-03 15:39 - 2016-03-03 15:39 - 00012326 _____ C:\windows\system32\config\_ReCoVeRy_+bpody.html
2016-03-03 15:39 - 2016-03-03 15:39 - 00001989 _____ C:\windows\system32\config\_ReCoVeRy_+bpody.txt
2016-03-03 15:38 - 2016-03-03 15:38 - 00012326 _____ C:\windows\system\_ReCoVeRy_+bpody.html
2016-03-03 15:38 - 2016-03-03 15:38 - 00001989 _____ C:\windows\system\_ReCoVeRy_+bpody.txt
2016-03-03 15:36 - 2016-03-03 15:36 - 00012326 _____ C:\windows\Minidump\_ReCoVeRy_+bpody.html
2016-03-03 15:36 - 2016-03-03 15:36 - 00001989 _____ C:\windows\Minidump\_ReCoVeRy_+bpody.txt
2016-03-03 15:18 - 2016-03-03 15:18 - 00012326 _____ C:\Users\Public\_ReCoVeRy_+bpody.html
2016-03-03 15:18 - 2016-03-03 15:18 - 00001989 _____ C:\Users\Public\_ReCoVeRy_+bpody.txt
2016-03-03 15:14 - 2016-03-03 15:14 - 00012326 _____ C:\Users\Public\Downloads\_ReCoVeRy_+bpody.html
2016-03-03 15:14 - 2016-03-03 15:14 - 00012326 _____ C:\Users\Halmi31\_ReCoVeRy_+bpody.html
2016-03-03 15:14 - 2016-03-03 15:14 - 00001989 _____ C:\Users\Public\Downloads\_ReCoVeRy_+bpody.txt
2016-03-03 15:14 - 2016-03-03 15:14 - 00001989 _____ C:\Users\Halmi31\_ReCoVeRy_+bpody.txt
2016-03-03 15:05 - 2016-03-03 15:05 - 00012326 _____ C:\Users\Halmi31\Downloads\_ReCoVeRy_+bpody.html
2016-03-03 15:05 - 2016-03-03 15:05 - 00001989 _____ C:\Users\Halmi31\Downloads\_ReCoVeRy_+bpody.txt
2016-03-03 15:02 - 2016-03-03 15:05 - 00012326 _____ C:\Users\Halmi31\Documents\_ReCoVeRy_+bpody.html
2016-03-03 15:02 - 2016-03-03 15:05 - 00001989 _____ C:\Users\Halmi31\Documents\_ReCoVeRy_+bpody.txt
2016-03-03 15:00 - 2016-03-03 15:00 - 00012326 _____ C:\Users\Halmi31\AppData\_ReCoVeRy_+bpody.html
2016-03-03 15:00 - 2016-03-03 15:00 - 00001989 _____ C:\Users\Halmi31\AppData\_ReCoVeRy_+bpody.txt
2016-03-03 14:57 - 2016-03-03 15:11 - 00012326 _____ C:\Users\Halmi31\AppData\Roaming\Microsoft\Windows\Start Menu\_ReCoVeRy_+bpody.html
2016-03-03 14:57 - 2016-03-03 15:11 - 00001989 _____ C:\Users\Halmi31\AppData\Roaming\Microsoft\Windows\Start Menu\_ReCoVeRy_+bpody.txt
2016-03-03 14:56 - 2016-03-03 14:57 - 00012326 _____ C:\Users\Halmi31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+bpody.html
2016-03-03 14:56 - 2016-03-03 14:57 - 00001989 _____ C:\Users\Halmi31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+bpody.txt
2016-03-03 14:54 - 2016-03-03 14:54 - 00012326 _____ C:\Users\Halmi31\AppData\LocalLow\_ReCoVeRy_+bpody.html
2016-03-03 14:54 - 2016-03-03 14:54 - 00001989 _____ C:\Users\Halmi31\AppData\LocalLow\_ReCoVeRy_+bpody.txt
2016-03-03 14:49 - 2016-03-03 15:06 - 00012326 _____ C:\Users\Halmi31\AppData\Local\_ReCoVeRy_+bpody.html
2016-03-03 14:49 - 2016-03-03 15:06 - 00001989 _____ C:\Users\Halmi31\AppData\Local\_ReCoVeRy_+bpody.txt
2016-03-03 14:49 - 2016-03-03 15:00 - 00012326 _____ C:\Users\Halmi31\AppData\Roaming\_ReCoVeRy_+bpody.html
2016-03-03 14:49 - 2016-03-03 15:00 - 00001989 _____ C:\Users\Halmi31\AppData\Roaming\_ReCoVeRy_+bpody.txt
2016-03-03 14:49 - 2016-03-03 14:49 - 00012326 _____ C:\Users\Default\Downloads\_ReCoVeRy_+bpody.html
2016-03-03 14:49 - 2016-03-03 14:49 - 00012326 _____ C:\Users\Default\Documents\_ReCoVeRy_+bpody.html
2016-03-03 14:49 - 2016-03-03 14:49 - 00012326 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+bpody.html
2016-03-03 14:49 - 2016-03-03 14:49 - 00012326 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\_ReCoVeRy_+bpody.html
2016-03-03 14:49 - 2016-03-03 14:49 - 00012326 _____ C:\Users\Default\AppData\Roaming\_ReCoVeRy_+bpody.html
2016-03-03 14:49 - 2016-03-03 14:49 - 00012326 _____ C:\Users\Default\AppData\_ReCoVeRy_+bpody.html
2016-03-03 14:49 - 2016-03-03 14:49 - 00012326 _____ C:\Users\Default\_ReCoVeRy_+bpody.html
2016-03-03 14:49 - 2016-03-03 14:49 - 00012326 _____ C:\Users\Default User\Downloads\_ReCoVeRy_+bpody.html
2016-03-03 14:49 - 2016-03-03 14:49 - 00012326 _____ C:\Users\Default User\Documents\_ReCoVeRy_+bpody.html
2016-03-03 14:49 - 2016-03-03 14:49 - 00012326 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+bpody.html
2016-03-03 14:49 - 2016-03-03 14:49 - 00012326 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\_ReCoVeRy_+bpody.html
2016-03-03 14:49 - 2016-03-03 14:49 - 00012326 _____ C:\Users\Default User\AppData\Roaming\_ReCoVeRy_+bpody.html
2016-03-03 14:49 - 2016-03-03 14:49 - 00012326 _____ C:\Users\Default User\AppData\_ReCoVeRy_+bpody.html
2016-03-03 14:49 - 2016-03-03 14:49 - 00001989 _____ C:\Users\Default\Downloads\_ReCoVeRy_+bpody.txt
2016-03-03 14:49 - 2016-03-03 14:49 - 00001989 _____ C:\Users\Default\Documents\_ReCoVeRy_+bpody.txt
2016-03-03 14:49 - 2016-03-03 14:49 - 00001989 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+bpody.txt
2016-03-03 14:49 - 2016-03-03 14:49 - 00001989 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\_ReCoVeRy_+bpody.txt
2016-03-03 14:49 - 2016-03-03 14:49 - 00001989 _____ C:\Users\Default\AppData\Roaming\_ReCoVeRy_+bpody.txt
2016-03-03 14:49 - 2016-03-03 14:49 - 00001989 _____ C:\Users\Default\AppData\_ReCoVeRy_+bpody.txt
2016-03-03 14:49 - 2016-03-03 14:49 - 00001989 _____ C:\Users\Default\_ReCoVeRy_+bpody.txt
2016-03-03 14:49 - 2016-03-03 14:49 - 00001989 _____ C:\Users\Default User\Downloads\_ReCoVeRy_+bpody.txt
2016-03-03 14:49 - 2016-03-03 14:49 - 00001989 _____ C:\Users\Default User\Documents\_ReCoVeRy_+bpody.txt
2016-03-03 14:49 - 2016-03-03 14:49 - 00001989 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+bpody.txt
2016-03-03 14:49 - 2016-03-03 14:49 - 00001989 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\_ReCoVeRy_+bpody.txt
2016-03-03 14:49 - 2016-03-03 14:49 - 00001989 _____ C:\Users\Default User\AppData\Roaming\_ReCoVeRy_+bpody.txt
2016-03-03 14:49 - 2016-03-03 14:49 - 00001989 _____ C:\Users\Default User\AppData\_ReCoVeRy_+bpody.txt
2016-03-03 14:48 - 2016-03-03 14:49 - 00012326 _____ C:\Users\Default\AppData\Local\_ReCoVeRy_+bpody.html
2016-03-03 14:48 - 2016-03-03 14:49 - 00012326 _____ C:\Users\Default User\AppData\Local\_ReCoVeRy_+bpody.html
2016-03-03 14:48 - 2016-03-03 14:49 - 00001989 _____ C:\Users\Default\AppData\Local\_ReCoVeRy_+bpody.txt
2016-03-03 14:48 - 2016-03-03 14:49 - 00001989 _____ C:\Users\Default User\AppData\Local\_ReCoVeRy_+bpody.txt
2016-03-03 14:45 - 2016-03-03 14:46 - 00012326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\_ReCoVeRy_+bpody.html
2016-03-03 14:45 - 2016-03-03 14:46 - 00001989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\_ReCoVeRy_+bpody.txt
