Trojaner-Board
Seite 3 von 3 12 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen (https://www.trojaner-board.de/162491-windows-7-haeufig-keine-rueckmeldung-beim-starten-anwendungen.html)

schuemli 01.02.2015 08:32
Folgend das Log von ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=de7dab26ee86f44293b2bcc848d7c5fc
# engine=22245
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-01 12:31:07
# local_time=2015-02-01 01:31:07 (+0100, Mitteleuropäische Zeit)
# country="United States"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 169509 174381858 0 0
# scanned=73658
# found=328
# cleaned=0
# scan_time=8492
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3075977200-4285461987-214124539-1000\$R0P7ENJ.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3075977200-4285461987-214124539-1000\$R3N3S8W.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3075977200-4285461987-214124539-1000\$RUB2ZQG.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3075977200-4285461987-214124539-1000\$RVQTAV7.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\Administrator\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\Administrator\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\****\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\****\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\****\AppData\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\****\AppData\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Device Metadata\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Device Metadata\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1025\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1025\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1028\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1028\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1029\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1029\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1030\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1030\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1031\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1031\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1032\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1032\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1033\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1033\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1035\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1035\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1036\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1036\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1037\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1037\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1038\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1038\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1040\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1040\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1041\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1041\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1042\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1042\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1043\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1043\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1044\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1044\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1045\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1045\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1046\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1046\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1049\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1049\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1053\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1053\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1055\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\1055\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\2052\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\2052\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\2070\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\2070\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\3076\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\3076\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\3082\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ba9291bd3e00e1ed1c0cb9\3082\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\Microsoft\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\Microsoft\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\Microsoft\RAC\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\Microsoft\RAC\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\Microsoft\RAC\PublishedData\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\Microsoft\RAC\PublishedData\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\Microsoft\RAC\StateData\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\Microsoft\RAC\StateData\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\NokiaInstallerCache\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\NokiaInstallerCache\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\NokiaInstallerCache\PackageCache\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\NokiaInstallerCache\PackageCache\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\Language\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\Language\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\Language\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\Language\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\NokiaInstallerCache\ProductCache\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\NokiaInstallerCache\ProductCache\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\Teasers\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\Teasers\HELP_DECRYPT.TXT"
sh=81F80F33F488A27C0AC6E6BCC3AE19426684EEBC ft=1 fh=fbd41dbd0013b1c8 vn="Variante von Win32/Kryptik.CWIH Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\****\AppData\Roaming\BtvStack.dll.vir"
sh=F5825B0DC0A555078A8CB34BAFF3EED9135864D6 ft=1 fh=74410aac6459ce59 vn="Variante von Win32/Rootkit.Kryptik.ZO Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Windows\System32\drivers\93a0a821ee01750e.sys.vir"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RegBackup\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RegBackup\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RegBackup\****-BOOKLET\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RegBackup\****-BOOKLET\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RegBackup\****-BOOKLET\10.01.2015_02.18.31\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RegBackup\****-BOOKLET\10.01.2015_02.18.31\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RegBackup\****-BOOKLET\10.01.2015_02.20.09\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\RegBackup\****-BOOKLET\10.01.2015_02.20.09\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Apple\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Apple\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Apple\Bonjour\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Apple\Bonjour\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\old\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\old\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Roaming\AVAST Software\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Roaming\AVAST Software\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Administrator\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\Microsoft\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\Microsoft\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\Microsoft\RAC\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\Microsoft\RAC\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\Microsoft\RAC\PublishedData\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\Microsoft\RAC\PublishedData\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\Microsoft\RAC\StateData\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\Microsoft\RAC\StateData\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\NokiaInstallerCache\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\NokiaInstallerCache\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\NokiaInstallerCache\PackageCache\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\NokiaInstallerCache\PackageCache\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\Language\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\Language\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\Language\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\Language\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\NokiaInstallerCache\ProductCache\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\NokiaInstallerCache\ProductCache\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\Teasers\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\Teasers\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Default\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Default\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Default\AppData\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Default\AppData\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Default\AppData\Roaming\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Default\AppData\Roaming\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Default\AppData\Roaming\AVAST Software\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Default\AppData\Roaming\AVAST Software\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Default\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\Default\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\HELP_DECRYPT.TXT"
sh=BA722A7AEC61E20CDA74A9A569DFA4D3BA7D4EFA ft=1 fh=ce57df98cc353300 vn="Variante von Win32/Kryptik.BSOV Trojaner" ac=I fn="C:\Users\****\AppData\Local\Abworks\lnkdovrphy.dll"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Apple\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Apple\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Apple\Bonjour\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Apple\Bonjour\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Google\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Google\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Google\Chrome\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Google\Chrome\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Google\Chrome\Application\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Google\Chrome\Application\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Google\Chrome\User Data\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Google\Chrome\User Data\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\databases\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\databases\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Sync Data\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Sync Data\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Microsoft\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Microsoft\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Microsoft\Media Player\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Microsoft\Media Player\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Microsoft\Media Player\Grafikcache\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Microsoft\Media Player\Grafikcache\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Microsoft\Media Player\Grafikcache\LocalMLS\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Microsoft\Media Player\Grafikcache\LocalMLS\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Mozilla\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Mozilla\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Mozilla\Firefox\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Mozilla\Firefox\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Nokia\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Nokia\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Nokia\Nokia Data Store\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Nokia\Nokia Data Store\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Deleted\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Deleted\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Deleted\DataBase\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Deleted\DataBase\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Thumbnail\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Thumbnail\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Thumbnail\DataBase\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Thumbnail\DataBase\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Adobe\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Adobe\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Adobe\Acrobat\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Adobe\Acrobat\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Adobe\Acrobat\10.0\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Adobe\Acrobat\10.0\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Microsoft\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Microsoft\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\1\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\1\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\Java\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\Java\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\26\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\26\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Adobe\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Adobe\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Adobe\Flash Player\AssetCache\QGZYG4D8\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Adobe\Flash Player\AssetCache\QGZYG4D8\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\AVAST Software\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\AVAST Software\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Microsoft\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Microsoft\Document Building Blocks\1031\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Microsoft\Document Building Blocks\1031\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Microsoft\Templates\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Microsoft\Templates\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Mozilla\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Mozilla\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Mozilla\Firefox\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Mozilla\Firefox\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\PC Suite\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\PC Suite\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\PC Suite\359345035684709\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\AppData\Roaming\PC Suite\359345035684709\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\GDesk\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\GDesk\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\GDesk\signsis_files\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\GDesk\signsis_files\HELP_DECRYPT.TXT"
sh=AF63D5EF807EE44FC3073AAB1BB20F954CFAECF5 ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\Videos\HELP_DECRYPT.HTML"
sh=FE0B893A6322AA78FED40239F4E27C7A232954EF ft=0 fh=0000000000000000 vn="Win32/Filecoder.CR Trojaner" ac=I fn="C:\Users\****\Videos\HELP_DECRYPT.TXT"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/Kryptik.BSOV Trojaner" ac=I fn="${Memory}"
Folgend das Log Security Check:
Code:
Results of screen317's Security Check version 0.99.95 
 Windows 7 Service Pack 1 x86 (UAC is disabled!) 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner   
 Java 7 Update 55 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Flash Player        16.0.0.296 
 Adobe Reader 10.1.13 Adobe Reader out of Date! 
 Google Chrome (40.0.2214.93)
 Google Chrome (40.0.2214.94)
 Google Chrome (HELP_DECRYPT.HTML..)
 Google Chrome (HELP_DECRYPT.PNG..)
 Google Chrome (HELP_DECRYPT.TXT..)
 Google Chrome (HELP_DECRYPT.URL..)
````````Process Check: objlist.exe by Laurent```````` 
 Alwil Software Avast5 AvastSvc.exe 
 Alwil Software Avast5 ng vbox\AvastVBoxSVC.exe
 Alwil Software Avast5 AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Im nächsten Anhang geht's weiter. Die Anzahl der Zeichen ist zu gross.

