|
Virus Recovery Hallo, Ich habe ein Problem. Beim Starten meines Laptops werden, wenn die Windowsoberfläche erscheint automatisch mehrere Fenster aufgemach mit der Betietelug Recovery. Eins im InternetExplorer, eins im Editor und eins in der Windows Fotoanzeige. Die Fenster öffnen sich jeweils mehrfach und auch so im Betrieb zwischendurch. In den Fenstern werde ich aufgefordert eine Sprachumstellung durch zu führen unter einem bestimmten link. Ich bin daurauf aber nicht eingegangen da es mir komisch vorkommt. Weiterhin kann ich keine Microsoft Offic Programme mehr öffnen und alle Offic Programme haben jetzt als Icon den MP3 Player. Unter Eigenschaften laufen sie z.B noch als .xls anwendung Bei Dateityp steht aber MP3 Ich habe nicht viel Ahnung von Computern wie man vielleicht schon in meinem Text erkennt und bin für jede Hilfe dankbar! Gruß Peer |
Moin :kaffee: deine Daten kannst du wahrscheinlich abschreiben, denn ich denke nicht, dass du als Laie an ein Backup auf externen Medien gedacht hast. Das Backup-Laufwerk schließt man nur dann an wenn man auch an Backup gerade macht, ansonsten wird es sicher in einem Schrank verwahrt oder zumindest ausgeschaltet (viele 3,5" USB-Platten haben einen ein/aus Schalter) Das System können wir aber bereinigen. Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
|
Alles so gemacht wie beschrieben Hallo, Habe alles so gemacht, wie du geschrieben hast. Es wurde mir beim Starten des Programmes FRST Folgende Meldung gezeigt: File not found: C:\Windows\ERNDNT.E_E This file is part of the restorationj program ERDNT. Without this file later restoration of the registry can only be done manually, by using another OS to copy back the files. Ich habe das Fenster geschlossen und dann so weiter gemacht wie du geschrieben hast. Danke das du dich meinem Problem annimst!!! Hier die Logdatein: [CODE]Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:02-03-2016 durchgeführt von WESEPID1 (Administrator) auf DEHAN15249 (02-03-2016 16:05:30) Gestartet von C:\Users\wesepid1\Desktop Geladene Profile: WESEPID1 (Verfügbare Profile: WESEPID1 & admin & Administrator) Platform: Windows 7 Professional (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 8 (Standard-Browser: IE) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe (Avocent Corporation) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Avocent Corporation ) C:\Program Files (x86)\LANDesk\LDClient\collector.exe (LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE () C:\Program Files (x86)\LANDesk\LDClient\LDRegWatch.exe (LANDesk Software Ltd.) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\LANDesk\LDClient\Antivirus\kavehost.exe (LANDesk Software, Inc. and its affiliates ) C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe (LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe (LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\Antivirus\AVService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (IBM) C:\Notes\nsd.exe (IBM Corp) C:\Notes\ntmulti.exe (SAP AG) C:\Program Files (x86)\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (O2Micro International) C:\Windows\SysWOW64\o2flash.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\SoftMon.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe () C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe (LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\rcgui.exe (LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\issclipexec.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe (AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATSwpNav.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (LSI Corp.) C:\Program Files\ltmoh\ltmoh.exe (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Microsoft Corporation) C:\Windows\afjvyxcuocqr.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (SAP AG) C:\Program Files (x86)\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe (Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe (LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\Antivirus\LDAV.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe () C:\Windows\Samsung\PanelMgr\caller64.exe () C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe () C:\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20100721-1539\soffice.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Avocent Corporation) C:\Program Files (x86)\LANDesk\Shared Files\alert.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663464 2010-12-07] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated) HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-10-27] (FUJITSU LIMITED) HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535392 2009-10-12] (CSR, plc) HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431456 2009-10-12] (CSR, plc) HKLM\...\Run: [BthSyncServ] => "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe" HKLM\...\Run: [ATSwpNav] => "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-03-30] (Intel(R) Corporation) HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-03-30] (Intel(R) Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [104960 2009-11-01] () HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED) HKLM-x32\...\Run: [LoadFUJ02E3] => C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-06-16] (FUJITSU LIMITED) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SAP_WUS_UNT] => C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe [226672 2010-02-25] (SAP AG) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) HKLM-x32\...\Run: [LANDesk Antivirus] => C:\Program Files (x86)\LANDesk\LDClient\antivirus\LDav.exe [884224 2011-02-11] (LANDesk Software, Inc. and its affiliates.) HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.) HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun HKLM-x32\...\Run: [SCX3200_Scan2Pc] => C:\Windows\Twain_32\Samsung\SCX3200\Scan2pc.exe HKLM-x32\...\Run: [3200 Scan2PC] => "C:\Windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" HKLM-x32\...\Run: [SODCPreLoad] => C:\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20100721-1539\preload.exe [40960 2011-05-27] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [LtMoh] => C:\Program Files\ltmoh\Ltmoh.exe [195080 2009-12-04] (LSI Corp.) HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [] => [X] HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia) HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [pxqbbefsfojy] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [xodvvqjqhakg] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [upmxiemqkshe] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [yigislxrxhxj] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [nwescomifdii] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [nwescomfdiig] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [rrsbpchhofju] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [upflrmdapywh] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [qkitgoxpusji] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [sfuuwoxjkkaj] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [fuuwoxjkkajd] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [uuwoxjkkajde] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [ldawlcoguvxb] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [dawlcoguvxbe] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [xbedxmlbxolw] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [bedxmlbxolwy] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [pjrpdtwpuifh] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [jrpdtwpuifhu] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [ovkadsiilqpn] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [adsiilqpnxvy] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [pdtwpuifhurp] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [wpuifhurppbf] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [pbfbdwfibmpq] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [urppbfbdghdc] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [fmgmsolrfpci] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [pbfbdgfibmpq] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" HKU\S-1-5-21-3575321355-3471914033-307539815-45672\...