2016-03-03 14:45 - 2016-03-03 14:45 - 00012326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+bpody.html
2016-03-03 14:45 - 2016-03-03 14:45 - 00001989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+bpody.txt
2016-03-03 14:44 - 2016-03-03 15:14 - 00012326 _____ C:\Users\Public\Documents\_ReCoVeRy_+bpody.html
2016-03-03 14:44 - 2016-03-03 15:14 - 00001989 _____ C:\Users\Public\Documents\_ReCoVeRy_+bpody.txt
2016-03-03 14:43 - 2016-03-03 14:48 - 00012326 _____ C:\ProgramData\_ReCoVeRy_+bpody.html
2016-03-03 14:43 - 2016-03-03 14:48 - 00001989 _____ C:\ProgramData\_ReCoVeRy_+bpody.txt
2016-03-03 14:42 - 2016-03-03 15:18 - 00012326 _____ C:\Users\_ReCoVeRy_+bpody.html
2016-03-03 14:42 - 2016-03-03 15:18 - 00001989 _____ C:\Users\_ReCoVeRy_+bpody.txt
2016-03-03 14:42 - 2016-03-03 14:42 - 00000254 _____ C:\Users\Halmi31\Documents\recover_file_aaykwjwiv.txt
2016-03-03 14:38 - 2016-03-03 14:38 - 00012326 _____ C:\Users\Halmi31\Downloads\_ReCoVeRy_+fyrgj.html
2016-03-03 14:38 - 2016-03-03 14:38 - 00001989 _____ C:\Users\Halmi31\Downloads\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:36 - 2016-03-03 14:36 - 00012326 _____ C:\Users\Halmi31\Documents\_ReCoVeRy_+fyrgj.html
2016-03-03 14:36 - 2016-03-03 14:36 - 00001989 _____ C:\Users\Halmi31\Documents\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:33 - 2016-03-03 14:33 - 00012326 _____ C:\Users\Halmi31\AppData\_ReCoVeRy_+fyrgj.html
2016-03-03 14:33 - 2016-03-03 14:33 - 00001989 _____ C:\Users\Halmi31\AppData\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:28 - 2016-03-03 14:28 - 00012326 _____ C:\Users\Halmi31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+fyrgj.html
2016-03-03 14:28 - 2016-03-03 14:28 - 00012326 _____ C:\Users\Halmi31\AppData\Roaming\Microsoft\Windows\Start Menu\_ReCoVeRy_+fyrgj.html
2016-03-03 14:28 - 2016-03-03 14:28 - 00001989 _____ C:\Users\Halmi31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:28 - 2016-03-03 14:28 - 00001989 _____ C:\Users\Halmi31\AppData\Roaming\Microsoft\Windows\Start Menu\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:26 - 2016-03-03 14:26 - 00012326 _____ C:\Users\Halmi31\AppData\LocalLow\_ReCoVeRy_+fyrgj.html
2016-03-03 14:26 - 2016-03-03 14:26 - 00001989 _____ C:\Users\Halmi31\AppData\LocalLow\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:18 - 2016-03-03 14:23 - 00012326 _____ C:\Users\Halmi31\AppData\Local\_ReCoVeRy_+fyrgj.html
2016-03-03 14:18 - 2016-03-03 14:23 - 00001989 _____ C:\Users\Halmi31\AppData\Local\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:17 - 2016-03-03 14:33 - 00012326 _____ C:\Users\Halmi31\AppData\Roaming\_ReCoVeRy_+fyrgj.html
2016-03-03 14:17 - 2016-03-03 14:33 - 00001989 _____ C:\Users\Halmi31\AppData\Roaming\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:17 - 2016-03-03 14:17 - 00012326 _____ C:\Users\Default\Downloads\_ReCoVeRy_+fyrgj.html
2016-03-03 14:17 - 2016-03-03 14:17 - 00012326 _____ C:\Users\Default\Documents\_ReCoVeRy_+fyrgj.html
2016-03-03 14:17 - 2016-03-03 14:17 - 00012326 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+fyrgj.html
2016-03-03 14:17 - 2016-03-03 14:17 - 00012326 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\_ReCoVeRy_+fyrgj.html
2016-03-03 14:17 - 2016-03-03 14:17 - 00012326 _____ C:\Users\Default\AppData\Roaming\_ReCoVeRy_+fyrgj.html
2016-03-03 14:17 - 2016-03-03 14:17 - 00012326 _____ C:\Users\Default\AppData\_ReCoVeRy_+fyrgj.html
2016-03-03 14:17 - 2016-03-03 14:17 - 00012326 _____ C:\Users\Default\_ReCoVeRy_+fyrgj.html
2016-03-03 14:17 - 2016-03-03 14:17 - 00012326 _____ C:\Users\Default User\Downloads\_ReCoVeRy_+fyrgj.html
2016-03-03 14:17 - 2016-03-03 14:17 - 00012326 _____ C:\Users\Default User\Documents\_ReCoVeRy_+fyrgj.html
2016-03-03 14:17 - 2016-03-03 14:17 - 00012326 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+fyrgj.html
2016-03-03 14:17 - 2016-03-03 14:17 - 00012326 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\_ReCoVeRy_+fyrgj.html
2016-03-03 14:17 - 2016-03-03 14:17 - 00012326 _____ C:\Users\Default User\AppData\Roaming\_ReCoVeRy_+fyrgj.html
2016-03-03 14:17 - 2016-03-03 14:17 - 00012326 _____ C:\Users\Default User\AppData\_ReCoVeRy_+fyrgj.html
2016-03-03 14:17 - 2016-03-03 14:17 - 00001989 _____ C:\Users\Default\Downloads\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:17 - 2016-03-03 14:17 - 00001989 _____ C:\Users\Default\Documents\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:17 - 2016-03-03 14:17 - 00001989 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:17 - 2016-03-03 14:17 - 00001989 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:17 - 2016-03-03 14:17 - 00001989 _____ C:\Users\Default\AppData\Roaming\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:17 - 2016-03-03 14:17 - 00001989 _____ C:\Users\Default\AppData\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:17 - 2016-03-03 14:17 - 00001989 _____ C:\Users\Default\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:17 - 2016-03-03 14:17 - 00001989 _____ C:\Users\Default User\Downloads\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:17 - 2016-03-03 14:17 - 00001989 _____ C:\Users\Default User\Documents\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:17 - 2016-03-03 14:17 - 00001989 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:17 - 2016-03-03 14:17 - 00001989 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:17 - 2016-03-03 14:17 - 00001989 _____ C:\Users\Default User\AppData\Roaming\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:17 - 2016-03-03 14:17 - 00001989 _____ C:\Users\Default User\AppData\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:16 - 2016-03-03 14:17 - 00012326 _____ C:\Users\Default\AppData\Local\_ReCoVeRy_+fyrgj.html
2016-03-03 14:16 - 2016-03-03 14:17 - 00012326 _____ C:\Users\Default User\AppData\Local\_ReCoVeRy_+fyrgj.html
2016-03-03 14:16 - 2016-03-03 14:17 - 00001989 _____ C:\Users\Default\AppData\Local\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:16 - 2016-03-03 14:17 - 00001989 _____ C:\Users\Default User\AppData\Local\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:13 - 2016-03-03 14:14 - 00012326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\_ReCoVeRy_+fyrgj.html