schuemli 01.02.2015 08:35
2. Teil mit den frischen FRST logs und Addition logs:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by **** (administrator) on ****-BOOKLET on 01-02-2015 08:15:17
Running from C:\Users\****\Downloads
Loaded Profiles: **** (Available profiles: **** & Administrator)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\HDPSrv.exe
() C:\Windows\System32\prldrsrv.exe
(Option International) C:\Program Files\Option\RoamingHelperSetup\RoamingHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avast Software) C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(COMPAL ELECTRONIC INC.) C:\Program Files\HotKey\CeEKey.exe
(Nokia) C:\Program Files\Power Management\NpwrMngr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Windows\System32\HDPSrv.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Nokia) C:\Program Files\Nokia\Nokia Social Hub\Hub.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-09] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5225064 2015-01-28] (AVAST Software)
HKLM\...\Run: [CeEKEY] => C:\Program Files\HotKey\CeEKey.exe [1607024 2010-04-06] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [504160 2009-09-10] (CSR, plc)
HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [346464 2009-09-10] (CSR, plc)
HKLM\...\Run: [HDPSrv] => C:\Windows\system32\HDPSrv.exe [180224 2009-12-24] ()
HKLM\...\Run: [NokiaMServer] => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [NpwrMngr] => C:\Program Files\Power Management\NpwrMngr.exe [488816 2009-12-23] (Nokia)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [Nokia Social Hub] => C:\Program Files\Nokia\Nokia Social Hub\Hub.exe [4941824 2010-04-21] (Nokia)
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [Abworks] => regsvr32.exe C:\Users\****\AppData\Local\Abworks\lnkdovrphy.dll <===== ATTENTION
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [C5FF2788] => C:\Users\****\AppData\Roaming\C5FF2788\bin.exe
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3075977200-4285461987-214124539-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=NKATDF&pc=MANK&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3075977200-4285461987-214124539-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKU\S-1-5-21-3075977200-4285461987-214124539-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AA132380-4875-4E1D-99ED-7B7AC0780F88}: [NameServer] 195.186.216.33 195.186.152.33

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.bluewin.ch
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3075977200-4285461987-214124539-1000: @tools.google.com/Google Update;version=3 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3075977200-4285461987-214124539-1000: @tools.google.com/Google Update;version=9 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Stealthy - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default\Extensions\stealthyextension@gmail.com.xpi [2011-05-19]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-02-28]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2010-07-01]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2010-07-01]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.bluewin.ch/"
CHR Plugin: (Shockwave Flash) - C:\Users\****\AppData\Local\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\****\AppData\Local\Google\Chrome\Application\40.0.2214.91\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\****\AppData\Local\Google\Chrome\Application\40.0.2214.91\pdf.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Google Update) - C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_287.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-25]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-01-01]
StartMenuInternet: Google Chrome.ENT2PAEKF5UFKJNFFNKFI6MGBA - C:\Users\****\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2015-01-01] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-01] (Avast Software)
R2 HDPSrv; C:\WINDOWS\system32\HDPSrv.exe [180224 2009-12-24] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 PrLdrSrv; C:\Windows\system32\PrLdrSrv.exe [11776 2010-04-23] () [File not signed]
R2 RoamingHelper; C:\Program Files\Option\RoamingHelperSetup\RoamingHelper.exe [19968 2010-04-02] (Option International) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [111488 2009-09-10] (CSR, plc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-01] ()
R0 EMSC; C:\Windows\System32\DRIVERS\EvMngr.SYS [19824 2009-06-25] ()
R3 GTNDIS62; C:\Windows\System32\DRIVERS\Gtuhs62.sys [159744 2010-04-13] (Option N.V.)
R3 GTUHSBUS; C:\Windows\System32\DRIVERS\gtuhsbus.sys [151552 2010-03-12] (Option N.V.)
R3 GTUHSSER; C:\Windows\System32\DRIVERS\gtuhsser.sys [8064 2010-02-26] (Option N.V.)
R0 HDFilter; C:\Windows\System32\DRIVERS\HDFilter.sys [20848 2009-07-04] (COMPAL ELECTRONIC INC.)
R3 igd; C:\Windows\System32\DRIVERS\igdkmd32.sys [647904 2010-03-26] (Intel Corporation)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-03] (COMPAL ELECTRONIC INC.)
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [14848 2012-08-23] (Microsoft Corporation) [File not signed]
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [584872 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [197800 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [24232 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [20136 2013-06-26] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [218192 2015-01-01] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\****\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 08:15 - 2015-02-01 08:16 - 00015487 _____ () C:\Users\****\Downloads\FRST.txt
2015-02-01 08:13 - 2015-02-01 08:13 - 00001219 _____ () C:\Users\****\Desktop\checkup.txt
2015-02-01 08:05 - 2015-02-01 08:05 - 00852573 _____ () C:\Users\****\Desktop\SecurityCheck.exe
2015-01-30 12:16 - 2015-01-30 12:16 - 00000348 _____ () C:\Lokaler Datenträger (Q) - Verknüpfung.lnk
2015-01-30 11:51 - 2015-01-30 11:51 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 11:50 - 2015-01-30 11:51 - 01707939 _____ (Thisisu) C:\Users\****\Downloads\JRT.exe
2015-01-30 11:36 - 2015-01-30 11:36 - 00000199 _____ () C:\Windows\system32\2015-01-30-10-36-05.047-AvastVBoxSVC.exe-3172.log
2015-01-30 11:14 - 2015-01-30 11:31 - 00000000 ____D () C:\AdwCleaner
2015-01-30 11:06 - 2015-01-30 11:07 - 02194432 _____ () C:\Users\****\Downloads\AdwCleaner_4.109.exe
2015-01-30 10:50 - 2015-01-30 10:50 - 00000199 _____ () C:\Windows\system32\2015-01-30-09-50-36.060-AvastVBoxSVC.exe-5652.log
2015-01-30 10:01 - 2015-01-30 11:02 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 10:01 - 2015-01-30 10:01 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-30 10:01 - 2015-01-30 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-30 10:01 - 2015-01-30 10:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-30 10:01 - 2015-01-30 10:01 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-30 10:01 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-30 10:01 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-30 10:01 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-30 09:56 - 2015-01-30 09:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-30 08:18 - 2015-01-30 08:18 - 00000199 _____ () C:\Windows\system32\2015-01-30-07-18-42.047-AvastVBoxSVC.exe-3212.log
2015-01-29 22:12 - 2015-01-29 22:12 - 00000199 _____ () C:\Windows\system32\2015-01-29-21-12-23.046-AvastVBoxSVC.exe-3172.log
2015-01-29 01:38 - 2015-01-29 01:38 - 00000249 _____ () C:\Windows\system32\2015-01-29-00-38-24.051-aswFe.exe-15716.log
2015-01-29 01:27 - 2015-01-29 01:38 - 00000249 _____ () C:\Windows\system32\2015-01-29-00-27-23.045-aswFe.exe-13928.log
2015-01-29 01:27 - 2015-01-29 01:27 - 00000199 _____ () C:\Windows\system32\2015-01-29-00-27-10.036-AvastVBoxSVC.exe-9804.log
2015-01-29 01:20 - 2015-01-29 01:20 - 00000199 _____ () C:\Windows\system32\2015-01-29-00-20-07.005-AvastVBoxSVC.exe-7036.log
2015-01-29 01:12 - 2015-01-29 22:58 - 00014349 _____ () C:\ComboFix.txt
2015-01-28 23:54 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-28 23:54 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-28 23:54 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-28 23:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-28 23:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-28 23:54 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-28 23:54 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-28 23:54 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-28 23:53 - 2015-01-29 01:13 - 00000000 ____D () C:\Qoobox