\Run: [bfbdwfibmpqd] => C:\Windows\system32\cmd.exe /c start "" "C:\Windows\afjvyxcuocqr.exe" Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+ahrdl.html [2016-02-23] () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+ahrdl.png [2016-02-23] () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+ahrdl.txt [2016-02-23] () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.html [2016-02-26] () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.png [2016-02-26] () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.txt [2016-02-26] () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.html [2016-03-01] () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.png [2016-03-01] () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.txt [2016-03-01] () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.html [2016-03-01] () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.png [2016-03-01] () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.txt [2016-03-01] () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.html [2016-03-01] () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.png [2016-03-01] () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.txt [2016-03-01] () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.html [2016-02-24] () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.png [2016-02-24] () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.txt [2016-02-24] () Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.html [2016-02-26] () Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.png [2016-02-26] () Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.txt [2016-02-26] () Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.html [2016-03-01] () Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.png [2016-03-01] () Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.txt [2016-03-01] () Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.html [2016-03-01] () Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.png [2016-03-01] () Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.txt [2016-03-01] () Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.html [2016-03-01] () Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.png [2016-03-01] () Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.txt [2016-03-01] () Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.html [2016-02-24] () Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.png [2016-02-24] () Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.txt [2016-02-24] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.html [2016-02-26] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.png [2016-02-26] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.txt [2016-02-26] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.html [2016-03-01] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.png [2016-03-01] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.txt [2016-03-01] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.html [2016-03-01] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.png [2016-03-01] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.txt [2016-03-01] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.html [2016-03-01] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.png [2016-03-01] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.txt [2016-03-01] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.html [2016-02-24] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.png [2016-02-24] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.txt [2016-02-24] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2011-05-27] ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () Startup: C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.html [2016-02-26] () Startup: C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.png [2016-02-26] () Startup: C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.txt [2016-02-26] () Startup: C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.html [2016-03-01] () Startup: C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.png [2016-03-01] () Startup: C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.txt [2016-03-01] () Startup: C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.html [2016-03-01] () Startup: C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.png [2016-03-01] () Startup: C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.txt [2016-03-01] () Startup: C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.html [2016-03-01] () Startup: C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.png [2016-03-01] () Startup: C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.txt [2016-03-01] () Startup: C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.html [2016-02-24] () Startup: C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.png [2016-02-24] () Startup: C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.txt [2016-02-24] () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.html [2016-02-26] () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.png [2016-02-26] () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.txt [2016-02-26] () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.html [2016-03-01] () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.png [2016-03-01] () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.txt [2016-03-01] () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.html [2016-03-01] () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.png [2016-03-01] () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.txt [2016-03-01] () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.html [2016-03-01] () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.png [2016-03-01] () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.txt [2016-03-01] () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.html [2016-02-24] () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.png [2016-02-24] () Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.txt [2016-02-24] () Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.html [2016-02-26] () Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.png [2016-02-26] () Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.txt [2016-02-26] () Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.html [2016-03-01] () Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.png [2016-03-01] () Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.txt [2016-03-01] () Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.html [2016-03-01] () Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.png [2016-03-01] () Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.txt [2016-03-01] () Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.html [2016-03-01] () Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.png [2016-03-01] () Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.txt [2016-03-01] () Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.html [2016-02-24] () Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.png [2016-02-24] () Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.txt [2016-02-24] () Startup: C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.html [2016-02-26] () Startup: C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.png [2016-02-26] () Startup: C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+aunei.txt [2016-02-26] () Startup: C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.html [2016-03-01] () Startup: C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.png [2016-03-01] () Startup: C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+cptib.txt [2016-03-01] () Startup: C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.html [2016-03-01] () Startup: C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.png [2016-03-01] () Startup: C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+dnbqe.txt [2016-03-01] () Startup: C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.html [2016-03-01] () Startup: C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.png [2016-03-01] () Startup: C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+llwkj.txt [2016-03-01] () Startup: C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.html [2016-02-24] () Startup: C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.png [2016-02-24] () Startup: C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recovery+sejvv.txt [2016-02-24] () GroupPolicyScripts: Beschränkung <======= ACHTUNG GroupPolicyScripts\User: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{580332BB-B456-4572-BFD6-DE5982DE2C45}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-3575321355-3471914033-307539815-45672\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-3575321355-3471914033-307539815-45672\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mynet.mtsintra.network/ BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-21] (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-01-21] (Sun Microsystems, Inc.) DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2010-02-26] (SAP, Walldorf) Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2010-02-26] (SAP, Walldorf) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-04] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-04] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-04] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-04] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\wesepid1\AppData\Roaming\Mozilla\Firefox\Profiles\l4t9zc24.default FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-01-21] (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [Keine Datei] FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-01-21] (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( ) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.) ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 CBA8; C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe [147456 2010-10-15] (Avocent Corporation) [Datei ist nicht signiert] R2 Intel Local Scheduler Service; C:\Program Files (x86)\LANDesk\LDClient\localsch.exe [189952 2010-10-08] (LANDesk Software, Inc. and its affiliates.) [Datei ist nicht signiert] R2 Intel PDS; C:\Windows\SysWOW64\CBA\pds.exe [32825 2007-08-31] (LANDesk Software Ltd.) [Datei ist nicht signiert] R2 ISSUSER; C:\Program Files (x86)\LANDesk\LDClient\issuser.exe [1157632 2010-10-18] (LANDesk Software, Inc. and its affiliates.) [Datei ist nicht signiert] R2 kavehost; C:\Program Files (x86)\LANDesk\LDClient\antivirus\kavehost.exe [86016 2011-03-07] (Kaspersky Lab ZAO) [Datei ist nicht signiert] R2 LANDesk Policy Invoker; C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe [205312 2011-01-13] (LANDesk Software, Inc. and its affiliates ) [Datei ist nicht signiert] R2 LANDesk Targeted Multicast; C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [178688 2010-10-07] (LANDesk Software, Inc. and its affiliates.) [Datei ist nicht signiert] R2 LANDesk(R) Out-of-Band Monitor Service; C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe [1058304 2010-09-10] (LANDesk Software, Inc. and its affiliates.) [Datei ist nicht signiert] R2 LDAVService; C:\Program Files (x86)\LANDesk\LDClient\antivirus\avservice.exe [573888 2011-02-11] (LANDesk Software, Inc. and its affiliates.) R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-11-01] (Intel Corporation) [Datei ist nicht signiert] R2 Lotus Notes Diagnostics; C:\Notes\nsd.exe [3417480 2011-03-23] (IBM) R2 Multi-user Cleanup Service; C:\Notes\ntmulti.exe [58760 2011-03-23] (IBM Corp) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-03-30] () R2 NWSAPAutoWorkstationUpdateSvc; C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [263536 2010-02-25] (SAP AG) R2 O2Flash; C:\Windows\SysWOW64\o2flash.exe [65536 2007-02-12] (O2Micro International) [Datei ist nicht signiert] S3 OpcEnum; C:\Windows\SysWOW64\OpcEnum.exe [60416 1998-10-02] () [Datei ist nicht signiert] S2 ProcTrigger; C:\Program Files (x86)\LANDesk\LDClient\ProcTriggerSvc.exe [143360 2010-09-15] (LANDesk Software, Inc. and its affiliates.) [Datei ist nicht signiert] R2 Softmon; C:\Program Files (x86)\LANDesk\LDClient\softmon.exe [385024 2010-10-21] (LANDesk Software, Inc. and its affiliates.) [Datei ist nicht signiert] S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2011-05-27] (SolidWorks) [Datei ist nicht signiert] S2 tracksvc; C:\Program Files (x86)\LANDesk\LDClient\tracksvc.exe [66048 2010-09-15] (LANDesk Software, Inc. and its affiliates.) [Datei ist nicht signiert] R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-11-01] (Intel Corporation) [Datei ist nicht signiert] R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145792 2009-10-12] (CSR, plc) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 WirelessSelectorService; C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [62312 2009-07-21] () R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [1000208 2011-03-30] (Intel(R) Corporation) S4 NIApplicationWebServer64; "C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [132184 2011-08-04] (Citrix Systems, Inc.) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-01] () R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED) R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED) R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED) R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-07] (Kaspersky Lab ZAO) R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-07] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [362072 2011-03-07] (Kaspersky Lab) S3 ldblank; C:\Windows\System32\DRIVERS\ldblank.sys [20480 2010-03-01] (Avocent Corporation) R3 ldmirror; C:\Windows\System32\DRIVERS\ldmirror.sys [5120 2010-03-01] (Avocent Corporation) R3 mirrorflt; C:\Windows\System32\DRIVERS\mirrorflt.sys [6656 2010-03-01] (Avocent Corporation) S3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [58400 2009-05-13] (O2Micro ) S3 O2SCBUS; C:\Windows\System32\DRIVERS\ozscrx64.sys [107808 2009-05-15] (O2Micro) S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X] S3 NETw5s64; system32\DRIVERS\NETw5s64.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-03-02 16:05 - 2016-03-02 16:07 - 00036867 _____ C:\Users\wesepid1\Desktop\FRST.txt 2016-03-02 16:04 - 2016-03-02 16:05 - 00000000 ____D C:\FRST 2016-03-02 16:04 - 2016-03-02 16:04 - 00007677 _____ C:\Program Files\Recovery+uitpk.html 2016-03-02 16:04 - 2016-03-02 16:04 - 00002009 _____ C:\Program Files\Recovery+uitpk.txt 2016-03-02 16:03 - 2016-03-02 16:03 - 02371584 _____ (Farbar) C:\Users\wesepid1\Desktop\FRST64.exe 2016-03-02 16:03 - 2016-03-02 16:03 - 00007677 _____ C:\Program Files\Common Files\Recovery+uitpk.html 2016-03-02 16:03 - 2016-03-02 16:03 - 00002009 _____ C:\Program Files\Common Files\Recovery+uitpk.txt 2016-03-02 15:57 - 2016-03-02 15:57 - 00007677 _____ C:\Users\Recovery+uitpk.html 2016-03-02 15:57 - 2016-03-02 15:57 - 00002009 _____ C:\Users\Recovery+uitpk.txt 2016-03-02 15:55 - 2016-03-02 15:55 - 00000252 _____ C:\Users\wesepid1\Documents\recover_file_ffnkkekev.txt 2016-03-01 17:35 - 2016-03-01 17:38 - 00000000 ____D C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust 2016-03-01 17:35 - 2016-03-01 17:38 - 00000000 ____D C:\ProgramData\SparkTrust 2016-03-01 17:35 - 2016-03-01 17:35 - 00007677 _____ C:\Users\wesepid1\Recovery+cptib.html 2016-03-01 17:35 - 2016-03-01 17:35 - 00007677 _____ C:\Users\wesepid1\Documents\Recovery+cptib.html 2016-03-01 17:35 - 2016-03-01 17:35 - 00007677 _____ C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+cptib.html 2016-03-01 17:35 - 2016-03-01 17:35 - 00007677 _____ C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+cptib.html 2016-03-01 17:35 - 2016-03-01 17:35 - 00007677 _____ C:\Users\wesepid1\AppData\Recovery+cptib.html 2016-03-01 17:35 - 2016-03-01 17:35 - 00007677 _____ C:\Users\wesepid1\AppData\LocalLow\Recovery+cptib.html 2016-03-01 17:35 - 2016-03-01 17:35 - 00002009 _____ C:\Users\wesepid1\Recovery+cptib.txt 2016-03-01 17:35 - 2016-03-01 17:35 - 00002009 _____ C:\Users\wesepid1\Documents\Recovery+cptib.txt 2016-03-01 17:35 - 2016-03-01 17:35 - 00002009 _____ C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+cptib.txt 2016-03-01 17:35 - 2016-03-01 17:35 - 00002009 _____ C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+cptib.txt 2016-03-01 17:35 - 2016-03-01 17:35 - 00002009 _____ C:\Users\wesepid1\AppData\Recovery+cptib.txt 2016-03-01 17:35 - 2016-03-01 17:35 - 00002009 _____ C:\Users\wesepid1\AppData\LocalLow\Recovery+cptib.txt 2016-03-01 17:35 - 2016-03-01 17:35 - 00000000 ____D C:\Users\wesepid1\AppData\Roaming\SparkTrust 2016-03-01 17:34 - 2016-03-01 17:35 - 00007677 _____ C:\Users\wesepid1\AppData\Roaming\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:35 - 00002009 _____ C:\Users\wesepid1\AppData\Roaming\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\Public\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\Public\Downloads\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\Default\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\Default\Downloads\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\Default\Documents\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\Default\AppData\Roaming\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\Default\AppData\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\Default User\Downloads\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\Default User\Documents\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\Default User\AppData\Roaming\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\Default User\AppData\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\ceuradmin\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\ceuradmin\Downloads\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\ceuradmin\Documents\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\ceuradmin\AppData\Roaming\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\ceuradmin\AppData\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00007677 _____ C:\Users\ceuradmin\AppData\LocalLow\Recovery+cptib.html 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\Public\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\Public\Downloads\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\Default\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\Default\Downloads\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\Default\Documents\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\Default\AppData\Roaming\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\Default\AppData\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\Default User\Downloads\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\Default User\Documents\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\Default User\AppData\Roaming\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\Default User\AppData\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\ceuradmin\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\ceuradmin\Downloads\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\ceuradmin\Documents\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\ceuradmin\AppData\Roaming\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\ceuradmin\AppData\Recovery+cptib.txt 2016-03-01 17:34 - 2016-03-01 17:34 - 00002009 _____ C:\Users\ceuradmin\AppData\LocalLow\Recovery+cptib.txt 2016-03-01 17:33 - 2016-03-01 17:34 - 00007677 _____ C:\Users\Public\Documents\Recovery+cptib.html 2016-03-01 17:33 - 2016-03-01 17:34 - 00007677 _____ C:\ProgramData\Recovery+cptib.html 2016-03-01 17:33 - 2016-03-01 17:34 - 00007677 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Recovery+cptib.html 2016-03-01 17:33 - 2016-03-01 17:34 - 00002009 _____ C:\Users\Public\Documents\Recovery+cptib.txt 2016-03-01 17:33 - 2016-03-01 17:34 - 00002009 _____ C:\ProgramData\Recovery+cptib.txt 