2016-03-03 14:13 - 2016-03-03 14:14 - 00001989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:13 - 2016-03-03 14:13 - 00012326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+fyrgj.html
2016-03-03 14:13 - 2016-03-03 14:13 - 00001989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:12 - 2016-03-03 14:12 - 00012326 _____ C:\Users\Public\Documents\_ReCoVeRy_+fyrgj.html
2016-03-03 14:12 - 2016-03-03 14:12 - 00001989 _____ C:\Users\Public\Documents\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:11 - 2016-03-03 14:16 - 00012326 _____ C:\ProgramData\_ReCoVeRy_+fyrgj.html
2016-03-03 14:11 - 2016-03-03 14:16 - 00001989 _____ C:\ProgramData\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:10 - 2016-03-03 14:10 - 00012326 _____ C:\Users\_ReCoVeRy_+fyrgj.html
2016-03-03 14:10 - 2016-03-03 14:10 - 00001989 _____ C:\Users\_ReCoVeRy_+fyrgj.txt
2016-03-03 14:10 - 2016-03-03 14:10 - 00000254 _____ C:\Users\Halmi31\Documents\recover_file_kptarqcul.txt
2016-03-02 23:09 - 2016-03-02 23:09 - 00012326 _____ C:\Users\Halmi31\AppData\Roaming\_ReCoVeRy_+vvbtv.html
2016-03-02 23:09 - 2016-03-02 23:09 - 00012326 _____ C:\Users\Halmi31\AppData\Local\_ReCoVeRy_+vvbtv.html
2016-03-02 23:09 - 2016-03-02 23:09 - 00001989 _____ C:\Users\Halmi31\AppData\Roaming\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:09 - 2016-03-02 23:09 - 00001989 _____ C:\Users\Halmi31\AppData\Local\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:08 - 2016-03-02 23:08 - 00012326 _____ C:\Users\Default\Downloads\_ReCoVeRy_+vvbtv.html
2016-03-02 23:08 - 2016-03-02 23:08 - 00012326 _____ C:\Users\Default\Documents\_ReCoVeRy_+vvbtv.html
2016-03-02 23:08 - 2016-03-02 23:08 - 00012326 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+vvbtv.html
2016-03-02 23:08 - 2016-03-02 23:08 - 00012326 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\_ReCoVeRy_+vvbtv.html
2016-03-02 23:08 - 2016-03-02 23:08 - 00012326 _____ C:\Users\Default\AppData\Roaming\_ReCoVeRy_+vvbtv.html
2016-03-02 23:08 - 2016-03-02 23:08 - 00012326 _____ C:\Users\Default\AppData\Local\_ReCoVeRy_+vvbtv.html
2016-03-02 23:08 - 2016-03-02 23:08 - 00012326 _____ C:\Users\Default\AppData\_ReCoVeRy_+vvbtv.html
2016-03-02 23:08 - 2016-03-02 23:08 - 00012326 _____ C:\Users\Default\_ReCoVeRy_+vvbtv.html
2016-03-02 23:08 - 2016-03-02 23:08 - 00012326 _____ C:\Users\Default User\Downloads\_ReCoVeRy_+vvbtv.html
2016-03-02 23:08 - 2016-03-02 23:08 - 00012326 _____ C:\Users\Default User\Documents\_ReCoVeRy_+vvbtv.html
2016-03-02 23:08 - 2016-03-02 23:08 - 00012326 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+vvbtv.html
2016-03-02 23:08 - 2016-03-02 23:08 - 00012326 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\_ReCoVeRy_+vvbtv.html
2016-03-02 23:08 - 2016-03-02 23:08 - 00012326 _____ C:\Users\Default User\AppData\Roaming\_ReCoVeRy_+vvbtv.html
2016-03-02 23:08 - 2016-03-02 23:08 - 00012326 _____ C:\Users\Default User\AppData\Local\_ReCoVeRy_+vvbtv.html
2016-03-02 23:08 - 2016-03-02 23:08 - 00012326 _____ C:\Users\Default User\AppData\_ReCoVeRy_+vvbtv.html
2016-03-02 23:08 - 2016-03-02 23:08 - 00001989 _____ C:\Users\Default\Downloads\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:08 - 2016-03-02 23:08 - 00001989 _____ C:\Users\Default\Documents\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:08 - 2016-03-02 23:08 - 00001989 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:08 - 2016-03-02 23:08 - 00001989 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:08 - 2016-03-02 23:08 - 00001989 _____ C:\Users\Default\AppData\Roaming\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:08 - 2016-03-02 23:08 - 00001989 _____ C:\Users\Default\AppData\Local\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:08 - 2016-03-02 23:08 - 00001989 _____ C:\Users\Default\AppData\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:08 - 2016-03-02 23:08 - 00001989 _____ C:\Users\Default\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:08 - 2016-03-02 23:08 - 00001989 _____ C:\Users\Default User\Downloads\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:08 - 2016-03-02 23:08 - 00001989 _____ C:\Users\Default User\Documents\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:08 - 2016-03-02 23:08 - 00001989 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:08 - 2016-03-02 23:08 - 00001989 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:08 - 2016-03-02 23:08 - 00001989 _____ C:\Users\Default User\AppData\Roaming\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:08 - 2016-03-02 23:08 - 00001989 _____ C:\Users\Default User\AppData\Local\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:08 - 2016-03-02 23:08 - 00001989 _____ C:\Users\Default User\AppData\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:06 - 2016-03-02 23:06 - 00012326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+vvbtv.html
2016-03-02 23:06 - 2016-03-02 23:06 - 00012326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\_ReCoVeRy_+vvbtv.html
2016-03-02 23:06 - 2016-03-02 23:06 - 00001989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:06 - 2016-03-02 23:06 - 00001989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:05 - 2016-03-02 23:05 - 00012326 _____ C:\Users\Public\Documents\_ReCoVeRy_+vvbtv.html
2016-03-02 23:05 - 2016-03-02 23:05 - 00001989 _____ C:\Users\Public\Documents\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:04 - 2016-03-02 23:08 - 00012326 _____ C:\ProgramData\_ReCoVeRy_+vvbtv.html
2016-03-02 23:04 - 2016-03-02 23:08 - 00001989 _____ C:\ProgramData\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:04 - 2016-03-02 23:04 - 00012326 _____ C:\Users\_ReCoVeRy_+vvbtv.html
2016-03-02 23:04 - 2016-03-02 23:04 - 00001989 _____ C:\Users\_ReCoVeRy_+vvbtv.txt
2016-03-02 23:03 - 2016-03-02 23:03 - 00000254 _____ C:\Users\Halmi31\Documents\recover_file_pofcfnxrq.txt
2016-02-28 13:39 - 2016-03-03 14:56 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
2016-02-20 17:13 - 2016-03-03 14:56 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-20 10:32 - 2016-02-20 10:33 - 00347864 _____ C:\windows\system32\FNTCACHE.DAT
2016-02-19 14:28 - 2016-02-19 14:28 - 00084016 _____ C:\Users\Halmi31\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-18 17:50 - 2016-02-18 17:50 - 00000000 ____D C:\Program Files\Common Files\Java
2016-02-06 12:50 - 2016-02-06 12:52 - 00000000 ____D C:\Program Files\GUM1DBD.tmp