2015-01-28 23:50 - 2015-01-28 23:41 - 05610841 ____R (Swearware) C:\Users\****\Downloads\ComboFix.exe
2015-01-28 23:41 - 2015-01-29 01:06 - 00000000 ____D () C:\Windows\erdnt
2015-01-28 23:21 - 2015-01-28 23:21 - 00002138 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-28 23:21 - 2015-01-28 23:21 - 00000199 _____ () C:\Windows\system32\2015-01-28-22-21-41.095-AvastVBoxSVC.exe-6008.log
2015-01-28 23:21 - 2015-01-28 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-28 23:19 - 2015-01-01 16:07 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-28 23:03 - 2014-11-07 16:35 - 132469808 _____ (AVAST Software) C:\Users\****\Downloads\avast_free_antivirus_setup.exe
2015-01-27 23:09 - 2015-02-01 08:15 - 00000000 ____D () C:\Users\****\Downloads\FRST-OlderVersion
2015-01-27 22:52 - 2015-01-29 22:11 - 00000000 ___HD () C:\Users\****\AppData\Roaming\C9F068BE
2015-01-27 00:56 - 2015-01-27 00:56 - 118132629 _____ () C:\Windows\MEMORY.DMP
2015-01-27 00:56 - 2015-01-27 00:56 - 00510968 _____ () C:\Windows\Minidump\012715-35568-01.dmp
2015-01-27 00:56 - 2015-01-27 00:56 - 00000000 ____D () C:\Windows\Minidump
2015-01-26 21:18 - 2015-01-30 10:41 - 00000000 ___HD () C:\Users\****\AppData\Roaming\C5FF2788
2015-01-26 21:05 - 2015-01-26 21:11 - 00000000 ____D () C:\Users\****\AppData\Roaming\Local Store
2015-01-25 23:42 - 2015-01-27 23:18 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-25 23:18 - 2015-01-28 22:07 - 00000000 ____D () C:\Users\****\AppData\Roaming\Bihy
2015-01-25 22:59 - 2015-01-25 22:59 - 00008528 _____ () C:\Users\****\HELP_DECRYPT.HTML
2015-01-25 22:59 - 2015-01-25 22:59 - 00008528 _____ () C:\Users\HELP_DECRYPT.HTML
2015-01-25 22:59 - 2015-01-25 22:59 - 00004204 _____ () C:\Users\****\HELP_DECRYPT.TXT
2015-01-25 22:59 - 2015-01-25 22:59 - 00004204 _____ () C:\Users\HELP_DECRYPT.TXT
2015-01-25 22:59 - 2015-01-25 22:59 - 00000272 _____ () C:\Users\****\HELP_DECRYPT.URL
2015-01-25 22:59 - 2015-01-25 22:59 - 00000272 _____ () C:\Users\HELP_DECRYPT.URL
2015-01-25 22:47 - 2015-01-25 22:47 - 00008528 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-25 22:47 - 2015-01-25 22:47 - 00008528 _____ () C:\Users\****\AppData\HELP_DECRYPT.HTML
2015-01-25 22:47 - 2015-01-25 22:47 - 00004204 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-25 22:47 - 2015-01-25 22:47 - 00004204 _____ () C:\Users\****\AppData\HELP_DECRYPT.TXT
2015-01-25 22:47 - 2015-01-25 22:47 - 00000272 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 22:47 - 2015-01-25 22:47 - 00000272 _____ () C:\Users\****\AppData\HELP_DECRYPT.URL
2015-01-25 22:45 - 2015-01-25 22:45 - 00008528 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.HTML
2015-01-25 22:45 - 2015-01-25 22:45 - 00004204 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.TXT
2015-01-25 22:45 - 2015-01-25 22:45 - 00000272 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Default\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Default\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Default\AppData\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Default User\AppData\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Administrator\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\Users\Administrator\AppData\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Default\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Default\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Default\AppData\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Default User\AppData\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Administrator\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\Users\Administrator\AppData\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Default\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Default\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Default\AppData\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Default User\AppData\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Administrator\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Administrator\AppData\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-25 22:43 - 2015-01-29 22:11 - 00000000 ____D () C:\Users\****\AppData\Local\Ihsoft
2015-01-25 22:43 - 2015-01-25 22:43 - 00000000 ____D () C:\Users\****\AppData\Local\Abworks
2015-01-25 22:42 - 2015-01-25 22:42 - 00000416 _____ () C:\Windows\BRWMARK.INI
2015-01-25 22:42 - 2015-01-25 22:42 - 00000034 _____ () C:\Windows\system32\BD5280DW.DAT
2015-01-25 22:42 - 2015-01-25 22:42 - 00000017 _____ () C:\ProgramData\systemskey.ini
2015-01-25 22:06 - 2015-01-29 07:02 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-01-25 20:53 - 2015-01-25 20:53 - 00000491 _____ () C:\Users\****\Downloads\gmer log 25.01.15.log
2015-01-23 21:09 - 2015-01-23 21:09 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-23 21:08 - 2015-02-01 07:19 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000UA.job
2015-01-23 21:08 - 2015-01-31 22:47 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000Core.job
2015-01-23 21:07 - 2015-01-23 21:12 - 00000000 ____D () C:\Users\****\AppData\Local\500950
2015-01-23 21:07 - 2015-01-23 21:07 - 35763832 _____ (Google Inc.) C:\Users\****\Downloads\google-chrome.exe
2015-01-23 20:45 - 2015-01-23 20:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-22 22:32 - 2015-01-25 22:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple
2015-01-22 22:31 - 2015-01-22 22:31 - 00001419 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-22 22:30 - 2015-01-22 22:30 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2015-01-22 22:16 - 2015-01-22 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
2015-01-22 22:15 - 2015-01-22 22:31 - 00000000 ____D () C:\Program Files\Bonjour Print Services
2015-01-22 22:14 - 2015-01-25 22:44 - 00000000 ____D () C:\Users\****\AppData\Local\Apple
2015-01-22 22:14 - 2015-01-22 22:14 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-22 22:14 - 2015-01-22 22:14 - 00000000 ____D () C:\Program Files\Apple Software Update
2015-01-22 22:13 - 2015-01-22 22:13 - 00000000 ____D () C:\ProgramData\Apple
2015-01-22 22:13 - 2015-01-22 22:13 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-22 22:01 - 2015-01-22 22:02 - 05436744 _____ (Apple Inc.) C:\Users\****\Downloads\BonjourPS202Setup.exe
2015-01-22 20:28 - 2015-01-22 20:28 - 00000000 _____ () C:\ProgramData\HDPSetting.ini
2015-01-20 02:17 - 2015-01-20 02:17 - 00001419 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-20 02:15 - 2015-01-20 02:15 - 00000020 ___SH () C:\Users\****\ntuser.ini
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 ____D () C:\Recovery
2015-01-20 02:05 - 2015-02-01 07:52 - 00056453 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 01:50 - 2015-01-20 01:50 - 00021532 _____ () C:\Windows\system32\emptyregdb.dat
2015-01-20 01:41 - 2015-01-25 22:44 - 00000000 ____D () C:\Users\Default\AppData\Roaming\AVAST Software
2015-01-20 01:41 - 2015-01-25 22:44 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\AVAST Software
2015-01-20 01:41 - 2015-01-20 01:41 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-01-20 01:41 - 2015-01-20 01:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-01-20 01:06 - 2015-01-25 22:59 - 00000000 ____D () C:\Users\****
2015-01-20 01:06 - 2015-01-25 22:44 - 00000000 ____D () C:\Users\Administrator
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Startmenü
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Netzwerkumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Druckumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Documents\Eigene Musik
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Documents\Eigene Bilder
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\AppData\Local\Verlauf
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2015-01-20 01:06 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:06 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:06 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:06 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:04 - 2015-01-20 01:04 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-01-20 01:04 - 2015-01-20 01:04 - 00000000 ____D () C:\Program Files\Realtek