2016-03-01 17:33 - 2016-03-01 17:34 - 00002009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Recovery+cptib.txt 2016-03-01 17:33 - 2016-03-01 17:33 - 00007677 _____ C:\Users\Administrator\Recovery+cptib.html 2016-03-01 17:33 - 2016-03-01 17:33 - 00007677 _____ C:\Users\Administrator\Downloads\Recovery+cptib.html 2016-03-01 17:33 - 2016-03-01 17:33 - 00007677 _____ C:\Users\Administrator\Documents\Recovery+cptib.html 2016-03-01 17:33 - 2016-03-01 17:33 - 00007677 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+cptib.html 2016-03-01 17:33 - 2016-03-01 17:33 - 00007677 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+cptib.html 2016-03-01 17:33 - 2016-03-01 17:33 - 00007677 _____ C:\Users\Administrator\AppData\Recovery+cptib.html 2016-03-01 17:33 - 2016-03-01 17:33 - 00007677 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery+cptib.html 2016-03-01 17:33 - 2016-03-01 17:33 - 00002009 _____ C:\Users\Administrator\Recovery+cptib.txt 2016-03-01 17:33 - 2016-03-01 17:33 - 00002009 _____ C:\Users\Administrator\Downloads\Recovery+cptib.txt 2016-03-01 17:33 - 2016-03-01 17:33 - 00002009 _____ C:\Users\Administrator\Documents\Recovery+cptib.txt 2016-03-01 17:33 - 2016-03-01 17:33 - 00002009 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+cptib.txt 2016-03-01 17:33 - 2016-03-01 17:33 - 00002009 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+cptib.txt 2016-03-01 17:33 - 2016-03-01 17:33 - 00002009 _____ C:\Users\Administrator\AppData\Recovery+cptib.txt 2016-03-01 17:33 - 2016-03-01 17:33 - 00002009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery+cptib.txt 2016-03-01 17:32 - 2016-03-01 17:33 - 00007677 _____ C:\Users\Administrator\AppData\Roaming\Recovery+cptib.html 2016-03-01 17:32 - 2016-03-01 17:33 - 00002009 _____ C:\Users\Administrator\AppData\Roaming\Recovery+cptib.txt 2016-03-01 17:32 - 2016-03-01 17:32 - 00007677 _____ C:\Users\Administrator\AppData\LocalLow\Recovery+cptib.html 2016-03-01 17:32 - 2016-03-01 17:32 - 00007677 _____ C:\Users\admin\Recovery+cptib.html 2016-03-01 17:32 - 2016-03-01 17:32 - 00007677 _____ C:\Users\admin\Downloads\Recovery+cptib.html 2016-03-01 17:32 - 2016-03-01 17:32 - 00007677 _____ C:\Users\admin\Documents\Recovery+cptib.html 2016-03-01 17:32 - 2016-03-01 17:32 - 00007677 _____ C:\Users\admin\AppData\Roaming\Recovery+cptib.html 2016-03-01 17:32 - 2016-03-01 17:32 - 00007677 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+cptib.html 2016-03-01 17:32 - 2016-03-01 17:32 - 00007677 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+cptib.html 2016-03-01 17:32 - 2016-03-01 17:32 - 00007677 _____ C:\Users\admin\AppData\Recovery+cptib.html 2016-03-01 17:32 - 2016-03-01 17:32 - 00007677 _____ C:\Users\admin\AppData\LocalLow\Recovery+cptib.html 2016-03-01 17:32 - 2016-03-01 17:32 - 00002009 _____ C:\Users\Administrator\AppData\LocalLow\Recovery+cptib.txt 2016-03-01 17:32 - 2016-03-01 17:32 - 00002009 _____ C:\Users\admin\Recovery+cptib.txt 2016-03-01 17:32 - 2016-03-01 17:32 - 00002009 _____ C:\Users\admin\Downloads\Recovery+cptib.txt 2016-03-01 17:32 - 2016-03-01 17:32 - 00002009 _____ C:\Users\admin\Documents\Recovery+cptib.txt 2016-03-01 17:32 - 2016-03-01 17:32 - 00002009 _____ C:\Users\admin\AppData\Roaming\Recovery+cptib.txt 2016-03-01 17:32 - 2016-03-01 17:32 - 00002009 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+cptib.txt 2016-03-01 17:32 - 2016-03-01 17:32 - 00002009 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+cptib.txt 2016-03-01 17:32 - 2016-03-01 17:32 - 00002009 _____ C:\Users\admin\AppData\Recovery+cptib.txt 2016-03-01 17:32 - 2016-03-01 17:32 - 00002009 _____ C:\Users\admin\AppData\LocalLow\Recovery+cptib.txt 2016-03-01 17:27 - 2016-03-01 17:27 - 00007677 _____ C:\Program Files\Recovery+cptib.html 2016-03-01 17:27 - 2016-03-01 17:27 - 00002009 _____ C:\Program Files\Recovery+cptib.txt 2016-03-01 17:26 - 2016-03-01 17:26 - 00007677 _____ C:\Program Files\Common Files\Recovery+cptib.html 2016-03-01 17:26 - 2016-03-01 17:26 - 00002009 _____ C:\Program Files\Common Files\Recovery+cptib.txt 2016-03-01 17:20 - 2016-03-01 17:35 - 00007677 _____ C:\Users\Recovery+cptib.html 2016-03-01 17:20 - 2016-03-01 17:35 - 00002009 _____ C:\Users\Recovery+cptib.txt 2016-03-01 17:17 - 2016-03-01 17:17 - 00000252 _____ C:\Users\wesepid1\Documents\recover_file_eyajttfvu.txt 2016-03-01 16:05 - 2016-03-01 16:05 - 00007677 _____ C:\Users\wesepid1\Recovery+dnbqe.html 2016-03-01 16:05 - 2016-03-01 16:05 - 00002009 _____ C:\Users\wesepid1\Recovery+dnbqe.txt 2016-03-01 16:04 - 2016-03-01 16:04 - 00007677 _____ C:\Users\wesepid1\Documents\Recovery+dnbqe.html 2016-03-01 16:04 - 2016-03-01 16:04 - 00007677 _____ C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+dnbqe.html 2016-03-01 16:04 - 2016-03-01 16:04 - 00007677 _____ C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+dnbqe.html 2016-03-01 16:04 - 2016-03-01 16:04 - 00007677 _____ C:\Users\wesepid1\AppData\Recovery+dnbqe.html 2016-03-01 16:04 - 2016-03-01 16:04 - 00007677 _____ C:\Users\wesepid1\AppData\LocalLow\Recovery+dnbqe.html 2016-03-01 16:04 - 2016-03-01 16:04 - 00002009 _____ C:\Users\wesepid1\Documents\Recovery+dnbqe.txt 2016-03-01 16:04 - 2016-03-01 16:04 - 00002009 _____ C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+dnbqe.txt 2016-03-01 16:04 - 2016-03-01 16:04 - 00002009 _____ C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+dnbqe.txt 2016-03-01 16:04 - 2016-03-01 16:04 - 00002009 _____ C:\Users\wesepid1\AppData\Recovery+dnbqe.txt 2016-03-01 16:04 - 2016-03-01 16:04 - 00002009 _____ C:\Users\wesepid1\AppData\LocalLow\Recovery+dnbqe.txt 2016-03-01 16:03 - 2016-03-01 17:35 - 00000000 ____D C:\Users\wesepid1\AppData\Roaming\Enigma Software Group 2016-03-01 16:03 - 2016-03-01 16:04 - 00007677 _____ C:\Users\wesepid1\AppData\Roaming\Recovery+dnbqe.html 2016-03-01 16:03 - 2016-03-01 16:04 - 00002009 _____ C:\Users\wesepid1\AppData\Roaming\Recovery+dnbqe.txt 2016-03-01 16:03 - 2016-03-01 16:03 - 00007677 _____ C:\Users\Public\Recovery+dnbqe.html 2016-03-01 16:03 - 2016-03-01 16:03 - 00007677 _____ C:\Users\Public\Downloads\Recovery+dnbqe.html 2016-03-01 16:03 - 2016-03-01 16:03 - 00007677 _____ C:\Users\Default\Recovery+dnbqe.html 2016-03-01 16:03 - 2016-03-01 16:03 - 00007677 _____ C:\Users\Default\Downloads\Recovery+dnbqe.html 2016-03-01 16:03 - 2016-03-01 16:03 - 00007677 _____ C:\Users\Default\Documents\Recovery+dnbqe.html 2016-03-01 16:03 - 2016-03-01 16:03 - 00007677 _____ C:\Users\Default\AppData\Roaming\Recovery+dnbqe.html 2016-03-01 16:03 - 2016-03-01 16:03 - 00007677 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+dnbqe.html 2016-03-01 16:03 - 2016-03-01 16:03 - 00007677 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+dnbqe.html 2016-03-01 16:03 - 2016-03-01 16:03 - 00007677 _____ C:\Users\Default\AppData\Recovery+dnbqe.html 2016-03-01 16:03 - 2016-03-01 16:03 - 00007677 _____ C:\Users\Default User\Downloads\Recovery+dnbqe.html 2016-03-01 16:03 - 2016-03-01 16:03 - 00007677 _____ C:\Users\Default User\Documents\Recovery+dnbqe.html 2016-03-01 16:03 - 2016-03-01 16:03 - 00007677 _____ C:\Users\Default User\AppData\Roaming\Recovery+dnbqe.html 2016-03-01 16:03 - 2016-03-01 16:03 - 00007677 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+dnbqe.html 2016-03-01 16:03 - 2016-03-01 16:03 - 00007677 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+dnbqe.html 2016-03-01 16:03 - 2016-03-01 16:03 - 00007677 _____ C:\Users\Default User\AppData\Recovery+dnbqe.html 2016-03-01 16:03 - 2016-03-01 16:03 - 00002009 _____ C:\Users\Public\Recovery+dnbqe.txt 2016-03-01 16:03 - 2016-03-01 16:03 - 00002009 _____ C:\Users\Public\Downloads\Recovery+dnbqe.txt 2016-03-01 16:03 - 2016-03-01 16:03 - 00002009 _____ C:\Users\Default\Recovery+dnbqe.txt 2016-03-01 16:03 - 2016-03-01 16:03 - 00002009 _____ C:\Users\Default\Downloads\Recovery+dnbqe.txt 2016-03-01 16:03 - 2016-03-01 16:03 - 00002009 _____ C:\Users\Default\Documents\Recovery+dnbqe.txt 2016-03-01 16:03 - 2016-03-01 16:03 - 00002009 _____ C:\Users\Default\AppData\Roaming\Recovery+dnbqe.txt 2016-03-01 16:03 - 2016-03-01 16:03 - 00002009 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+dnbqe.txt 2016-03-01 16:03 - 2016-03-01 16:03 - 00002009 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+dnbqe.txt 2016-03-01 16:03 - 2016-03-01 16:03 - 00002009 _____ C:\Users\Default\AppData\Recovery+dnbqe.txt 2016-03-01 16:03 - 2016-03-01 16:03 - 00002009 _____ C:\Users\Default User\Downloads\Recovery+dnbqe.txt 2016-03-01 16:03 - 2016-03-01 16:03 - 00002009 _____ C:\Users\Default User\Documents\Recovery+dnbqe.txt 2016-03-01 16:03 - 2016-03-01 16:03 - 00002009 _____ C:\Users\Default User\AppData\Roaming\Recovery+dnbqe.txt 2016-03-01 16:03 - 2016-03-01 16:03 - 00002009 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+dnbqe.txt 2016-03-01 16:03 - 2016-03-01 16:03 - 00002009 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+dnbqe.txt 2016-03-01 16:03 - 2016-03-01 16:03 - 00002009 _____ C:\Users\Default User\AppData\Recovery+dnbqe.txt 2016-03-01 16:03 - 2016-03-01 16:03 - 00000000 _____ C:\autoexec.bat 2016-03-01 16:02 - 2016-03-01 16:02 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2016-03-01 16:02 - 2016-03-01 16:02 - 00007677 _____ C:\Users\ceuradmin\Recovery+dnbqe.html 2016-03-01 16:02 - 2016-03-01 16:02 - 00007677 _____ C:\Users\ceuradmin\Downloads\Recovery+dnbqe.html 