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-03-03 19:17 - 2010-03-04 14:25 - 00000000 ____D C:\Users\Halmi31
2016-03-03 19:13 - 2014-04-26 11:19 - 00008464 _____ C:\Users\Halmi31\Desktop\Urlaube 2015
2016-03-03 18:56 - 2010-03-04 18:41 - 00001098 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-03 18:49 - 2015-06-21 17:36 - 00001232 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3165278548-3479948120-67840956-1000UA.job
2016-03-03 18:47 - 2015-10-25 16:24 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-03-03 17:29 - 2009-07-14 05:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-03 17:29 - 2009-07-14 05:34 - 00010272 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-03 17:17 - 2010-03-04 18:41 - 00001094 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-03 17:16 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-03-03 16:09 - 2009-07-14 03:37 - 00000000 ____D C:\windows\ModemLogs
2016-03-03 15:46 - 2011-06-10 07:44 - 00000000 _RSHD C:\Winmend~Folder~Hidden
2016-03-03 15:43 - 2013-03-18 14:02 - 00000000 ____D C:\windows\system32\x64
2016-03-03 15:43 - 2010-01-23 03:15 - 00000000 ____D C:\windows\system32\XPSViewer
2016-03-03 15:43 - 2009-07-14 05:56 - 00000000 ____D C:\windows\system32\winrm
2016-03-03 15:43 - 2009-07-14 05:56 - 00000000 ____D C:\windows\system32\WCN
2016-03-03 15:43 - 2009-07-14 05:52 - 00000000 ____D C:\windows\system32\WinBioPlugIns
2016-03-03 15:43 - 2009-07-14 05:52 - 00000000 ____D C:\windows\system32\WinBioDatabase
2016-03-03 15:43 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Web
2016-03-03 15:43 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Vss
2016-03-03 15:43 - 2009-07-14 03:37 - 00000000 ____D C:\windows\tracing
2016-03-03 15:43 - 2009-07-14 03:37 - 00000000 ____D C:\windows\TAPI
2016-03-03 15:43 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\winevt
2016-03-03 15:42 - 2011-07-13 11:58 - 00000000 ____D C:\windows\system32\SPReview
2016-03-03 15:42 - 2010-01-22 09:47 - 00000000 ____D C:\windows\system32\SRSLabs
2016-03-03 15:42 - 2010-01-22 09:47 - 00000000 ____D C:\windows\system32\RTCOM
2016-03-03 15:42 - 2009-07-14 05:56 - 00000000 ____D C:\windows\system32\slmgr
2016-03-03 15:42 - 2009-07-14 05:56 - 00000000 ____D C:\windows\system32\Printing_Admin_Scripts
2016-03-03 15:42 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\sysprep
2016-03-03 15:42 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\spool
2016-03-03 15:42 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\SMI
2016-03-03 15:42 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\Setup
2016-03-03 15:42 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\ras
2016-03-03 15:42 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\oobe
2016-03-03 15:41 - 2013-07-11 15:06 - 00000000 ____D C:\windows\system32\MRT
2016-03-03 15:41 - 2010-01-22 09:54 - 00000000 ____D C:\windows\system32\Macromed
2016-03-03 15:41 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\NDF
2016-03-03 15:41 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\MUI
2016-03-03 15:41 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\Msdtc
2016-03-03 15:41 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\migwiz
2016-03-03 15:41 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\manifeststore
2016-03-03 15:41 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\lv-LV
2016-03-03 15:41 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\lt-LT
2016-03-03 15:40 - 2013-03-08 15:56 - 00000000 ____D C:\windows\system32\directx
2016-03-03 15:40 - 2011-07-13 11:56 - 00000000 ____D C:\windows\system32\EventProviders
2016-03-03 15:40 - 2010-01-22 09:46 - 00000000 ____D C:\windows\system32\Lang
2016-03-03 15:40 - 2009-07-14 05:52 - 00000000 ____D C:\windows\system32\FxsTmp
2016-03-03 15:40 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\inetsrv
2016-03-03 15:40 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\IME
2016-03-03 15:40 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\ias
2016-03-03 15:40 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\GroupPolicyUsers
2016-03-03 15:40 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\GroupPolicy
2016-03-03 15:40 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\et-EE
2016-03-03 15:40 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\Dism
2016-03-03 15:39 - 2010-01-23 03:25 - 00000000 ____D C:\windows\system32\de
2016-03-03 15:39 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\config\Journal
2016-03-03 15:39 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\com
2016-03-03 15:38 - 2015-11-05 19:46 - 00000000 __SHD C:\windows\system32\%APPDATA%
2016-03-03 15:38 - 2010-08-20 11:29 - 00000000 ____D C:\windows\Sun
2016-03-03 15:38 - 2010-03-04 14:40 - 00000000 ____D C:\windows\SHELLNEW
2016-03-03 15:38 - 2010-01-23 03:25 - 00000000 ____D C:\windows\system32\0407
2016-03-03 15:38 - 2010-01-22 09:48 - 00000000 ____D C:\windows\softwaredistribution.bak
2016-03-03 15:38 - 2009-07-14 05:34 - 00000000 ____D C:\windows\Setup
2016-03-03 15:38 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system
2016-03-03 15:37 - 2009-07-14 05:34 - 00000000 ____D C:\windows\ServiceProfiles
2016-03-03 15:37 - 2009-07-14 03:37 - 00000000 ____D C:\windows\security
2016-03-03 15:36 - 2012-11-29 11:37 - 00000000 ____D C:\windows\Minidump
2016-03-03 15:36 - 2010-12-27 21:45 - 00000000 ____D C:\windows\pss
2016-03-03 15:36 - 2010-03-04 14:42 - 00000000 ____D C:\windows\PCHEALTH
2016-03-03 15:36 - 2010-01-23 03:00 - 00000000 ____D C:\windows\MSetup
2016-03-03 15:36 - 2009-07-26 21:57 - 00000000 ____D C:\windows\Sec
2016-03-03 15:36 - 2009-07-26 21:57 - 00000000 ____D C:\windows\Panther
2016-03-03 15:36 - 2009-07-14 05:52 - 00000000 ____D C:\windows\Performance
2016-03-03 15:36 - 2009-07-14 05:52 - 00000000 ____D C:\windows\Offline Web Pages
2016-03-03 15:36 - 2009-07-14 03:37 - 00000000 ____D C:\windows\schemas
2016-03-03 15:36 - 2009-07-14 03:37 - 00000000 ____D C:\windows\SchCache
2016-03-03 15:36 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Resources
2016-03-03 15:36 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Registration
2016-03-03 15:36 - 2009-07-14 03:37 - 00000000 ____D C:\windows\PolicyDefinitions
2016-03-03 15:36 - 2009-07-14 03:37 - 00000000 ____D C:\windows\PLA
2016-03-03 15:31 - 2009-07-14 03:37 - 00000000 __RSD C:\windows\Media
2016-03-03 15:31 - 2009-07-14 03:37 - 00000000 ____D C:\windows\LiveKernelReports
2016-03-03 15:31 - 2009-07-14 03:37 - 00000000 ____D C:\windows\L2Schemas