2015-01-20 01:03 - 2015-01-20 01:03 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-01-20 01:03 - 2015-01-20 01:03 - 00000000 ____D () C:\Program Files\Synaptics
2015-01-20 01:02 - 2015-01-20 01:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-01-20 00:59 - 2015-01-20 01:05 - 00001355 _____ () C:\Windows\TSSysprep.log
2015-01-20 00:57 - 2015-01-20 02:15 - 00000000 ____D () C:\Windows\Panther
2015-01-20 00:54 - 2015-01-20 00:54 - 00262144 _____ () C:\Windows\system32\config\userdiff
2015-01-20 00:30 - 2015-01-25 22:42 - 00000000 ____D () C:\$WINDOWS.~Q
2015-01-20 00:25 - 2015-01-20 00:29 - 00000000 ____D () C:\$INPLACE.~TR
2015-01-19 23:11 - 2015-01-20 01:52 - 00006137 _____ () C:\Windows\comsetup.log
2015-01-19 22:59 - 2015-01-19 22:59 - 00000199 _____ () C:\Windows\system32\2015-01-19-21-59-47.056-AvastVBoxSVC.exe-2804.log
2015-01-19 22:47 - 2015-01-19 22:47 - 00000249 _____ () C:\Windows\system32\2015-01-19-21-47-40.038-aswFe.exe-912.log
2015-01-19 22:25 - 2015-01-19 22:47 - 00000249 _____ () C:\Windows\system32\2015-01-19-21-25-01.028-aswFe.exe-3604.log
2015-01-19 22:24 - 2015-01-19 22:24 - 00000199 _____ () C:\Windows\system32\2015-01-19-21-24-52.051-AvastVBoxSVC.exe-2552.log
2015-01-19 22:14 - 2015-01-20 01:19 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-10 02:18 - 2015-01-25 22:44 - 00000000 ____D () C:\RegBackup
2015-01-10 02:18 - 2015-01-10 02:18 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-****-BOOKLET-Microsoft-Windows-7-Starter-(32-bit).dat
2015-01-07 20:53 - 2015-01-07 20:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2015-01-07 20:52 - 2015-01-20 01:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-01-07 20:50 - 2015-01-20 01:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-01-07 20:49 - 2015-01-25 22:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVAST Software
2015-01-07 20:49 - 2010-06-29 13:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2015-01-05 22:04 - 2015-01-20 01:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-04 22:30 - 2014-12-04 05:38 - 00728576 ____N (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-04 22:30 - 2014-12-04 05:38 - 00610304 ____N (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-04 22:30 - 2014-12-02 00:28 - 01160872 ____N (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-04 22:29 - 2014-12-04 05:38 - 00337920 ____N (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-04 22:29 - 2014-12-04 05:38 - 00315392 ____N (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-04 22:27 - 2015-01-04 22:29 - 00380416 _____ () C:\Users\****\Downloads\Gmer-19357.exe
2015-01-04 22:12 - 2014-11-21 08:16 - 02861568 ____N (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-04 22:02 - 2015-02-01 08:15 - 00000000 ____D () C:\FRST
2015-01-04 21:59 - 2015-02-01 08:15 - 01122304 _____ (Farbar) C:\Users\****\Downloads\FRST.exe
2015-01-04 21:56 - 2015-01-04 21:57 - 00000472 _____ () C:\Users\****\Downloads\defogger_disable.log
2015-01-04 21:56 - 2015-01-04 21:56 - 00000000 _____ () C:\Users\****\defogger_reenable
2015-01-04 21:54 - 2015-01-04 21:55 - 00050477 _____ () C:\Users\****\Downloads\Defogger.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 08:16 - 2009-07-14 05:34 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 08:16 - 2009-07-14 05:34 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 08:07 - 2013-01-13 01:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 08:01 - 2014-01-21 21:51 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-31 22:42 - 2014-01-21 21:51 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 11:33 - 2010-11-20 22:48 - 00017360 _____ () C:\Windows\PFRO.log
2015-01-30 11:33 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 11:33 - 2009-07-14 05:39 - 00265306 _____ () C:\Windows\setupact.log
2015-01-30 10:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\security
2015-01-29 01:13 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-29 01:12 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-29 01:00 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-29 00:10 - 2010-04-23 11:44 - 00000000 ____D () C:\ProgramData\temp
2015-01-28 22:55 - 2010-11-20 22:01 - 01629396 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-27 23:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-25 22:47 - 2010-07-12 22:23 - 00000000 ____D () C:\Users\****\GDesk
2015-01-25 22:47 - 2010-07-05 09:19 - 00000000 ____D () C:\Users\****\AppData\Roaming\Mozilla
2015-01-25 22:47 - 2010-07-01 21:50 - 00000000 ____D () C:\Users\****\AppData\Roaming\PC Suite
2015-01-25 22:46 - 2014-01-21 21:41 - 00000000 ____D () C:\Users\****\AppData\Roaming\AVAST Software
2015-01-25 22:46 - 2010-07-05 09:33 - 00000000 ____D () C:\Users\****\AppData\Roaming\Adobe
2015-01-25 22:45 - 2011-09-10 10:31 - 00000000 ____D () C:\Users\****\AppData\Local\Google
2015-01-25 22:45 - 2010-07-05 09:19 - 00000000 ____D () C:\Users\****\AppData\Local\Mozilla
2015-01-25 22:45 - 2010-07-01 21:53 - 00000000 ____D () C:\Users\****\AppData\Local\Nokia
2015-01-25 22:44 - 2010-07-01 21:35 - 00000000 ____D () C:\ProgramData\NokiaInstallerCache
2015-01-25 22:43 - 2011-08-16 10:17 - 00000000 ____D () C:\ba9291bd3e00e1ed1c0cb9
2015-01-25 20:07 - 2013-01-13 01:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-25 20:07 - 2011-06-15 00:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-25 19:59 - 2009-07-14 03:04 - 00000580 _____ () C:\Windows\win.ini
2015-01-25 19:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-23 20:59 - 2014-01-21 21:51 - 00000000 ____D () C:\Program Files\Google
2015-01-22 23:11 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-22 22:31 - 2009-07-14 05:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-20 21:09 - 2012-11-19 09:53 - 00000000 ____D () C:\Users\****\AppData\Local\Wuala
2015-01-20 21:07 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\restore
2015-01-20 20:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-20 02:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-20 02:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\Recovery
2015-01-20 02:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-20 02:11 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-20 02:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Registration
2015-01-20 01:51 - 2009-07-14 05:39 - 00005715 _____ () C:\Windows\setuperr.log
2015-01-20 01:44 - 2009-07-14 05:33 - 00287424 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-20 01:41 - 2009-07-14 05:34 - 00005157 _____ () C:\Windows\DtcInstall.log
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:38 - 2010-07-18 21:53 - 00000000 ____D () C:\Users\****\Downloads\LinuxKDE(eng).gdd
2015-01-20 01:38 - 2010-07-18 21:47 - 00000000 ____D () C:\Users\****\Downloads\SNP88.gdd
2015-01-20 01:38 - 2010-07-18 21:41 - 00000000 ____D () C:\Users\****\Downloads\CrepusculumByPingwinGTS.gdd
2015-01-20 01:38 - 2010-07-18 21:34 - 00000000 ____D () C:\Users\****\Downloads\diamond-v04
2015-01-20 01:37 - 2012-08-18 10:14 - 00000000 ____D () C:\Users\****\AppData\Roaming\SoftGrid Client
2015-01-20 01:37 - 2012-08-18 10:14 - 00000000 ____D () C:\Users\****\AppData\Local\SoftGrid Client
2015-01-20 01:37 - 2010-07-13 00:04 - 00000000 ____D () C:\Users\****\AppData\Roaming\WinRAR
2015-01-20 01:37 - 2010-07-13 00:02 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-20 01:37 - 2010-07-05 09:33 - 00000000 ____D () C:\Users\****\AppData\Roaming\Macromedia
2015-01-20 01:37 - 2010-07-01 22:09 - 00000000 ____D () C:\Users\****\AppData\Roaming\Nokia Ovi Suite
2015-01-20 01:37 - 2010-07-01 21:57 - 00000000 ____D () C:\Users\****\AppData\Roaming\Nokia
2015-01-20 01:37 - 2010-07-01 21:56 - 00000000 ____D () C:\Users\****\AppData\Local\NokiaAccount
2015-01-20 01:36 - 2011-01-26 21:53 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe
2015-01-20 01:19 - 2014-07-26 20:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-20 01:19 - 2011-07-30 15:11 - 00000000 ____D () C:\Windows\system32\SPReview
2015-01-20 01:19 - 2011-07-16 23:18 - 00000000 ____D () C:\Windows\system32\EventProviders
2015-01-20 01:19 - 2010-07-05 09:32 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-20 01:19 - 2010-04-23 10:54 - 00000000 ____D () C:\Windows\{9BA86693-F49A-4DA1-BBB3-827DFB688228}