2016-03-01 16:02 - 2016-03-01 16:02 - 00007677 _____ C:\Users\ceuradmin\Documents\Recovery+dnbqe.html 2016-03-01 16:02 - 2016-03-01 16:02 - 00007677 _____ C:\Users\ceuradmin\AppData\Roaming\Recovery+dnbqe.html 2016-03-01 16:02 - 2016-03-01 16:02 - 00007677 _____ C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+dnbqe.html 2016-03-01 16:02 - 2016-03-01 16:02 - 00007677 _____ C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+dnbqe.html 2016-03-01 16:02 - 2016-03-01 16:02 - 00007677 _____ C:\Users\ceuradmin\AppData\Recovery+dnbqe.html 2016-03-01 16:02 - 2016-03-01 16:02 - 00007677 _____ C:\Users\ceuradmin\AppData\LocalLow\Recovery+dnbqe.html 2016-03-01 16:02 - 2016-03-01 16:02 - 00007677 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Recovery+dnbqe.html 2016-03-01 16:02 - 2016-03-01 16:02 - 00007677 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery+dnbqe.html 2016-03-01 16:02 - 2016-03-01 16:02 - 00002009 _____ C:\Users\ceuradmin\Recovery+dnbqe.txt 2016-03-01 16:02 - 2016-03-01 16:02 - 00002009 _____ C:\Users\ceuradmin\Downloads\Recovery+dnbqe.txt 2016-03-01 16:02 - 2016-03-01 16:02 - 00002009 _____ C:\Users\ceuradmin\Documents\Recovery+dnbqe.txt 2016-03-01 16:02 - 2016-03-01 16:02 - 00002009 _____ C:\Users\ceuradmin\AppData\Roaming\Recovery+dnbqe.txt 2016-03-01 16:02 - 2016-03-01 16:02 - 00002009 _____ C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+dnbqe.txt 2016-03-01 16:02 - 2016-03-01 16:02 - 00002009 _____ C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+dnbqe.txt 2016-03-01 16:02 - 2016-03-01 16:02 - 00002009 _____ C:\Users\ceuradmin\AppData\Recovery+dnbqe.txt 2016-03-01 16:02 - 2016-03-01 16:02 - 00002009 _____ C:\Users\ceuradmin\AppData\LocalLow\Recovery+dnbqe.txt 2016-03-01 16:02 - 2016-03-01 16:02 - 00002009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Recovery+dnbqe.txt 2016-03-01 16:02 - 2016-03-01 16:02 - 00002009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery+dnbqe.txt 2016-03-01 16:01 - 2016-03-01 16:03 - 00007677 _____ C:\Users\Public\Documents\Recovery+dnbqe.html 2016-03-01 16:01 - 2016-03-01 16:03 - 00002009 _____ C:\Users\Public\Documents\Recovery+dnbqe.txt 2016-03-01 16:01 - 2016-03-01 16:02 - 00007677 _____ C:\ProgramData\Recovery+dnbqe.html 2016-03-01 16:01 - 2016-03-01 16:02 - 00002009 _____ C:\ProgramData\Recovery+dnbqe.txt 2016-03-01 16:01 - 2016-03-01 16:01 - 00007677 _____ C:\Users\Administrator\Recovery+dnbqe.html 2016-03-01 16:01 - 2016-03-01 16:01 - 00007677 _____ C:\Users\Administrator\Downloads\Recovery+dnbqe.html 2016-03-01 16:01 - 2016-03-01 16:01 - 00007677 _____ C:\Users\Administrator\Documents\Recovery+dnbqe.html 2016-03-01 16:01 - 2016-03-01 16:01 - 00007677 _____ C:\Users\Administrator\AppData\Roaming\Recovery+dnbqe.html 2016-03-01 16:01 - 2016-03-01 16:01 - 00007677 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+dnbqe.html 2016-03-01 16:01 - 2016-03-01 16:01 - 00007677 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+dnbqe.html 2016-03-01 16:01 - 2016-03-01 16:01 - 00007677 _____ C:\Users\Administrator\AppData\Recovery+dnbqe.html 2016-03-01 16:01 - 2016-03-01 16:01 - 00007677 _____ C:\Users\Administrator\AppData\LocalLow\Recovery+dnbqe.html 2016-03-01 16:01 - 2016-03-01 16:01 - 00007677 _____ C:\Users\admin\Recovery+dnbqe.html 2016-03-01 16:01 - 2016-03-01 16:01 - 00007677 _____ C:\Users\admin\Downloads\Recovery+dnbqe.html 2016-03-01 16:01 - 2016-03-01 16:01 - 00007677 _____ C:\Users\admin\Documents\Recovery+dnbqe.html 2016-03-01 16:01 - 2016-03-01 16:01 - 00007677 _____ C:\Users\admin\AppData\Roaming\Recovery+dnbqe.html 2016-03-01 16:01 - 2016-03-01 16:01 - 00007677 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+dnbqe.html 2016-03-01 16:01 - 2016-03-01 16:01 - 00007677 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+dnbqe.html 2016-03-01 16:01 - 2016-03-01 16:01 - 00007677 _____ C:\Users\admin\AppData\Recovery+dnbqe.html 2016-03-01 16:01 - 2016-03-01 16:01 - 00002009 _____ C:\Users\Administrator\Recovery+dnbqe.txt 2016-03-01 16:01 - 2016-03-01 16:01 - 00002009 _____ C:\Users\Administrator\Downloads\Recovery+dnbqe.txt 2016-03-01 16:01 - 2016-03-01 16:01 - 00002009 _____ C:\Users\Administrator\Documents\Recovery+dnbqe.txt 2016-03-01 16:01 - 2016-03-01 16:01 - 00002009 _____ C:\Users\Administrator\AppData\Roaming\Recovery+dnbqe.txt 2016-03-01 16:01 - 2016-03-01 16:01 - 00002009 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+dnbqe.txt 2016-03-01 16:01 - 2016-03-01 16:01 - 00002009 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+dnbqe.txt 2016-03-01 16:01 - 2016-03-01 16:01 - 00002009 _____ C:\Users\Administrator\AppData\Recovery+dnbqe.txt 2016-03-01 16:01 - 2016-03-01 16:01 - 00002009 _____ C:\Users\Administrator\AppData\LocalLow\Recovery+dnbqe.txt 2016-03-01 16:01 - 2016-03-01 16:01 - 00002009 _____ C:\Users\admin\Recovery+dnbqe.txt 2016-03-01 16:01 - 2016-03-01 16:01 - 00002009 _____ C:\Users\admin\Downloads\Recovery+dnbqe.txt 2016-03-01 16:01 - 2016-03-01 16:01 - 00002009 _____ C:\Users\admin\Documents\Recovery+dnbqe.txt 2016-03-01 16:01 - 2016-03-01 16:01 - 00002009 _____ C:\Users\admin\AppData\Roaming\Recovery+dnbqe.txt 2016-03-01 16:01 - 2016-03-01 16:01 - 00002009 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+dnbqe.txt 2016-03-01 16:01 - 2016-03-01 16:01 - 00002009 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+dnbqe.txt 2016-03-01 16:01 - 2016-03-01 16:01 - 00002009 _____ C:\Users\admin\AppData\Recovery+dnbqe.txt 2016-03-01 16:00 - 2016-03-01 16:00 - 00007677 _____ C:\Users\admin\AppData\LocalLow\Recovery+dnbqe.html 2016-03-01 16:00 - 2016-03-01 16:00 - 00002009 _____ C:\Users\admin\AppData\LocalLow\Recovery+dnbqe.txt 2016-03-01 15:56 - 2016-03-01 15:56 - 00007677 _____ C:\Program Files\Recovery+dnbqe.html 2016-03-01 15:56 - 2016-03-01 15:56 - 00002009 _____ C:\Program Files\Recovery+dnbqe.txt 2016-03-01 15:55 - 2016-03-01 15:55 - 00007677 _____ C:\Program Files\Common Files\Recovery+dnbqe.html 2016-03-01 15:55 - 2016-03-01 15:55 - 00002009 _____ C:\Program Files\Common Files\Recovery+dnbqe.txt 2016-03-01 15:49 - 2016-03-01 16:05 - 00007677 _____ C:\Users\Recovery+dnbqe.html 2016-03-01 15:49 - 2016-03-01 16:05 - 00002009 _____ C:\Users\Recovery+dnbqe.txt 2016-03-01 15:46 - 2016-03-01 15:46 - 00000252 _____ C:\Users\wesepid1\Documents\recover_file_uecmgcien.txt 2016-03-01 15:41 - 2016-03-02 15:56 - 00000000 ____D C:\AdwCleaner 2016-03-01 15:32 - 2014-02-13 10:17 - 04458008 _____ (TeamViewer) C:\Users\wesepid1\Desktop\ElcoRemote.exe 2016-03-01 15:31 - 2016-03-01 17:35 - 00000000 ____D C:\Users\wesepid1\AppData\Roaming\TeamViewer 2016-03-01 15:00 - 2016-03-01 15:00 - 00007677 _____ C:\Users\wesepid1\Recovery+llwkj.html 2016-03-01 15:00 - 2016-03-01 15:00 - 00007677 _____ C:\Users\wesepid1\Documents\Recovery+llwkj.html 2016-03-01 15:00 - 2016-03-01 15:00 - 00007677 _____ C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+llwkj.html 2016-03-01 15:00 - 2016-03-01 15:00 - 00007677 _____ C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+llwkj.html 2016-03-01 15:00 - 2016-03-01 15:00 - 00007677 _____ C:\Users\wesepid1\AppData\Recovery+llwkj.html 2016-03-01 15:00 - 2016-03-01 15:00 - 00002009 _____ C:\Users\wesepid1\Recovery+llwkj.txt 2016-03-01 15:00 - 2016-03-01 15:00 - 00002009 _____ C:\Users\wesepid1\Documents\Recovery+llwkj.txt 2016-03-01 15:00 - 2016-03-01 15:00 - 00002009 _____ C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+llwkj.txt 2016-03-01 15:00 - 2016-03-01 15:00 - 00002009 _____ C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+llwkj.txt 2016-03-01 15:00 - 2016-03-01 15:00 - 00002009 _____ C:\Users\wesepid1\AppData\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 15:00 - 00007677 _____ C:\Users\wesepid1\AppData\Roaming\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 15:00 - 00002009 _____ C:\Users\wesepid1\AppData\Roaming\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\wesepid1\AppData\LocalLow\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\Public\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\Public\Downloads\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\Default\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\Default\Downloads\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\Default\Documents\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\Default\AppData\Roaming\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\Default\AppData\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\Default User\Downloads\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\Default User\Documents\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\Default User\AppData\Roaming\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\Default User\AppData\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\ceuradmin\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\ceuradmin\Downloads\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\ceuradmin\Documents\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00007677 _____ C:\Users\ceuradmin\AppData\Recovery+llwkj.html 