2016-03-03 15:29 - 2009-07-14 03:37 - 00000000 ____D C:\windows\inf
2016-03-03 15:28 - 2009-07-14 03:37 - 00000000 ____D C:\windows\IME
2016-03-03 15:28 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Help
2016-03-03 15:28 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Globalization
2016-03-03 15:27 - 2010-01-22 10:31 - 00000000 ____D C:\windows\CheckSur
2016-03-03 15:27 - 2009-07-14 05:56 - 00000000 ____D C:\windows\DigitalLocker
2016-03-03 15:27 - 2009-07-14 05:52 - 00000000 ____D C:\windows\Downloaded Program Files
2016-03-03 15:27 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Cursors
2016-03-03 15:27 - 2009-07-14 03:37 - 00000000 ____D C:\windows\Branding
2016-03-03 15:18 - 2009-07-14 05:52 - 00000000 ____D C:\windows\addins
2016-03-03 15:18 - 2009-07-14 03:37 - 00000000 ____D C:\windows\AppCompat
2016-03-03 15:14 - 2015-02-02 23:50 - 00094656 _____ C:\Users\Halmi31\Wohnungsplan.pdf
2016-03-03 15:14 - 2013-03-08 15:29 - 00000000 __SHD C:\Users\Halmi31\wc
2016-03-03 15:14 - 2012-05-27 14:40 - 00000000 ____D C:\Users\Halmi31\Wichtige eingescannte Dokumente
2016-03-03 15:14 - 2010-09-14 07:14 - 00000000 ____D C:\Users\Halmi31\ÖBB-Dokumente
2016-03-03 15:14 - 2010-03-05 10:10 - 00000000 ____D C:\Users\Public\CyberLink
2016-03-03 15:14 - 2010-03-04 17:11 - 00000000 ____D C:\Users\Public\Documents\Y3300_Data
2016-03-03 15:14 - 2009-07-14 03:37 - 00000000 __RHD C:\Users\Public\Libraries
2016-03-03 15:11 - 2014-06-02 20:28 - 00000000 ____D C:\Users\Halmi31\Schiff-Zwischenfälle
2016-03-03 15:05 - 2015-04-22 08:49 - 00000000 ___RD C:\Users\Halmi31\Dropbox
2016-03-03 15:05 - 2014-04-22 18:52 - 00000000 ____D C:\Users\Halmi31\Downloads\Tor Browser_Neu
2016-03-03 15:04 - 2014-04-22 18:33 - 00000000 ____D C:\Users\Halmi31\Downloads\Tor Browser
2016-03-03 15:02 - 2016-01-18 18:45 - 00000000 ____D C:\Users\Halmi31\Downloads\AnalysePlugin
2016-03-03 15:02 - 2012-04-29 19:28 - 00000000 ____D C:\Users\Halmi31\Documents\samsung
2016-03-03 15:02 - 2011-05-19 06:55 - 00000000 ____D C:\Users\Halmi31\Documents\DVDVideoSoft
2016-03-03 15:02 - 2010-03-11 19:37 - 00000000 ____D C:\Users\Halmi31\Documents\OneNote-Notizbücher
2016-03-03 15:02 - 2010-03-05 10:10 - 00000000 ____D C:\Users\Halmi31\Documents\Youcam
2016-03-03 15:01 - 2014-01-17 15:33 - 00000000 ____D C:\Users\Halmi31\Aufzubewahrene Unterlagen
2016-03-03 15:01 - 2012-11-19 12:41 - 00000000 ____D C:\Users\Halmi31\AuszudruckenAuszuarbeiten
2016-03-03 15:01 - 2010-03-04 15:39 - 00000000 ____D C:\Users\Halmi31\Documents\Bluetooth-Exchange-Ordner
2016-03-03 15:00 - 2015-11-26 17:11 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Sun
2016-03-03 15:00 - 2013-09-17 13:54 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Unity
2016-03-03 15:00 - 2013-03-08 15:28 - 00000000 __SHD C:\Users\Halmi31\AppData\Roaming\wyUpdate AU
2016-03-03 15:00 - 2013-02-16 20:22 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\WildTangent
2016-03-03 15:00 - 2012-01-30 11:09 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\TuneUp Software
2016-03-03 15:00 - 2011-12-29 10:51 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Tific
2016-03-03 15:00 - 2011-08-10 16:49 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\thriXXX
2016-03-03 15:00 - 2010-07-19 18:07 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Yahoo!
2016-03-03 15:00 - 2010-04-21 19:00 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\skypePM
2016-03-03 15:00 - 2010-04-20 22:26 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Skype
2016-03-03 14:58 - 2014-10-28 01:13 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Oracle
2016-03-03 14:58 - 2012-04-29 19:28 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Samsung
2016-03-03 14:58 - 2010-06-08 13:28 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\OpenOffice.org
2016-03-03 14:57 - 2013-08-31 08:42 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\thriXXX
2016-03-03 14:57 - 2010-12-17 22:24 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Mozilla
2016-03-03 14:56 - 2013-06-17 10:06 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Easeware
2016-03-03 14:56 - 2013-03-08 14:34 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\LeitSim4
2016-03-03 14:56 - 2012-10-13 13:41 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3D-Fahrschule - Deutschland Edition
2016-03-03 14:56 - 2012-01-30 07:54 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\GHISLER
2016-03-03 14:56 - 2012-01-30 06:31 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2016-03-03 14:56 - 2011-04-11 16:39 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\GetRightToGo
2016-03-03 14:56 - 2010-03-05 17:16 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Go Go Gourmet
2016-03-03 14:56 - 2010-03-05 17:15 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\GameConsole
2016-03-03 14:56 - 2010-03-04 18:35 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Macromedia
2016-03-03 14:56 - 2010-03-04 17:10 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Google
2016-03-03 14:56 - 2010-03-04 15:01 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2016-03-03 14:55 - 2012-10-07 10:28 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Dropbox
2016-03-03 14:55 - 2011-11-02 08:57 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\DVDVideoSoft
2016-03-03 14:54 - 2015-12-22 16:21 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\AVG
2016-03-03 14:54 - 2015-09-26 21:26 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Avira
2016-03-03 14:54 - 2015-02-04 23:24 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\COMPUTERBILD-Abzockschutz
2016-03-03 14:54 - 2013-09-17 11:55 - 00000000 ____D C:\Users\Halmi31\AppData\LocalLow\Unity
2016-03-03 14:54 - 2010-05-05 05:32 - 00000000 ___SD C:\Users\Halmi31\AppData\LocalLow\Temp
2016-03-03 14:54 - 2010-03-06 13:32 - 00000000 ____D C:\Users\Halmi31\AppData\LocalLow\Sun
2016-03-03 14:54 - 2010-03-05 17:15 - 00000000 __SHD C:\Users\Halmi31\AppData\Roaming\.#
2016-03-03 14:54 - 2010-03-04 18:34 - 00000000 ____D C:\Users\Halmi31\AppData\Roaming\Adobe
2016-03-03 14:53 - 2015-04-07 18:01 - 00000000 ____D C:\Users\Halmi31\AppData\LocalLow\Oracle
2016-03-03 14:53 - 2010-10-01 11:05 - 00000000 ____D C:\Users\Halmi31\AppData\Local\Windows Live
2016-03-03 14:53 - 2010-07-19 18:21 - 00000000 ____D C:\Users\Halmi31\AppData\Local\Yahoo
2016-03-03 14:53 - 2010-03-06 14:27 - 00000000 ____D C:\Users\Halmi31\AppData\LocalLow\Adobe
2016-03-03 14:53 - 2010-03-04 17:10 - 00000000 ____D C:\Users\Halmi31\AppData\LocalLow\Google