2015-01-20 01:19 - 2010-04-23 10:53 - 00000000 ____D () C:\Windows\system32\Lang
2015-01-20 01:19 - 2010-04-23 10:51 - 00000000 ____D () C:\Windows\system32\Microsoft.VC80.MFC
2015-01-20 01:19 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-PT
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\it-IT
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\hu-HU
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\el-GR
2015-01-20 01:18 - 2010-07-05 11:03 - 00000000 ____D () C:\Windows\pss
2015-01-20 01:18 - 2010-06-29 13:20 - 00000000 ____D () C:\Windows\SHELLNEW
2015-01-20 01:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-20 01:16 - 2014-08-02 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-20 01:16 - 2014-01-21 21:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-20 01:16 - 2013-01-25 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-01-20 01:16 - 2013-01-25 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-20 01:16 - 2012-11-19 09:58 - 00000000 ____D () C:\ProgramData\Sun
2015-01-20 01:16 - 2011-01-26 21:46 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-20 01:16 - 2011-01-26 21:42 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-20 01:16 - 2010-08-30 14:53 - 00000000 ____D () C:\ProgramData\Alwil Software
2015-01-20 01:16 - 2010-08-13 20:51 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2015-01-20 01:16 - 2010-07-13 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-20 01:16 - 2010-07-13 00:01 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-20 01:16 - 2010-07-01 21:50 - 00000000 ____D () C:\ProgramData\PC Suite
2015-01-20 01:16 - 2010-06-30 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2015-01-20 01:16 - 2010-06-30 23:11 - 00000000 ____D () C:\Program Files\Nokia
2015-01-20 01:16 - 2010-06-29 13:31 - 00000000 ____D () C:\ProgramData\fssg
2015-01-20 01:16 - 2010-06-29 13:30 - 00000000 ____D () C:\ProgramData\f-secure
2015-01-20 01:16 - 2010-06-29 13:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-20 01:16 - 2010-04-23 10:58 - 00000000 ____D () C:\Program Files\Option
2015-01-20 01:16 - 2010-04-23 10:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-20 01:16 - 2010-04-23 10:56 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-01-20 01:16 - 2010-04-23 10:51 - 00000000 ____D () C:\ProgramData\win7_32
2015-01-20 01:16 - 2010-04-23 10:51 - 00000000 ____D () C:\Program Files\Power Management
2015-01-20 01:16 - 2010-04-23 10:29 - 00000000 ____D () C:\ProgramData\Nokia
2015-01-20 01:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-01-20 01:15 - 2014-11-11 21:13 - 00000000 ____D () C:\Program Files\GUM8EBC.tmp
2015-01-20 01:15 - 2013-09-04 21:05 - 00000000 ____D () C:\Program Files\Java
2015-01-20 01:15 - 2013-01-25 11:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-20 01:15 - 2012-08-18 10:08 - 00000000 ____D () C:\Program Files\Microsoft Application Virtualization Client
2015-01-20 01:15 - 2010-07-05 09:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-20 01:15 - 2010-06-29 13:22 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-01-20 01:15 - 2010-06-29 13:22 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2015-01-20 01:15 - 2010-06-29 13:19 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-20 01:15 - 2010-04-23 10:57 - 00000000 ____D () C:\Program Files\Microsoft Office Suite Activation Assistant
2015-01-20 01:15 - 2010-04-23 10:52 - 00000000 ____D () C:\Program Files\Intel
2015-01-20 01:15 - 2010-04-23 10:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-20 01:15 - 2010-04-23 10:51 - 00000000 ____D () C:\Program Files\HotKey
2015-01-20 01:14 - 2014-11-11 21:14 - 00000000 ____D () C:\Program Files\GUM1317.tmp
2015-01-20 01:14 - 2014-08-02 11:53 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-20 01:14 - 2014-07-04 23:22 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-01-20 01:14 - 2013-10-25 08:43 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-20 01:14 - 2011-06-21 21:14 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-20 01:14 - 2011-01-12 22:48 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2015-01-20 01:14 - 2010-07-01 21:43 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2015-01-20 01:14 - 2010-07-01 21:42 - 00000000 ____D () C:\Program Files\DIFX
2015-01-20 01:14 - 2010-06-29 13:32 - 00000000 ____D () C:\Program Files\F-Secure
2015-01-20 01:14 - 2010-04-23 10:56 - 00000000 ____D () C:\Program Files\ASIX Electronics Corporation
2015-01-20 01:14 - 2010-04-23 10:55 - 00000000 ____D () C:\Program Files\CSR
2015-01-20 01:14 - 2010-04-23 10:54 - 00000000 ____D () C:\Program Files\Atheros
2015-01-20 01:14 - 2010-04-23 10:51 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-01-20 01:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-20 01:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-20 01:13 - 2011-06-21 21:14 - 00000000 ____D () C:\Program Files\Adobe
2015-01-20 01:13 - 2010-08-30 14:53 - 00000000 ____D () C:\Program Files\Alwil Software
2015-01-20 01:04 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 00:56 - 2009-07-14 05:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-20 00:56 - 2009-07-14 05:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-01-20 00:14 - 2010-06-30 04:00 - 01702239 _____ () C:\Windows\WindowsUpdate (1).log
2015-01-19 23:01 - 2011-02-28 23:45 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-19 22:59 - 2010-08-30 14:54 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-08 09:55 - 2010-06-29 14:33 - 00249488 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 20:31 - 2014-11-11 22:09 - 00044846 _____ () C:\Windows\IE11_main.log
2015-01-05 21:24 - 2013-08-12 20:00 - 00000000 ____D () C:\Windows\system32\MRT

==================== Files in the root of some directories =======

2014-11-11 21:14 - 2014-11-11 21:14 - 6000640 _____ () C:\Program Files\GUT1328.tmp
2014-11-11 21:13 - 2014-11-11 21:24 - 6000640 _____ () C:\Program Files\GUT8ECC.tmp
2015-01-25 22:47 - 2015-01-25 22:47 - 0008528 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.HTML
2015-01-25 22:47 - 2015-01-25 22:47 - 0045538 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-25 22:47 - 2015-01-25 22:47 - 0004204 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.TXT
2015-01-25 22:47 - 2015-01-25 22:47 - 0000272 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 22:45 - 2015-01-25 22:45 - 0008528 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.HTML
2015-01-25 22:45 - 2015-01-25 22:45 - 0045538 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.PNG
2015-01-25 22:45 - 2015-01-25 22:45 - 0004204 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.TXT
2015-01-25 22:45 - 2015-01-25 22:45 - 0000272 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.URL
2015-01-22 20:28 - 2015-01-22 20:28 - 0000000 _____ () C:\ProgramData\HDPSetting.ini
2015-01-25 22:44 - 2015-01-25 22:44 - 0008528 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-01-25 22:44 - 2015-01-25 22:44 - 0045538 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-01-25 22:44 - 2015-01-25 22:44 - 0004204 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-01-25 22:44 - 2015-01-25 22:44 - 0000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-25 22:42 - 2015-01-25 22:42 - 0000017 _____ () C:\ProgramData\systemskey.ini

Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\NEventMessages.dll
C:\Users\****\AppData\Local\Temp\Quarantine.exe
C:\Users\****\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-27 01:50

==================== End Of Log ============================
--- --- ---



Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2015
Ran by **** at 2015-02-01 08:17:38
Running from C:\Users\****\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Atheros 802.11 bgn Network Adapter (HKLM\...\InstallShield_{06A6143C-0703-4946-9E20-355F306ADF11}) (Version: 1.0.0.0 - Atheros)
Atheros 802.11 bgn Network Adapter (Version: 1.0.0.0 - Atheros) Hidden
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
AX88772A & AX88772 Windows 7 Drivers (HKLM\...\InstallShield_{620DA0EB-574D-45B5-B3E9-B85AECA41D59}) (Version: 1.0.0.0 - ASIX Electronics Corporation)
AX88772A & AX88772 Windows 7 Drivers (Version: 1.0.0.0 - ASIX Electronics Corporation) Hidden
Bluetooth Feature Pack 5.0 (HKLM\...\{0439D13F-C7CD-458A-90DE-44135CBD40B8}) (Version: 5.0.12 - CSR Plc.)
Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version: 2.0.2.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Google Chrome (HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Hard Disk Protection (HKLM\...\InstallShield_{08188833-CF3E-4067-B884-6049B0A38A35}) (Version: 1.0.0.18C - Nokia)
Hard Disk Protection (Version: 1.0.0.18C - Nokia) Hidden
Hotkey Utility (HKLM\...\InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}) (Version: 1.0.0.21C - Nokia)
Hotkey Utility (Version: 1.0.0.21C - Nokia) Hidden
Intel(R) Graphics Media Accelerator 500 (HKLM\...\LPCO) (Version:  -  Intel Corporation)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (HKLM\...\{9E871D09-064D-3BC9-963B-3AB8ABE1273D}) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{4903D172-DCCB-392F-93A3-34CA9D47FE3D}) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Miniprogramm zum Abrufen von Nokia Ovi Suite (HKLM\...\{3A519502-3354-4290-A852-7A1835BA678F}) (Version: 1.0.45 - Nokia)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Booklet Software Updater (HKLM\...\{8C7AC9E7-A635-4C73-B360-FE6AE4E8DD93}) (Version: 1.1.100 - Nokia)
Nokia Connectivity Cable Driver (HKLM\...\{F1FDAA01-988C-423F-AC12-0D8F333943FD}) (Version: 7.1.31.0 - Nokia)
Nokia Ovi Suite (HKLM\...\Nokia Ovi Suite) (Version: 2.2.0.245 - Nokia)
Nokia Ovi Suite (Version: 2.2.0.245 - Nokia) Hidden
Nokia Ovi Suite Software Updater (HKLM\...\{A0D65C73-F2C5-432F-8788-90F8A2E99B98}) (Version: 02.05.002.42441 - Nokia Corporation)
Nokia Social Hub (HKLM\...\{F4A31D1A-8ABB-4977-848E-26F76F5212B0}) (Version: 1.0.585 - Nokia)
Option WWAN Driver 5.1.37.0 Installer  (HKLM\...\{884BB5CC-108E-41a9-936D-955C999C06A1}_x) (Version: 3.5.1.1140 - Option NV)
Option WWAN Driver 5.1.37.0 Installer (Version: 3.5.1.1140 - Option NV) Hidden
Ovi Desktop Sync Engine (Version: 1.4.78.0 - Nokia) Hidden
Ovi Maps Gadget (HKLM\...\{698A3082-B4AF-4113-8068-79C868C4B0C9}) (Version: 1.0.13867 - Nokia)
OviMPlatform (Version: 2.6.195.0 - Nokia) Hidden
PC Connectivity Solution (HKLM\...\{29F563F4-8807-4496-8463-441EAA0E96AB}) (Version: 10.26.0.0 - Nokia)
Power Management (HKLM\...\InstallShield_{C36E5EC0-A87E-4994-844B-1DE75ED22BD8}) (Version: 1.0.0.18C - Nokia)
Power Management (Version: 1.0.0.18C - Nokia) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5999 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoamingHelperSetup (HKLM\...\{C358D274-1BA4-4F57-95C4-4669AE126B99}) (Version: 1.0.0 - Option)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.3.0 - Synaptics Incorporated)
Tap to wake up (HKLM\...\InstallShield_{0B23E38B-F4D8-44A9-A3D3-95020D35D8C9}) (Version: 1.0.0.19C - Nokia)
Tap to wake up (Version: 1.0.0.19C - Nokia) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Utility Common Driver (Version: 1.77.0.2C - NOKIA) Hidden
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\browser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\****\AppData\Local\Google\Chrome\Application\40.0.2214.94\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)

==================== Restore Points  =========================

28-01-2015 23:16:46 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-01-29 01:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3201A1B4-6C25-46D5-BC40-232F14D989FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-21] (Google Inc.)
Task: {773C2256-6E9D-4A26-B6A8-2B2B69FDB1FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {7E476722-6C80-4EA0-8B46-48B6F562E67C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000Core => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {A320242A-44DE-4938-A0A7-6476C923136C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000UA => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {A6B2DB9E-6523-460F-A1F1-6F1C15D943E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {DF4F6C72-D05F-409D-BB27-9014CFBBC242} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-21] (Google Inc.)
Task: {E3457BE7-F260-4266-BE08-4DEE4761FA99} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {E43D2EF0-0F74-4346-B530-03932149ADAF} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-01-01] (AVAST Software)
Task: {E7CE1F64-F0B0-4581-96EE-3E2882FEF1E6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F762FFD0-B96E-4EB6-933D-A91579976F09} - System32\Tasks\Nokia\Booklet software updater\Check for updates => NBSUTool.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000Core.job => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000UA.job => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-01-29 21:58 - 2015-01-29 21:58 - 02913280 _____ () C:\Program Files\Alwil Software\Avast5\defs\15012901\algo.dll
2015-01-01 16:04 - 2015-01-01 16:04 - 02151544 _____ () C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxVMM.dll
2015-01-01 16:03 - 2015-01-01 16:03 - 00021488 _____ () C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxREM.dll
2015-01-01 16:03 - 2015-01-01 16:03 - 04474224 _____ () C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxRT.dll
2015-01-31 22:37 - 2015-01-31 22:37 - 02913280 _____ () C:\Program Files\Alwil Software\Avast5\defs\15013101\algo.dll
2010-04-23 10:56 - 2009-12-24 19:13 - 00180224 _____ () C:\WINDOWS\system32\HDPSrv.exe
2010-04-23 10:51 - 2010-04-23 10:51 - 00011776 _____ () C:\Windows\system32\PrLdrSrv.exe
2015-01-01 16:03 - 2015-01-01 16:03 - 00317632 _____ () C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxDDU.dll
2015-01-25 22:43 - 2015-01-25 22:43 - 01305088 _____ () C:\Users\****\AppData\Local\Abworks\lnkdovrphy.dll
2010-04-23 10:51 - 2010-04-23 10:51 - 00024576 _____ () C:\Windows\system32\EKECioCtl.dll
2010-07-13 00:01 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2015-01-01 16:06 - 2015-01-01 16:06 - 38562088 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2010-04-23 10:56 - 2009-12-24 19:13 - 00180224 _____ () C:\Windows\System32\HDPSrv.exe
2010-04-21 12:39 - 2010-04-21 12:39 - 02145792 _____ () C:\Program Files\Nokia\Nokia Social Hub\QtCore4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 07983616 _____ () C:\Program Files\Nokia\Nokia Social Hub\QtGui4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00335360 _____ () C:\Program Files\Nokia\Nokia Social Hub\QtXml4.dll
2010-04-21 12:38 - 2010-04-21 12:38 - 00925184 _____ () C:\Program Files\Nokia\Nokia Social Hub\QtNetwork4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00187904 _____ () C:\Program Files\Nokia\Nokia Social Hub\QtSql4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00022528 _____ () C:\Program Files\Nokia\Nokia Social Hub\imageformats\qgif4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00027648 _____ () C:\Program Files\Nokia\Nokia Social Hub\imageformats\qico4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00119808 _____ () C:\Program Files\Nokia\Nokia Social Hub\imageformats\qjpeg4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00220672 _____ () C:\Program Files\Nokia\Nokia Social Hub\imageformats\qmng4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00278528 _____ () C:\Program Files\Nokia\Nokia Social Hub\imageformats\qtiff4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00417792 _____ () C:\Program Files\Nokia\Nokia Social Hub\sqldrivers\qsqlite4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3075977200-4285461987-214124539-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-3075977200-4285461987-214124539-501 - Limited - Disabled)
**** (S-1-5-21-3075977200-4285461987-214124539-1000 - Administrator - Enabled) => C:\Users\****

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2015 08:18:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/01/2015 08:11:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/01/2015 08:06:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/01/2015 08:01:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/01/2015 07:41:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/01/2015 07:36:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/01/2015 07:31:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/01/2015 07:11:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/01/2015 07:06:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/01/2015 07:01:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong


System errors:
=============
Error: (01/31/2015 10:37:15 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (01/31/2015 04:18:33 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (01/31/2015 04:16:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (01/31/2015 04:16:18 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (01/30/2015 00:32:09 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (01/30/2015 00:27:09 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (01/30/2015 00:27:05 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (01/30/2015 00:27:03 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (01/30/2015 00:27:01 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (01/30/2015 00:25:21 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14


Microsoft Office Sessions:
=========================

Bin ja gespannt was Du mit diesen Logs alles herausfindest. Im Online Check sind ja jedemenge Bedrohungen gefunden worden.