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\wesepid1\AppData\LocalLow\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\Public\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\Public\Downloads\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\Default\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\Default\Downloads\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\Default\Documents\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\Default\AppData\Roaming\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\Default\AppData\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\Default User\Downloads\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\Default User\Documents\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\Default User\AppData\Roaming\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\Default User\AppData\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\ceuradmin\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\ceuradmin\Downloads\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\ceuradmin\Documents\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+llwkj.txt 2016-03-01 14:59 - 2016-03-01 14:59 - 00002009 _____ C:\Users\ceuradmin\AppData\Recovery+llwkj.txt 2016-03-01 14:58 - 2016-03-01 14:59 - 00007677 _____ C:\Users\ceuradmin\AppData\Roaming\Recovery+llwkj.html 2016-03-01 14:58 - 2016-03-01 14:59 - 00002009 _____ C:\Users\ceuradmin\AppData\Roaming\Recovery+llwkj.txt 2016-03-01 14:58 - 2016-03-01 14:58 - 00007677 _____ C:\Users\ceuradmin\AppData\LocalLow\Recovery+llwkj.html 2016-03-01 14:58 - 2016-03-01 14:58 - 00007677 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Recovery+llwkj.html 2016-03-01 14:58 - 2016-03-01 14:58 - 00007677 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery+llwkj.html 2016-03-01 14:58 - 2016-03-01 14:58 - 00002009 _____ C:\Users\ceuradmin\AppData\LocalLow\Recovery+llwkj.txt 2016-03-01 14:58 - 2016-03-01 14:58 - 00002009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Recovery+llwkj.txt 2016-03-01 14:58 - 2016-03-01 14:58 - 00002009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery+llwkj.txt 2016-03-01 14:08 - 2016-03-01 14:59 - 00007677 _____ C:\Users\Public\Documents\Recovery+llwkj.html 2016-03-01 14:08 - 2016-03-01 14:59 - 00002009 _____ C:\Users\Public\Documents\Recovery+llwkj.txt 2016-03-01 14:08 - 2016-03-01 14:58 - 00007677 _____ C:\ProgramData\Recovery+llwkj.html 2016-03-01 14:08 - 2016-03-01 14:58 - 00002009 _____ C:\ProgramData\Recovery+llwkj.txt 2016-03-01 14:08 - 2016-03-01 14:08 - 00007677 _____ C:\Users\Administrator\Recovery+llwkj.html 2016-03-01 14:08 - 2016-03-01 14:08 - 00007677 _____ C:\Users\Administrator\Downloads\Recovery+llwkj.html 2016-03-01 14:08 - 2016-03-01 14:08 - 00007677 _____ C:\Users\Administrator\Documents\Recovery+llwkj.html 2016-03-01 14:08 - 2016-03-01 14:08 - 00007677 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+llwkj.html 2016-03-01 14:08 - 2016-03-01 14:08 - 00007677 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+llwkj.html 2016-03-01 14:08 - 2016-03-01 14:08 - 00007677 _____ C:\Users\Administrator\AppData\Recovery+llwkj.html 2016-03-01 14:08 - 2016-03-01 14:08 - 00007677 _____ C:\Users\Administrator\AppData\LocalLow\Recovery+llwkj.html 2016-03-01 14:08 - 2016-03-01 14:08 - 00002009 _____ C:\Users\Administrator\Recovery+llwkj.txt 2016-03-01 14:08 - 2016-03-01 14:08 - 00002009 _____ C:\Users\Administrator\Downloads\Recovery+llwkj.txt 2016-03-01 14:08 - 2016-03-01 14:08 - 00002009 _____ C:\Users\Administrator\Documents\Recovery+llwkj.txt 2016-03-01 14:08 - 2016-03-01 14:08 - 00002009 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+llwkj.txt 2016-03-01 14:08 - 2016-03-01 14:08 - 00002009 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+llwkj.txt 2016-03-01 14:08 - 2016-03-01 14:08 - 00002009 _____ C:\Users\Administrator\AppData\Recovery+llwkj.txt 2016-03-01 14:08 - 2016-03-01 14:08 - 00002009 _____ C:\Users\Administrator\AppData\LocalLow\Recovery+llwkj.txt 2016-03-01 14:07 - 2016-03-01 14:08 - 00007677 _____ C:\Users\Administrator\AppData\Roaming\Recovery+llwkj.html 2016-03-01 14:07 - 2016-03-01 14:08 - 00002009 _____ C:\Users\Administrator\AppData\Roaming\Recovery+llwkj.txt 2016-03-01 14:07 - 2016-03-01 14:07 - 00007677 _____ C:\Users\admin\Recovery+llwkj.html 2016-03-01 14:07 - 2016-03-01 14:07 - 00007677 _____ C:\Users\admin\Downloads\Recovery+llwkj.html 2016-03-01 14:07 - 2016-03-01 14:07 - 00007677 _____ C:\Users\admin\Documents\Recovery+llwkj.html 2016-03-01 14:07 - 2016-03-01 14:07 - 00007677 _____ C:\Users\admin\AppData\Roaming\Recovery+llwkj.html 2016-03-01 14:07 - 2016-03-01 14:07 - 00007677 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+llwkj.html 2016-03-01 14:07 - 2016-03-01 14:07 - 00007677 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+llwkj.html 2016-03-01 14:07 - 2016-03-01 14:07 - 00007677 _____ C:\Users\admin\AppData\Recovery+llwkj.html 2016-03-01 14:07 - 2016-03-01 14:07 - 00007677 _____ C:\Users\admin\AppData\LocalLow\Recovery+llwkj.html 2016-03-01 14:07 - 2016-03-01 14:07 - 00002009 _____ C:\Users\admin\Recovery+llwkj.txt 2016-03-01 14:07 - 2016-03-01 14:07 - 00002009 _____ C:\Users\admin\Downloads\Recovery+llwkj.txt 2016-03-01 14:07 - 2016-03-01 14:07 - 00002009 _____ C:\Users\admin\Documents\Recovery+llwkj.txt 2016-03-01 14:07 - 2016-03-01 14:07 - 00002009 _____ C:\Users\admin\AppData\Roaming\Recovery+llwkj.txt 2016-03-01 14:07 - 2016-03-01 14:07 - 00002009 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+llwkj.txt 2016-03-01 14:07 - 2016-03-01 14:07 - 00002009 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+llwkj.txt 2016-03-01 14:07 - 2016-03-01 14:07 - 00002009 _____ C:\Users\admin\AppData\Recovery+llwkj.txt 2016-03-01 14:07 - 2016-03-01 14:07 - 00002009 _____ C:\Users\admin\AppData\LocalLow\Recovery+llwkj.txt 2016-03-01 14:02 - 2016-03-01 14:02 - 00007677 _____ C:\Program Files\Recovery+llwkj.html 2016-03-01 14:02 - 2016-03-01 14:02 - 00002009 _____ C:\Program Files\Recovery+llwkj.txt 2016-03-01 14:01 - 2016-03-01 14:01 - 00007677 _____ C:\Program Files\Common Files\Recovery+llwkj.html 2016-03-01 14:01 - 2016-03-01 14:01 - 00002009 _____ C:\Program Files\Common Files\Recovery+llwkj.txt 2016-03-01 13:55 - 2016-03-01 15:00 - 00007677 _____ C:\Users\Recovery+llwkj.html 2016-03-01 13:55 - 2016-03-01 15:00 - 00002009 _____ C:\Users\Recovery+llwkj.txt 2016-03-01 13:52 - 2016-03-01 13:52 - 00000252 _____ C:\Users\wesepid1\Documents\recover_file_oyhmqrdlx.txt 2016-02-26 19:54 - 2016-03-01 17:36 - 00007677 _____ C:\Users\wesepid1\Desktop\RECOVERY.HTM 2016-02-26 19:54 - 2016-03-01 17:36 - 00002009 _____ C:\Users\wesepid1\Desktop\RECOVERY.TXT 2016-02-26 19:54 - 2016-02-26 19:54 - 00007677 _____ C:\Users\wesepid1\Recovery+aunei.html 2016-02-26 19:54 - 2016-02-26 19:54 - 00007677 _____ C:\Users\wesepid1\Documents\Recovery+aunei.html 2016-02-26 19:54 - 2016-02-26 19:54 - 00007677 _____ C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+aunei.html 2016-02-26 19:54 - 2016-02-26 19:54 - 00007677 _____ C:\Users\wesepid1\AppData\Recovery+aunei.html 2016-02-26 19:54 - 2016-02-26 19:54 - 00007677 _____ C:\Users\wesepid1\AppData\LocalLow\Recovery+aunei.html 2016-02-26 19:54 - 2016-02-26 19:54 - 00002009 _____ C:\Users\wesepid1\Recovery+aunei.txt 2016-02-26 19:54 - 2016-02-26 19:54 - 00002009 _____ C:\Users\wesepid1\Documents\Recovery+aunei.txt 2016-02-26 19:54 - 2016-02-26 19:54 - 00002009 _____ C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+aunei.txt 2016-02-26 19:54 - 2016-02-26 19:54 - 00002009 _____ C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+aunei.txt 2016-02-26 19:54 - 2016-02-26 19:54 - 00002009 _____ C:\Users\wesepid1\AppData\Recovery+aunei.txt 2016-02-26 19:54 - 2016-02-26 19:54 - 00002009 _____ C:\Users\wesepid1\AppData\LocalLow\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:54 - 00007677 _____ C:\Users\wesepid1\AppData\Roaming\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:54 - 00002009 _____ C:\Users\wesepid1\AppData\Roaming\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\Public\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\Public\Downloads\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\Default\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\Default\Downloads\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\Default\Documents\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\Default\AppData\Roaming\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\Default\AppData\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\Default User\Downloads\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\Default User\Documents\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\Default User\AppData\Roaming\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\Default User\AppData\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\ceuradmin\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\ceuradmin\Downloads\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\ceuradmin\Documents\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\ceuradmin\AppData\Roaming\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\ceuradmin\AppData\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00007677 _____ C:\Users\ceuradmin\AppData\LocalLow\Recovery+aunei.html 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\Public\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\Public\Downloads\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\Default\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\Default\Downloads\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\Default\Documents\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\Default\AppData\Roaming\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\Default\AppData\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\Default