2016-03-03 14:53 - 2010-03-04 14:25 - 00000000 ____D C:\Users\Halmi31\AppData\Local\VirtualStore
2016-03-03 14:52 - 2015-01-11 18:57 - 00000000 ____D C:\Users\Halmi31\AppData\Local\TuneUp Software
2016-03-03 14:52 - 2014-04-22 18:35 - 00000000 ____D C:\Users\Halmi31\AppData\Local\Mozilla
2016-03-03 14:52 - 2013-09-17 11:55 - 00000000 ____D C:\Users\Halmi31\AppData\Local\Unity
2016-03-03 14:52 - 2012-04-29 19:28 - 00000000 ____D C:\Users\Halmi31\AppData\Local\Samsung
2016-03-03 14:52 - 2011-12-29 10:51 - 00000000 ____D C:\Users\Halmi31\AppData\Local\Symantec
2016-03-03 14:51 - 2014-05-31 21:49 - 00000000 ____D C:\Users\Halmi31\AppData\Local\Microsoft Games
2016-03-03 14:51 - 2010-03-04 14:40 - 00000000 ____D C:\Users\Halmi31\AppData\Local\Microsoft Help
2016-03-03 14:50 - 2014-11-23 23:14 - 00000000 ____D C:\Users\Halmi31\AppData\Local\Macromedia
2016-03-03 14:50 - 2013-03-29 12:31 - 00000000 ____D C:\Users\Halmi31\AppData\Local\MFAData
2016-03-03 14:50 - 2013-03-08 14:40 - 00000000 ____D C:\Users\Halmi31\AppData\Local\LeitSim4
2016-03-03 14:50 - 2011-04-30 12:40 - 00000000 ____D C:\Users\Halmi31\AppData\Local\king.com
2016-03-03 14:50 - 2010-03-04 17:10 - 00000000 ____D C:\Users\Halmi31\AppData\Local\Google
2016-03-03 14:49 - 2015-12-22 16:12 - 00000000 ____D C:\Users\Halmi31\AppData\Local\AvgSetupLog
2016-03-03 14:49 - 2015-12-04 17:05 - 00000000 ____D C:\Users\Halmi31\.oracle_jre_usage
2016-03-03 14:49 - 2015-12-02 11:31 - 00000000 ____D C:\Users\Halmi31\AppData\Local\CEF
2016-03-03 14:49 - 2015-06-21 17:35 - 00000000 ____D C:\Users\Halmi31\AppData\Local\Dropbox
2016-03-03 14:49 - 2014-11-20 12:25 - 00000000 ____D C:\Users\Halmi31\AppData\Local\Avg
2016-03-03 14:49 - 2014-08-27 22:36 - 00000000 ____D C:\Users\Halmi31\AppData\Local\Adobe
2016-03-03 14:49 - 2013-04-05 11:58 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2016-03-03 14:49 - 2013-04-05 11:58 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2016-03-03 14:49 - 2013-03-08 14:40 - 00000000 ____D C:\Users\Halmi31\AppData\Local\Christof_Wiederkehr
2016-03-03 14:49 - 2012-04-29 19:10 - 00000000 ____D C:\Users\Halmi31\AppData\Local\Downloaded Installations
2016-03-03 14:49 - 2010-12-17 22:23 - 00000000 ____D C:\Users\Halmi31\AppData\Local\AOL
2016-03-03 14:49 - 2010-04-04 13:20 - 00000000 ____D C:\Users\Halmi31\AppData\Local\CrashDumps
2016-03-03 14:49 - 2010-03-04 15:01 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2016-03-03 14:49 - 2010-03-04 15:01 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2016-03-03 14:49 - 2010-03-04 14:28 - 00000000 ____D C:\Users\Halmi31\AppData\Local\Broadcom
2016-03-03 14:48 - 2015-01-11 18:51 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2016-03-03 14:48 - 2013-02-16 20:32 - 00000000 ____D C:\ProgramData\WT_MasterInstall_Temp
2016-03-03 14:48 - 2012-01-30 11:07 - 00000000 __SHD C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2016-03-03 14:48 - 2011-12-16 13:39 - 00000000 __HDC C:\ProgramData\{92809A0D-A823-4253-90B2-7D5F59F20E10}
2016-03-03 14:48 - 2010-10-01 17:14 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-03-03 14:48 - 2010-10-01 17:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-03-03 14:48 - 2010-01-22 10:00 - 00000000 ____D C:\ProgramData\WinClon
2016-03-03 14:46 - 2015-12-22 16:36 - 00000000 ____D C:\ProgramData\RogueKiller
2016-03-03 14:46 - 2015-09-26 19:21 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-03 14:46 - 2015-01-11 18:53 - 00000000 ____D C:\ProgramData\TuneUp Software
2016-03-03 14:46 - 2014-10-02 23:03 - 00000000 ____D C:\ProgramData\Mozilla
2016-03-03 14:46 - 2014-02-17 23:28 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-03-03 14:46 - 2014-01-08 17:11 - 00000000 ____D C:\ProgramData\Skype
2016-03-03 14:46 - 2013-11-27 14:00 - 00000000 ____D C:\ProgramData\Oracle
2016-03-03 14:46 - 2013-02-16 20:22 - 00000000 ____D C:\ProgramData\WildTangent
2016-03-03 14:46 - 2011-12-16 13:38 - 00000000 ____D C:\ProgramData\mquadr.at
2016-03-03 14:46 - 2010-03-07 12:18 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-03-03 14:46 - 2010-03-06 13:49 - 00000000 ____D C:\ProgramData\Sun
2016-03-03 14:46 - 2010-03-06 11:54 - 00000000 ____D C:\ProgramData\Norton
2016-03-03 14:46 - 2010-03-04 14:59 - 00000000 ____D C:\ProgramData\Temp
2016-03-03 14:46 - 2010-01-22 10:19 - 00000000 ____D C:\ProgramData\SiteAdvisor
2016-03-03 14:46 - 2010-01-22 09:58 - 00000000 ____D C:\ProgramData\SAMSUNG
2016-03-03 14:45 - 2015-12-22 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-03-03 14:45 - 2015-09-26 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-03-03 14:45 - 2014-02-17 23:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-03-03 14:45 - 2013-09-15 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-03 14:45 - 2013-06-17 09:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-03-03 14:45 - 2012-10-13 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D-Fahrschule - Deutschland Edition
2016-03-03 14:45 - 2012-10-13 11:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D-Fahrschule Demo
2016-03-03 14:45 - 2012-02-01 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Photo Recovery
2016-03-03 14:45 - 2011-12-16 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bob Internet
2016-03-03 14:45 - 2011-06-10 07:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMend
2016-03-03 14:45 - 2011-05-19 06:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2016-03-03 14:45 - 2010-10-01 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-03 14:45 - 2010-06-08 13:14 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.2
2016-03-03 14:45 - 2010-06-06 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2016-03-03 14:45 - 2010-06-06 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tinypic
2016-03-03 14:45 - 2010-03-26 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark X1100 Series
2016-03-03 14:45 - 2010-03-04 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2016-03-03 14:45 - 2010-03-04 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-03-03 14:45 - 2010-03-04 14:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-03-03 14:45 - 2010-03-04 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2016-03-03 14:45 - 2010-03-04 14:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Casual Games
2016-03-03 14:45 - 2010-01-28 04:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connection Manager
2016-03-03 14:45 - 2010-01-22 10:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phoenix Technologies Ltd