schrauber 01.02.2015 11:18
Java und Adobe updaten. Im folgenden Fix bitte nochmal alle **** durch den korrekten Namen ersetzen, sonst funktioniert der Fix nicht.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\$RECYCLE.BIN

C:\$WINDOWS.~Q\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\Administrator\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\Administrator\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\****\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\****\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\****\AppData\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\****\AppData\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Device Metadata\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Device Metadata\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.TXT

C:\ba9291bd3e00e1ed1c0cb9
C:\ProgramData\HELP_DECRYPT.HTML

C:\ProgramData\HELP_DECRYPT.TXT

C:\ProgramData\Microsoft\HELP_DECRYPT.HTML

C:\ProgramData\Microsoft\HELP_DECRYPT.TXT

C:\ProgramData\Microsoft\RAC\HELP_DECRYPT.HTML

C:\ProgramData\Microsoft\RAC\HELP_DECRYPT.TXT

C:\ProgramData\Microsoft\RAC\PublishedData\HELP_DECRYPT.HTML

C:\ProgramData\Microsoft\RAC\PublishedData\HELP_DECRYPT.TXT

C:\ProgramData\Microsoft\RAC\StateData\HELP_DECRYPT.HTML

C:\ProgramData\Microsoft\RAC\StateData\HELP_DECRYPT.TXT

C:\ProgramData\NokiaInstallerCache\HELP_DECRYPT.HTML

C:\ProgramData\NokiaInstallerCache\HELP_DECRYPT.TXT

C:\ProgramData\NokiaInstallerCache\PackageCache\HELP_DECRYPT.HTML

C:\ProgramData\NokiaInstallerCache\PackageCache\HELP_DECRYPT.TXT

C:\ProgramData\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\HELP_DECRYPT.HTML

C:\ProgramData\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\HELP_DECRYPT.TXT

C:\ProgramData\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\Language\HELP_DECRYPT.HTML

C:\ProgramData\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\Language\HELP_DECRYPT.TXT

C:\ProgramData\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\HELP_DECRYPT.HTML

C:\ProgramData\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\HELP_DECRYPT.TXT

C:\ProgramData\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\Language\HELP_DECRYPT.HTML

C:\ProgramData\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\Language\HELP_DECRYPT.TXT

C:\ProgramData\NokiaInstallerCache\ProductCache\HELP_DECRYPT.HTML

C:\ProgramData\NokiaInstallerCache\ProductCache\HELP_DECRYPT.TXT

C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\HELP_DECRYPT.HTML

C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\HELP_DECRYPT.TXT

C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\HELP_DECRYPT.HTML

C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\HELP_DECRYPT.TXT

C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\Teasers\HELP_DECRYPT.HTML

C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\Teasers\HELP_DECRYPT.TXT

C:\RegBackup\HELP_DECRYPT.HTML

C:\RegBackup\HELP_DECRYPT.TXT

C:\RegBackup\****-BOOKLET\HELP_DECRYPT.HTML

C:\RegBackup\****-BOOKLET\HELP_DECRYPT.TXT

C:\RegBackup\****-BOOKLET\10.01.2015_02.18.31\HELP_DECRYPT.HTML

C:\RegBackup\****-BOOKLET\10.01.2015_02.18.31\HELP_DECRYPT.TXT

C:\RegBackup\****-BOOKLET\10.01.2015_02.20.09\HELP_DECRYPT.HTML

C:\RegBackup\****-BOOKLET\10.01.2015_02.20.09\HELP_DECRYPT.TXT

C:\Users\HELP_DECRYPT.HTML

C:\Users\HELP_DECRYPT.TXT

C:\Users\Administrator\HELP_DECRYPT.HTML

C:\Users\Administrator\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Local\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Local\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Local\Apple\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Local\Apple\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Local\Apple\Bonjour\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Local\Apple\Bonjour\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Local\Microsoft\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Local\Microsoft\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\old\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\old\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Roaming\AVAST Software\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Roaming\AVAST Software\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.TXT

C:\Users\All Users\HELP_DECRYPT.HTML

C:\Users\All Users\HELP_DECRYPT.TXT

C:\Users\All Users\Microsoft\HELP_DECRYPT.HTML

C:\Users\All Users\Microsoft\HELP_DECRYPT.TXT

C:\Users\All Users\Microsoft\RAC\HELP_DECRYPT.HTML

C:\Users\All Users\Microsoft\RAC\HELP_DECRYPT.TXT

C:\Users\All Users\Microsoft\RAC\PublishedData\HELP_DECRYPT.HTML

C:\Users\All Users\Microsoft\RAC\PublishedData\HELP_DECRYPT.TXT

C:\Users\All Users\Microsoft\RAC\StateData\HELP_DECRYPT.HTML

C:\Users\All Users\Microsoft\RAC\StateData\HELP_DECRYPT.TXT

C:\Users\All Users\NokiaInstallerCache\HELP_DECRYPT.HTML

C:\Users\All Users\NokiaInstallerCache\HELP_DECRYPT.TXT

C:\Users\All Users\NokiaInstallerCache\PackageCache\HELP_DECRYPT.HTML

C:\Users\All Users\NokiaInstallerCache\PackageCache\HELP_DECRYPT.TXT

C:\Users\All Users\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\HELP_DECRYPT.HTML

C:\Users\All Users\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\HELP_DECRYPT.TXT

C:\Users\All Users\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\Language\HELP_DECRYPT.HTML

C:\Users\All Users\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\Language\HELP_DECRYPT.TXT

C:\Users\All Users\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\HELP_DECRYPT.HTML

C:\Users\All Users\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\HELP_DECRYPT.TXT

C:\Users\All Users\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\Language\HELP_DECRYPT.HTML

C:\Users\All Users\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\Language\HELP_DECRYPT.TXT

C:\Users\All Users\NokiaInstallerCache\ProductCache\HELP_DECRYPT.HTML

C:\Users\All Users\NokiaInstallerCache\ProductCache\HELP_DECRYPT.TXT

C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\HELP_DECRYPT.HTML

C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\HELP_DECRYPT.TXT

C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\HELP_DECRYPT.HTML

C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\HELP_DECRYPT.TXT

C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\Teasers\HELP_DECRYPT.HTML

C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\Teasers\HELP_DECRYPT.TXT

C:\Users\Default\HELP_DECRYPT.HTML

C:\Users\Default\HELP_DECRYPT.TXT

C:\Users\Default\AppData\HELP_DECRYPT.HTML

C:\Users\Default\AppData\HELP_DECRYPT.TXT

C:\Users\Default\AppData\Roaming\HELP_DECRYPT.HTML

C:\Users\Default\AppData\Roaming\HELP_DECRYPT.TXT

C:\Users\Default\AppData\Roaming\AVAST Software\HELP_DECRYPT.HTML

C:\Users\Default\AppData\Roaming\AVAST Software\HELP_DECRYPT.TXT

C:\Users\Default\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.HTML

C:\Users\Default\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.TXT

C:\Users\****\HELP_DECRYPT.HTML

C:\Users\****\HELP_DECRYPT.TXT

C:\Users\****\AppData\HELP_DECRYPT.HTML

C:\Users\****\AppData\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Abworks\lnkdovrphy.dll

C:\Users\****\AppData\Local\Apple\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Apple\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Apple\Bonjour\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Apple\Bonjour\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Google\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Google\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Google\Chrome\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Google\Chrome\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Google\Chrome\Application\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Google\Chrome\Application\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Google\Chrome\User Data\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Google\Chrome\User Data\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\databases\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\databases\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Sync Data\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Sync Data\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Microsoft\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Microsoft\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Microsoft\Media Player\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Microsoft\Media Player\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Microsoft\Media Player\Grafikcache\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Microsoft\Media Player\Grafikcache\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Microsoft\Media Player\Grafikcache\LocalMLS\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Microsoft\Media