User\Downloads\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\Default User\Documents\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\Default User\AppData\Roaming\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\Default User\AppData\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\ceuradmin\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\ceuradmin\Downloads\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\ceuradmin\Documents\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\ceuradmin\AppData\Roaming\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\ceuradmin\AppData\Recovery+aunei.txt 2016-02-26 19:53 - 2016-02-26 19:53 - 00002009 _____ C:\Users\ceuradmin\AppData\LocalLow\Recovery+aunei.txt 2016-02-26 19:52 - 2016-02-26 19:53 - 00007677 _____ C:\Users\Public\Documents\Recovery+aunei.html 2016-02-26 19:52 - 2016-02-26 19:53 - 00007677 _____ C:\ProgramData\Recovery+aunei.html 2016-02-26 19:52 - 2016-02-26 19:53 - 00007677 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Recovery+aunei.html 2016-02-26 19:52 - 2016-02-26 19:53 - 00002009 _____ C:\Users\Public\Documents\Recovery+aunei.txt 2016-02-26 19:52 - 2016-02-26 19:53 - 00002009 _____ C:\ProgramData\Recovery+aunei.txt 2016-02-26 19:52 - 2016-02-26 19:53 - 00002009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Recovery+aunei.txt 2016-02-26 19:52 - 2016-02-26 19:52 - 00007677 _____ C:\Users\Administrator\Recovery+aunei.html 2016-02-26 19:52 - 2016-02-26 19:52 - 00007677 _____ C:\Users\Administrator\Downloads\Recovery+aunei.html 2016-02-26 19:52 - 2016-02-26 19:52 - 00007677 _____ C:\Users\Administrator\Documents\Recovery+aunei.html 2016-02-26 19:52 - 2016-02-26 19:52 - 00007677 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+aunei.html 2016-02-26 19:52 - 2016-02-26 19:52 - 00007677 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+aunei.html 2016-02-26 19:52 - 2016-02-26 19:52 - 00007677 _____ C:\Users\Administrator\AppData\Recovery+aunei.html 2016-02-26 19:52 - 2016-02-26 19:52 - 00007677 _____ C:\Users\Administrator\AppData\LocalLow\Recovery+aunei.html 2016-02-26 19:52 - 2016-02-26 19:52 - 00007677 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery+aunei.html 2016-02-26 19:52 - 2016-02-26 19:52 - 00002009 _____ C:\Users\Administrator\Recovery+aunei.txt 2016-02-26 19:52 - 2016-02-26 19:52 - 00002009 _____ C:\Users\Administrator\Downloads\Recovery+aunei.txt 2016-02-26 19:52 - 2016-02-26 19:52 - 00002009 _____ C:\Users\Administrator\Documents\Recovery+aunei.txt 2016-02-26 19:52 - 2016-02-26 19:52 - 00002009 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+aunei.txt 2016-02-26 19:52 - 2016-02-26 19:52 - 00002009 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+aunei.txt 2016-02-26 19:52 - 2016-02-26 19:52 - 00002009 _____ C:\Users\Administrator\AppData\Recovery+aunei.txt 2016-02-26 19:52 - 2016-02-26 19:52 - 00002009 _____ C:\Users\Administrator\AppData\LocalLow\Recovery+aunei.txt 2016-02-26 19:52 - 2016-02-26 19:52 - 00002009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery+aunei.txt 2016-02-26 19:51 - 2016-02-26 19:52 - 00007677 _____ C:\Users\Administrator\AppData\Roaming\Recovery+aunei.html 2016-02-26 19:51 - 2016-02-26 19:52 - 00002009 _____ C:\Users\Administrator\AppData\Roaming\Recovery+aunei.txt 2016-02-26 19:51 - 2016-02-26 19:51 - 00007677 _____ C:\Users\admin\Recovery+aunei.html 2016-02-26 19:51 - 2016-02-26 19:51 - 00007677 _____ C:\Users\admin\Downloads\Recovery+aunei.html 2016-02-26 19:51 - 2016-02-26 19:51 - 00007677 _____ C:\Users\admin\Documents\Recovery+aunei.html 2016-02-26 19:51 - 2016-02-26 19:51 - 00007677 _____ C:\Users\admin\AppData\Roaming\Recovery+aunei.html 2016-02-26 19:51 - 2016-02-26 19:51 - 00007677 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+aunei.html 2016-02-26 19:51 - 2016-02-26 19:51 - 00007677 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+aunei.html 2016-02-26 19:51 - 2016-02-26 19:51 - 00007677 _____ C:\Users\admin\AppData\Recovery+aunei.html 2016-02-26 19:51 - 2016-02-26 19:51 - 00007677 _____ C:\Users\admin\AppData\LocalLow\Recovery+aunei.html 2016-02-26 19:51 - 2016-02-26 19:51 - 00002009 _____ C:\Users\admin\Recovery+aunei.txt 2016-02-26 19:51 - 2016-02-26 19:51 - 00002009 _____ C:\Users\admin\Downloads\Recovery+aunei.txt 2016-02-26 19:51 - 2016-02-26 19:51 - 00002009 _____ C:\Users\admin\Documents\Recovery+aunei.txt 2016-02-26 19:51 - 2016-02-26 19:51 - 00002009 _____ C:\Users\admin\AppData\Roaming\Recovery+aunei.txt 2016-02-26 19:51 - 2016-02-26 19:51 - 00002009 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+aunei.txt 2016-02-26 19:51 - 2016-02-26 19:51 - 00002009 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+aunei.txt 2016-02-26 19:51 - 2016-02-26 19:51 - 00002009 _____ C:\Users\admin\AppData\Recovery+aunei.txt 2016-02-26 19:51 - 2016-02-26 19:51 - 00002009 _____ C:\Users\admin\AppData\LocalLow\Recovery+aunei.txt 2016-02-26 19:46 - 2016-02-26 19:46 - 00007677 _____ C:\Program Files\Recovery+aunei.html 2016-02-26 19:46 - 2016-02-26 19:46 - 00002009 _____ C:\Program Files\Recovery+aunei.txt 2016-02-26 19:45 - 2016-02-26 19:45 - 00007677 _____ C:\Program Files\Common Files\Recovery+aunei.html 2016-02-26 19:45 - 2016-02-26 19:45 - 00002009 _____ C:\Program Files\Common Files\Recovery+aunei.txt 2016-02-26 19:40 - 2016-02-26 19:54 - 00007677 _____ C:\Users\Recovery+aunei.html 2016-02-26 19:40 - 2016-02-26 19:54 - 00002009 _____ C:\Users\Recovery+aunei.txt 2016-02-26 19:38 - 2016-02-26 19:38 - 00000252 _____ C:\Users\wesepid1\Documents\recover_file_nkojpxhgt.txt 2016-02-26 19:30 - 2016-02-26 19:30 - 00007677 _____ C:\Users\Recovery+uyadn.html 2016-02-26 19:30 - 2016-02-26 19:30 - 00002009 _____ C:\Users\Recovery+uyadn.txt 2016-02-26 19:29 - 2016-02-26 19:29 - 00000252 _____ C:\Users\wesepid1\Documents\recover_file_xfgpnohqc.txt 2016-02-24 13:28 - 2016-02-24 13:28 - 00000252 _____ C:\Users\wesepid1\Documents\recover_file_xdckopjne.txt 2016-02-24 13:20 - 2016-02-24 13:20 - 00007677 _____ C:\Users\Recovery+ffjwr.html 2016-02-24 13:20 - 2016-02-24 13:20 - 00002009 _____ C:\Users\Recovery+ffjwr.txt 2016-02-24 13:18 - 2016-02-24 13:18 - 00000252 _____ C:\Users\wesepid1\Documents\recover_file_tysddufoo.txt 2016-02-24 09:16 - 2016-02-24 09:16 - 00007677 _____ C:\Users\wesepid1\Recovery+sejvv.html 2016-02-24 09:16 - 2016-02-24 09:16 - 00007677 _____ C:\Users\wesepid1\Documents\Recovery+sejvv.html 2016-02-24 09:16 - 2016-02-24 09:16 - 00002009 _____ C:\Users\wesepid1\Recovery+sejvv.txt 2016-02-24 09:16 - 2016-02-24 09:16 - 00002009 _____ C:\Users\wesepid1\Documents\Recovery+sejvv.txt 2016-02-24 09:07 - 2016-02-24 09:16 - 00002009 _____ C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+sejvv.txt 2016-02-24 09:07 - 2016-02-24 09:07 - 00007677 _____ C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+sejvv.html 2016-02-24 09:07 - 2016-02-24 09:07 - 00007677 _____ C:\Users\wesepid1\AppData\Recovery+sejvv.html 2016-02-24 09:07 - 2016-02-24 09:07 - 00007677 _____ C:\Users\wesepid1\AppData\LocalLow\Recovery+sejvv.html 2016-02-24 09:07 - 2016-02-24 09:07 - 00002009 _____ C:\Users\wesepid1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+sejvv.txt 2016-02-24 09:07 - 2016-02-24 09:07 - 00002009 _____ C:\Users\wesepid1\AppData\Recovery+sejvv.txt 2016-02-24 09:07 - 2016-02-24 09:07 - 00002009 _____ C:\Users\wesepid1\AppData\LocalLow\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:07 - 00007677 _____ C:\Users\wesepid1\AppData\Roaming\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:07 - 00002009 _____ C:\Users\wesepid1\AppData\Roaming\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\Public\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\Public\Downloads\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\Default\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\Default\Downloads\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\Default\Documents\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\Default\AppData\Roaming\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\Default\AppData\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\Default User\Downloads\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\Default User\Documents\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\Default User\AppData\Roaming\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\Default User\AppData\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\ceuradmin\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\ceuradmin\Downloads\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\ceuradmin\Documents\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\ceuradmin\AppData\Roaming\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\ceuradmin\AppData\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\Users\ceuradmin\AppData\LocalLow\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00007677 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery+sejvv.html 