2016-03-03 14:45 - 2010-01-22 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2016-03-03 14:45 - 2009-07-14 05:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-03 14:44 - 2015-06-21 17:35 - 00000000 ____D C:\ProgramData\Dropbox
2016-03-03 14:44 - 2013-03-29 12:31 - 00000000 ____D C:\ProgramData\MFAData
2016-03-03 14:44 - 2010-03-05 10:10 - 00000000 ____D C:\ProgramData\CyberLink
2016-03-03 14:44 - 2010-01-22 10:21 - 00000000 ____D C:\ProgramData\Google
2016-03-03 14:43 - 2015-12-22 16:14 - 00000000 ____D C:\ProgramData\Avg
2016-03-03 14:43 - 2015-09-26 19:21 - 00000000 ____D C:\ProgramData\Avira
2016-03-03 14:43 - 2013-06-17 09:13 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-03-03 14:43 - 2013-06-17 09:13 - 00000000 ____D C:\ProgramData\BlueStacks
2016-03-03 14:43 - 2012-10-13 13:40 - 00000000 ____D C:\Programme
2016-03-03 14:43 - 2010-12-05 09:45 - 00000000 ____D C:\Games
2016-03-03 14:43 - 2010-04-20 18:34 - 00000000 ____D C:\temp
2016-03-03 14:43 - 2010-03-26 10:25 - 00000000 ____D C:\LexmarkX1100
2016-03-03 14:43 - 2010-03-04 14:39 - 00000000 __RHD C:\MSOCache
2016-03-03 14:43 - 2010-03-04 14:31 - 00000000 ____D C:\ProgramData\Adobe
2016-03-03 14:43 - 2010-01-22 09:45 - 00000000 ____D C:\Intel
2016-03-03 14:43 - 2009-07-14 03:37 - 00000000 ____D C:\PerfLogs
2016-03-03 14:36 - 2014-02-19 20:19 - 00016224 _____ C:\Users\Halmi31\Desktop\Mar16.txt
2016-03-02 20:49 - 2015-06-21 17:36 - 00001180 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3165278548-3479948120-67840956-1000Core.job
2016-02-29 21:46 - 2012-12-07 14:31 - 01675388 _____ C:\windows\system32\PerfStringBackup.INI
2016-02-29 21:46 - 2010-01-23 03:26 - 00719034 _____ C:\windows\system32\perfh007.dat
2016-02-29 21:46 - 2010-01-23 03:26 - 00159934 _____ C:\windows\system32\perfc007.dat
2016-02-20 18:16 - 2009-07-14 03:37 - 00000000 ____D C:\windows\rescache
2016-02-20 12:44 - 2010-03-04 15:05 - 05124557 ____H C:\Users\Halmi31\AppData\Local\IconCache.db.backup
2016-02-20 11:18 - 2010-05-08 13:49 - 00002110 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-20 10:55 - 2015-09-26 21:09 - 00135760 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2016-02-18 17:51 - 2012-10-06 12:04 - 00000000 ____D C:\Program Files\Java
2016-02-18 17:48 - 2015-04-07 18:00 - 00095840 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2016-02-17 14:46 - 2015-11-29 17:47 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-16 13:41 - 2015-12-18 17:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-16 13:41 - 2014-10-02 23:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-09 21:47 - 2012-03-31 07:34 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2016-02-09 21:47 - 2011-06-16 12:02 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2016-02-06 12:51 - 2016-01-15 18:45 - 00001056 _____ C:\Users\Public\Desktop\Avira Launcher.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-03-03 14:49 - 2016-03-03 15:00 - 0012326 _____ () C:\Users\Halmi31\AppData\Roaming\_ReCoVeRy_+bpody.html
2016-03-03 14:49 - 2016-03-03 15:00 - 0085051 _____ () C:\Users\Halmi31\AppData\Roaming\_ReCoVeRy_+bpody.png
2016-03-03 14:49 - 2016-03-03 15:00 - 0001989 _____ () C:\Users\Halmi31\AppData\Roaming\_ReCoVeRy_+bpody.txt
2016-03-03 14:17 - 2016-03-03 14:33 - 0012326 _____ () C:\Users\Halmi31\AppData\Roaming\_ReCoVeRy_+fyrgj.html
2016-03-03 14:17 - 2016-03-03 14:33 - 0085051 _____ () C:\Users\Halmi31\AppData\Roaming\_ReCoVeRy_+fyrgj.png
2016-03-03 14:17 - 2016-03-03 14:33 - 0001989 _____ () C:\Users\Halmi31\AppData\Roaming\_ReCoVeRy_+fyrgj.txt
2016-03-02 23:09 - 2016-03-02 23:09 - 0012326 _____ () C:\Users\Halmi31\AppData\Roaming\_ReCoVeRy_+vvbtv.html
2016-03-02 23:09 - 2016-03-02 23:09 - 0085051 _____ () C:\Users\Halmi31\AppData\Roaming\_ReCoVeRy_+vvbtv.png
2016-03-02 23:09 - 2016-03-02 23:09 - 0001989 _____ () C:\Users\Halmi31\AppData\Roaming\_ReCoVeRy_+vvbtv.txt
2016-03-03 14:57 - 2016-03-03 14:57 - 0012326 _____ () C:\Users\Halmi31\AppData\Roaming\Microsoft\_ReCoVeRy_+bpody.html
2016-03-03 14:57 - 2016-03-03 14:57 - 0085051 _____ () C:\Users\Halmi31\AppData\Roaming\Microsoft\_ReCoVeRy_+bpody.png
2016-03-03 14:57 - 2016-03-03 14:57 - 0001989 _____ () C:\Users\Halmi31\AppData\Roaming\Microsoft\_ReCoVeRy_+bpody.txt
2016-03-03 14:28 - 2016-03-03 14:28 - 0012326 _____ () C:\Users\Halmi31\AppData\Roaming\Microsoft\_ReCoVeRy_+fyrgj.html
2016-03-03 14:28 - 2016-03-03 14:28 - 0085051 _____ () C:\Users\Halmi31\AppData\Roaming\Microsoft\_ReCoVeRy_+fyrgj.png
2016-03-03 14:28 - 2016-03-03 14:28 - 0001989 _____ () C:\Users\Halmi31\AppData\Roaming\Microsoft\_ReCoVeRy_+fyrgj.txt
2011-12-04 15:14 - 2012-11-22 09:21 - 0006144 _____ () C:\Users\Halmi31\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-03-03 14:49 - 2016-03-03 15:06 - 0012326 _____ () C:\Users\Halmi31\AppData\Local\_ReCoVeRy_+bpody.html
2016-03-03 14:49 - 2016-03-03 15:06 - 0085051 _____ () C:\Users\Halmi31\AppData\Local\_ReCoVeRy_+bpody.png
2016-03-03 14:49 - 2016-03-03 15:06 - 0001989 _____ () C:\Users\Halmi31\AppData\Local\_ReCoVeRy_+bpody.txt
2016-03-03 14:18 - 2016-03-03 14:23 - 0012326 _____ () C:\Users\Halmi31\AppData\Local\_ReCoVeRy_+fyrgj.html
2016-03-03 14:18 - 2016-03-03 14:23 - 0085051 _____ () C:\Users\Halmi31\AppData\Local\_ReCoVeRy_+fyrgj.png
2016-03-03 14:18 - 2016-03-03 14:23 - 0001989 _____ () C:\Users\Halmi31\AppData\Local\_ReCoVeRy_+fyrgj.txt
2016-03-02 23:09 - 2016-03-02 23:09 - 0012326 _____ () C:\Users\Halmi31\AppData\Local\_ReCoVeRy_+vvbtv.html
2016-03-02 23:09 - 2016-03-02 23:09 - 0085051 _____ () C:\Users\Halmi31\AppData\Local\_ReCoVeRy_+vvbtv.png
2016-03-02 23:09 - 2016-03-02 23:09 - 0001989 _____ () C:\Users\Halmi31\AppData\Local\_ReCoVeRy_+vvbtv.txt
2010-03-04 14:32 - 2009-08-17 06:54 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2016-03-03 14:43 - 2016-03-03 14:48 - 0012326 _____ () C:\ProgramData\_ReCoVeRy_+bpody.html
2016-03-03 14:43 - 2016-03-03 14:48 - 0085051 _____ () C:\ProgramData\_ReCoVeRy_+bpody.png
2016-03-03 14:43 - 2016-03-03 14:48 - 0001989 _____ () C:\ProgramData\_ReCoVeRy_+bpody.txt
2016-03-03 14:11 - 2016-03-03 14:16 - 0012326 _____ () C:\ProgramData\_ReCoVeRy_+fyrgj.html
2016-03-03 14:11 - 2016-03-03 14:16 - 0085051 _____ () C:\ProgramData\_ReCoVeRy_+fyrgj.png
2016-03-03 14:11 - 2016-03-03 14:16 - 0001989 _____ () C:\ProgramData\_ReCoVeRy_+fyrgj.txt
2016-03-02 23:04 - 2016-03-02 23:08 - 0012326 _____ () C:\ProgramData\_ReCoVeRy_+vvbtv.html
2016-03-02 23:04 - 2016-03-02 23:08 - 0085051 _____ () C:\ProgramData\_ReCoVeRy_+vvbtv.png
2016-03-02 23:04 - 2016-03-02 23:08 - 0001989 _____ () C:\ProgramData\_ReCoVeRy_+vvbtv.txt