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\Public\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\Public\Downloads\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\Default\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\Default\Downloads\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\Default\Documents\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\Default\AppData\Roaming\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\Default\AppData\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\Default User\Downloads\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\Default User\Documents\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\Default User\AppData\Roaming\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\Default User\AppData\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\ceuradmin\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\ceuradmin\Downloads\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\ceuradmin\Documents\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\ceuradmin\AppData\Roaming\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\ceuradmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\ceuradmin\AppData\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\Users\ceuradmin\AppData\LocalLow\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Recovery+sejvv.txt 2016-02-24 09:06 - 2016-02-24 09:06 - 00002009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery+sejvv.txt 2016-02-24 09:05 - 2016-02-24 09:06 - 00007677 _____ C:\Users\Public\Documents\Recovery+sejvv.html 2016-02-24 09:05 - 2016-02-24 09:06 - 00007677 _____ C:\ProgramData\Recovery+sejvv.html 2016-02-24 09:05 - 2016-02-24 09:06 - 00002009 _____ C:\Users\Public\Documents\Recovery+sejvv.txt 2016-02-24 09:05 - 2016-02-24 09:06 - 00002009 _____ C:\ProgramData\Recovery+sejvv.txt 2016-02-24 09:05 - 2016-02-24 09:05 - 00007677 _____ C:\Users\Administrator\Recovery+sejvv.html 2016-02-24 09:05 - 2016-02-24 09:05 - 00007677 _____ C:\Users\Administrator\Downloads\Recovery+sejvv.html 2016-02-24 09:05 - 2016-02-24 09:05 - 00007677 _____ C:\Users\Administrator\Documents\Recovery+sejvv.html 2016-02-24 09:05 - 2016-02-24 09:05 - 00007677 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+sejvv.html 2016-02-24 09:05 - 2016-02-24 09:05 - 00007677 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+sejvv.html 2016-02-24 09:05 - 2016-02-24 09:05 - 00007677 _____ C:\Users\Administrator\AppData\Recovery+sejvv.html 2016-02-24 09:05 - 2016-02-24 09:05 - 00002009 _____ C:\Users\Administrator\Recovery+sejvv.txt 2016-02-24 09:05 - 2016-02-24 09:05 - 00002009 _____ C:\Users\Administrator\Downloads\Recovery+sejvv.txt 2016-02-24 09:05 - 2016-02-24 09:05 - 00002009 _____ C:\Users\Administrator\Documents\Recovery+sejvv.txt 2016-02-24 09:05 - 2016-02-24 09:05 - 00002009 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+sejvv.txt 2016-02-24 09:05 - 2016-02-24 09:05 - 00002009 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+sejvv.txt 2016-02-24 09:05 - 2016-02-24 09:05 - 00002009 _____ C:\Users\Administrator\AppData\Recovery+sejvv.txt 2016-02-24 09:04 - 2016-02-24 09:05 - 00007677 _____ C:\Users\Administrator\AppData\Roaming\Recovery+sejvv.html 2016-02-24 09:04 - 2016-02-24 09:05 - 00002009 _____ C:\Users\Administrator\AppData\Roaming\Recovery+sejvv.txt 2016-02-24 09:04 - 2016-02-24 09:04 - 00007677 _____ C:\Users\Administrator\AppData\LocalLow\Recovery+sejvv.html 2016-02-24 09:04 - 2016-02-24 09:04 - 00007677 _____ C:\Users\admin\Recovery+sejvv.html 2016-02-24 09:04 - 2016-02-24 09:04 - 00007677 _____ C:\Users\admin\Downloads\Recovery+sejvv.html 2016-02-24 09:04 - 2016-02-24 09:04 - 00007677 _____ C:\Users\admin\Documents\Recovery+sejvv.html 2016-02-24 09:04 - 2016-02-24 09:04 - 00007677 _____ C:\Users\admin\AppData\Roaming\Recovery+sejvv.html 2016-02-24 09:04 - 2016-02-24 09:04 - 00007677 _____ C:\Users\admin\AppData\Recovery+sejvv.html 2016-02-24 09:04 - 2016-02-24 09:04 - 00002009 _____ C:\Users\Administrator\AppData\LocalLow\Recovery+sejvv.txt 2016-02-24 09:04 - 2016-02-24 09:04 - 00002009 _____ C:\Users\admin\Recovery+sejvv.txt 2016-02-24 09:04 - 2016-02-24 09:04 - 00002009 _____ C:\Users\admin\Downloads\Recovery+sejvv.txt 2016-02-24 09:04 - 2016-02-24 09:04 - 00002009 _____ C:\Users\admin\Documents\Recovery+sejvv.txt 2016-02-24 09:04 - 2016-02-24 09:04 - 00002009 _____ C:\Users\admin\AppData\Roaming\Recovery+sejvv.txt 2016-02-24 09:04 - 2016-02-24 09:04 - 00002009 _____ C:\Users\admin\AppData\Recovery+sejvv.txt 2016-02-24 09:03 - 2016-02-24 09:04 - 00007677 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+sejvv.html 2016-02-24 09:03 - 2016-02-24 09:04 - 00002009 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+sejvv.txt 2016-02-24 09:03 - 2016-02-24 09:03 - 00007677 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+sejvv.html 2016-02-24 09:03 - 2016-02-24 09:03 - 00007677 _____ C:\Users\admin\AppData\LocalLow\Recovery+sejvv.html 2016-02-24 09:03 - 2016-02-24 09:03 - 00002009 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+sejvv.txt 2016-02-24 09:03 - 2016-02-24 09:03 - 00002009 _____ C:\Users\admin\AppData\LocalLow\Recovery+sejvv.txt 2016-02-24 08:58 - 2016-02-24 08:58 - 00007677 _____ C:\Program Files\Recovery+sejvv.html 2016-02-24 08:58 - 2016-02-24 08:58 - 00007677 _____ C:\Program Files\Common Files\Recovery+sejvv.html 2016-02-24 08:58 - 2016-02-24 08:58 - 00002009 _____ C:\Program Files\Recovery+sejvv.txt 2016-02-24 08:58 - 2016-02-24 08:58 - 00002009 _____ C:\Program Files\Common Files\Recovery+sejvv.txt 2016-02-24 08:51 - 2016-02-24 09:16 - 00007677 _____ C:\Users\Recovery+sejvv.html 2016-02-24 08:51 - 2016-02-24 09:16 - 00002009 _____ C:\Users\Recovery+sejvv.txt 2016-02-24 08:49 - 2016-02-24 08:49 - 00000252 _____ C:\Users\wesepid1\Documents\recover_file_pplvxqdkq.txt 2016-02-23 17:42 - 2016-02-23 17:42 - 00007677 _____ C:\Users\Administrator\AppData\Roaming\Recovery+ahrdl.html 2016-02-23 17:42 - 2016-02-23 17:42 - 00007677 _____ C:\Users\admin\Recovery+ahrdl.html 2016-02-23 17:42 - 2016-02-23 17:42 - 00007677 _____ C:\Users\admin\Downloads\Recovery+ahrdl.html 2016-02-23 17:42 - 2016-02-23 17:42 - 00007677 _____ C:\Users\admin\Documents\Recovery+ahrdl.html 2016-02-23 17:42 - 2016-02-23 17:42 - 00007677 _____ C:\Users\admin\AppData\Roaming\Recovery+ahrdl.html 2016-02-23 17:42 - 2016-02-23 17:42 - 00007677 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+ahrdl.html 2016-02-23 17:42 - 2016-02-23 17:42 - 00007677 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+ahrdl.html 2016-02-23 17:42 - 2016-02-23 17:42 - 00007677 _____ C:\Users\admin\AppData\Recovery+ahrdl.html 2016-02-23 17:42 - 2016-02-23 17:42 - 00007677 _____ C:\Users\admin\AppData\LocalLow\Recovery+ahrdl.html 2016-02-23 17:42 - 2016-02-23 17:42 - 00002009 _____ C:\Users\Administrator\AppData\Roaming\Recovery+ahrdl.txt 2016-02-23 17:42 - 2016-02-23 17:42 - 00002009 _____ C:\Users\admin\Recovery+ahrdl.txt 2016-02-23 17:42 - 2016-02-23 17:42 - 00002009 _____ C:\Users\admin\Downloads\Recovery+ahrdl.txt 2016-02-23 17:42 - 2016-02-23 17:42 - 00002009 _____ C:\Users\admin\Documents\Recovery+ahrdl.txt 2016-02-23 17:42 - 2016-02-23 17:42 - 00002009 _____ C:\Users\admin\AppData\Roaming\Recovery+ahrdl.txt 2016-02-23 17:42 - 2016-02-23 17:42 - 00002009 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Recovery+ahrdl.txt 2016-02-23 17:42 - 2016-02-23 17:42 - 00002009 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery+ahrdl.txt 2016-02-23 17:42 - 2016-02-23 17:42 - 00002009 _____ C:\Users\admin\AppData\Recovery+ahrdl.txt 2016-02-23 17:42 - 2016-02-23 17:42 - 00002009 _____ C:\Users\admin\AppData\LocalLow\Recovery+ahrdl.txt 2016-02-23 17:15 - 2016-02-23 17:15 - 00007677 _____ C:\Program Files\Recovery+ahrdl.html 2016-02-23 17:15 - 2016-02-23 17:15 - 00002009 _____ C:\Program Files\Recovery+ahrdl.txt 2016-02-23 17:14 - 2016-02-23 17:14 - 00007677 _____ C:\Program Files\Common Files\Recovery+ahrdl.html 2016-02-23 17:14 - 2016-02-23 17:14 - 00002009 _____ C:\Program Files\Common Files\Recovery+ahrdl.txt 2016-02-23 17:12 - 2016-03-01 17:33 - 00000000 ____D C:\ProgramData\McAfee 2016-02-23 17:07 - 2016-02-23 17:07 - 00007677 _____ C:\Users\Recovery+ahrdl.html 2016-02-23 17:07 - 2016-02-23 17:07 - 00002009 _____ C:\Users\Recovery+ahrdl.txt 2016-02-23 17:05 - 2016-02-23 17:05 - 00335872 ____H (Microsoft Corporation) C:\Windows\afjvyxcuocqr.exe 2016-02-23 17:05 - 2016-02-23 17:05 - 00000252 _____ C:\Users\wesepid1\Documents\recover_file_leypdfprk.txt 2016-02-10 16:44 - 2016-02-10 16:45 - 00000000 ____D C:\Users\wesepid1\Desktop\Word etc ==================== Ein Monat: Geänderte Dateien und Ordner ======== CODE] |
So es geht weiter. Hoffe das ich das so richtig mache Code: (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)Code: Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:02-03-2016 |
Ist das ein gewebrlich genutzter Rechner? |
Ja teilweise zum Auslesen von Geräten. |
Und ihr macht von einem gewerblich genutzten System, auf dem unternehmenswichtige Daten liegen, kein Backup??? :wtf: |
Vom Unternehmen sind keine wichtigen Daten drauf. Nur Software zum Auslesen, die bekomme ich aber jeder Zeit wieder. Sind halt noch ein paar andere Daten drauf die ich nicht wieder bekomme, wenn du verstehst. |
Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers |
Habe alles gemacht, das Programm findet leider nix. Code: Malwarebytes Anti-Rootkit BETA 1.9.3.1001 |
Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 14:40 Uhr. |
Copyright ©2000-2025, Trojaner-Board