Einige Dateien in TEMP:
====================
C:\Users\Halmi31\AppData\Local\Temp\avgnt.exe
C:\Users\Halmi31\AppData\Local\Temp\rtdrvmon.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\windows\explorer.exe => Datei ist digital signiert
C:\windows\system32\winlogon.exe => Datei ist digital signiert
C:\windows\system32\wininit.exe => Datei ist digital signiert
C:\windows\system32\svchost.exe => Datei ist digital signiert
C:\windows\system32\services.exe => Datei ist digital signiert
C:\windows\system32\User32.dll => Datei ist digital signiert
C:\windows\system32\userinit.exe => Datei ist digital signiert
C:\windows\system32\rpcss.dll => Datei ist digital signiert
C:\windows\system32\dnsapi.dll => Datei ist digital signiert
C:\windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-02-20 18:04

==================== Ende vom FRST.txt ============================
         
Die Addition txt schicke ich als Anhang mit, da sie zu gross ist, bekomme dauernd eine Fehlermeldung.

Hier das Avira-Ergebnis

Code:
ATTFilter
Exportierte Ereignisse:

03.03.2016 16:09 [System-Scanner] Malware gefunden
      Die Datei 'C:\windows\sxakvxpiqntp.exe'
      enthält folgendes Muster 'TR/Agent.368640.413' [trojan]
      Ausgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '46ada4ad.qua' 
      verschoben!
         
MBAM-Scan hat keine Funde ergeben!

Vielen Dank schon im Voraus!

Grüße


SilverBlue37

Alt 03.03.2016, 22:19   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.368640.413 - Alle persönlichen Dateien in MP3 umgewandelt und geschrottet - Standard

TR/Agent.368640.413 - Alle persönlichen Dateien in MP3 umgewandelt und geschrottet



wenn du keine Backups hast, sind die Daten ohne den privaten Schlüssel (d.h. ohne Bezahlung an die Erpresser) verloren. Die Schattenkopien kannst du wahrscheinlich auch vergessen. Aber das wäre wirklich die Möglichkeit die es zu testen gilt => http://www.trojaner-board.de/115496-...erstellen.html
__________________

__________________

Alt 03.03.2016, 23:21   #3
SilverBlue37
 
TR/Agent.368640.413 - Alle persönlichen Dateien in MP3 umgewandelt und geschrottet - Standard

TR/Agent.368640.413 - Alle persönlichen Dateien in MP3 umgewandelt und geschrottet



Ich habs befürchtet; danke für den Tipp, hat aber leider nicht geklappt.

Habe mittlerweile auch das BKA eingeschaltet, damit es diesen Kriminellen endlich mal an den Kragen geht, auch wenn es unwahrscheinlich ist, dass sie erwischt werden.

Werd morgen noch als letzten Rettungsanker die Recovery CD von Kaspersky versuchen.

Danke.

Gn8

SilverBlue37
__________________

Alt 04.03.2016, 10:22   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Agent.368640.413 - Alle persönlichen Dateien in MP3 umgewandelt und geschrottet - Standard

TR/Agent.368640.413 - Alle persönlichen Dateien in MP3 umgewandelt und geschrottet



Die Recovery-CD von Kaspersky kann da genau garnix machen. Virenscanner finden Schädlinge. Kaputte oder verschlüsselte Dateien wiederherzaubern geht nicht!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu TR/Agent.368640.413 - Alle persönlichen Dateien in MP3 umgewandelt und geschrottet
antivirus, avira, cid, computer, defender, desktop, dnsapi.dll, entfernen, explorer, firefox, flash player, help, home, installation, mozilla, mp3, private key, prozesse, public key, realtek, registry, rsa4096, scan, server, services.exe, software, svchost.exe, trojaner, windows



Ähnliche Themen: TR/Agent.368640.413 - Alle persönlichen Dateien in MP3 umgewandelt und geschrottet


  1. Externe Speichermedien - Dateien wird in Verknüpfungen umgewandelt
    Plagegeister aller Art und deren Bekämpfung - 14.05.2015 (52)
  2. Vista: Unbekannter Ordner in meinen persönlichen Dateien
    Plagegeister aller Art und deren Bekämpfung - 09.03.2015 (11)
  3. Windows 8.1: Bundestrojaner Film- Bild- und andere Dateien .enc codiert und in .rtf umgewandelt
    Log-Analyse und Auswertung - 15.04.2014 (12)
  4. Nach einem Bundespolizei Trojaner foto und film dateien .enc codiert und in RTF dateien umgewandelt
    Antiviren-, Firewall- und andere Schutzprogramme - 10.04.2014 (2)
  5. Windows7: Dateien werden in Verknüpfungen umgewandelt und nicht mehr geöffnet. Trojaner?
    Log-Analyse und Auswertung - 24.02.2014 (15)
  6. Windows 7: Wird ein Stick an PC gehängt, werden alle Dateien in Verknüpfungen umgewandelt
    Log-Analyse und Auswertung - 09.02.2014 (25)
  7. Ordner sind in scr. Dateien umgewandelt durch Win32.Generic.497907 (Engine A)
    Log-Analyse und Auswertung - 24.06.2012 (1)
  8. Verschlüsslungstrojaner *.doc .*jpg alle Dateien weg?
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (2)
  9. Unbekannter Virus hat meinen PC geschrottet :'(
    Plagegeister aller Art und deren Bekämpfung - 20.08.2011 (3)
  10. TR/Agent.368640.19 in C:\Windows\Temp\mrt6F16.tmp\stdrt.exe
    Plagegeister aller Art und deren Bekämpfung - 18.08.2011 (1)
  11. Dateien alle weg ?
    Plagegeister aller Art und deren Bekämpfung - 01.02.2011 (2)
  12. alle Folder mit daten in .exe umgewandelt
    Plagegeister aller Art und deren Bekämpfung - 19.11.2010 (3)
  13. RKIT/agent.biiu, TR/agent.ruo, TR/Crypt.ZPACK.Gen alle guten Dinge sind drei hahahaha
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (25)
  14. TR/Agent.368640.C
    Antiviren-, Firewall- und andere Schutzprogramme - 05.08.2009 (6)
  15. Kaspersky + Antivir geschrottet??
    Plagegeister aller Art und deren Bekämpfung - 02.06.2008 (11)
  16. Alle Dateien in .ink Dateien umgewandelt
    Plagegeister aller Art und deren Bekämpfung - 15.11.2007 (1)
  17. Ungewollt Benutzterkonto geschrottet
    Alles rund um Windows - 08.10.2007 (4)

Zum Thema TR/Agent.368640.413 - Alle persönlichen Dateien in MP3 umgewandelt und geschrottet - Hallo und Guten Abend, Mein PC ist gestern abend ganz normal heruntergefahren und heute nachmittag hatte ich beim Hochfahren des PC's plötzlich folgende Probleme: Der PC war extrem langsam. Danach - TR/Agent.368640.413 - Alle persönlichen Dateien in MP3 umgewandelt und geschrottet...
Archiv
Du betrachtest: TR/Agent.368640.413 - Alle persönlichen Dateien in MP3 umgewandelt und geschrottet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.