Player\Grafikcache\LocalMLS\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Mozilla\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Mozilla\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Mozilla\Firefox\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Mozilla\Firefox\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Nokia\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Nokia\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Nokia\Nokia Data Store\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Nokia\Nokia Data Store\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Deleted\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Deleted\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Deleted\DataBase\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Deleted\DataBase\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Thumbnail\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Thumbnail\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Thumbnail\DataBase\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Thumbnail\DataBase\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Adobe\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Adobe\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Adobe\Acrobat\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Adobe\Acrobat\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Adobe\Acrobat\10.0\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Adobe\Acrobat\10.0\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Microsoft\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Microsoft\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\1\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\1\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Sun\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Sun\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Sun\Java\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Sun\Java\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\26\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\26\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Adobe\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Adobe\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Adobe\Flash Player\AssetCache\QGZYG4D8\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Adobe\Flash Player\AssetCache\QGZYG4D8\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\AVAST Software\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\AVAST Software\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Microsoft\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Microsoft\Document Building Blocks\1031\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Microsoft\Document Building Blocks\1031\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Microsoft\Templates\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Microsoft\Templates\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Mozilla\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Mozilla\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Mozilla\Firefox\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Mozilla\Firefox\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\PC Suite\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\PC Suite\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\PC Suite\359345035684709\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\PC Suite\359345035684709\HELP_DECRYPT.TXT

C:\Users\****\GDesk\HELP_DECRYPT.HTML

C:\Users\****\GDesk\HELP_DECRYPT.TXT

C:\Users\****\GDesk\signsis_files\HELP_DECRYPT.HTML

C:\Users\****\GDesk\signsis_files\HELP_DECRYPT.TXT

C:\Users\****\Videos\HELP_DECRYPT.HTML

C:\Users\****\Videos\HELP_DECRYPT.TXT
C:\Users\****\AppData\Local\Abworks
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [Abworks] => regsvr32.exe C:\Users\****\AppData\Local\Abworks\lnkdovrphy.dll <===== ATTENTION
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [C5FF2788] => C:\Users\****\AppData\Roaming\C5FF2788\bin.exe
C:\Users\****\AppData\Roaming\C5FF2788
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AA132380-4875-4E1D-99ED-7B7AC0780F88}: [NameServer] 195.186.216.33 195.186.152.33
R2 RoamingHelper; C:\Program Files\Option\RoamingHelperSetup\RoamingHelper.exe [19968 2010-04-02] (Option International) [File not signed]
C:\Program Files\Option
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Frisches FRST log bitte.

schuemli 01.02.2015 14:05
Java update erledigt
Adobe gab's nichts zum updaten (Reader Version 10.1.13)

Folgend das Fixlog:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-02-2015
Ran by **** at 2015-02-01 13:44:28 Run:2
Running from C:\Users\****\Downloads
Loaded Profiles: **** (Available profiles: **** & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\$RECYCLE.BIN

C:\$WINDOWS.~Q\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\Administrator\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\Administrator\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\****\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\****\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\****\AppData\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\****\AppData\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Device Metadata\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Device Metadata\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.TXT

C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.HTML

C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.TXT

C:\ba9291bd3e00e1ed1c0cb9
C:\ProgramData\HELP_DECRYPT.HTML

C:\ProgramData\HELP_DECRYPT.TXT

C:\ProgramData\Microsoft\HELP_DECRYPT.HTML

C:\ProgramData\Microsoft\HELP_DECRYPT.TXT

C:\ProgramData\Microsoft\RAC\HELP_DECRYPT.HTML

C:\ProgramData\Microsoft\RAC\HELP_DECRYPT.TXT

C:\ProgramData\Microsoft\RAC\PublishedData\HELP_DECRYPT.HTML

C:\ProgramData\Microsoft\RAC\PublishedData\HELP_DECRYPT.TXT

C:\ProgramData\Microsoft\RAC\StateData\HELP_DECRYPT.HTML

C:\ProgramData\Microsoft\RAC\StateData\HELP_DECRYPT.TXT

C:\ProgramData\NokiaInstallerCache\HELP_DECRYPT.HTML

C:\ProgramData\NokiaInstallerCache\HELP_DECRYPT.TXT

C:\ProgramData\NokiaInstallerCache\PackageCache\HELP_DECRYPT.HTML

C:\ProgramData\NokiaInstallerCache\PackageCache\HELP_DECRYPT.TXT

C:\ProgramData\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\HELP_DECRYPT.HTML

C:\ProgramData\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\HELP_DECRYPT.TXT

C:\ProgramData\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\Language\HELP_DECRYPT.HTML

C:\ProgramData\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\Language\HELP_DECRYPT.TXT

C:\ProgramData\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\HELP_DECRYPT.HTML

C:\ProgramData\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\HELP_DECRYPT.TXT

C:\ProgramData\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\Language\HELP_DECRYPT.HTML

C:\ProgramData\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\Language\HELP_DECRYPT.TXT

C:\ProgramData\NokiaInstallerCache\ProductCache\HELP_DECRYPT.HTML

C:\ProgramData\NokiaInstallerCache\ProductCache\HELP_DECRYPT.TXT

C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\HELP_DECRYPT.HTML

C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\HELP_DECRYPT.TXT

C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\HELP_DECRYPT.HTML

C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\HELP_DECRYPT.TXT

C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\Teasers\HELP_DECRYPT.HTML

C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\Teasers\HELP_DECRYPT.TXT

C:\RegBackup\HELP_DECRYPT.HTML

C:\RegBackup\HELP_DECRYPT.TXT

C:\RegBackup\****-BOOKLET\HELP_DECRYPT.HTML

C:\RegBackup\****-BOOKLET\HELP_DECRYPT.TXT

C:\RegBackup\****-BOOKLET\10.01.2015_02.18.31\HELP_DECRYPT.HTML

C:\RegBackup\****-BOOKLET\10.01.2015_02.18.31\HELP_DECRYPT.TXT

C:\RegBackup\****-BOOKLET\10.01.2015_02.20.09\HELP_DECRYPT.HTML

C:\RegBackup\****-BOOKLET\10.01.2015_02.20.09\HELP_DECRYPT.TXT

C:\Users\HELP_DECRYPT.HTML

C:\Users\HELP_DECRYPT.TXT

C:\Users\Administrator\HELP_DECRYPT.HTML

C:\Users\Administrator\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Local\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Local\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Local\Apple\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Local\Apple\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Local\Apple\Bonjour\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Local\Apple\Bonjour\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Local\Microsoft\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Local\Microsoft\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\old\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\old\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Roaming\AVAST Software\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Roaming\AVAST Software\HELP_DECRYPT.TXT

C:\Users\Administrator\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.HTML

C:\Users\Administrator\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.TXT

C:\Users\All Users\HELP_DECRYPT.HTML

C:\Users\All Users\HELP_DECRYPT.TXT

C:\Users\All Users\Microsoft\HELP_DECRYPT.HTML

C:\Users\All Users\Microsoft\HELP_DECRYPT.TXT

C:\Users\All Users\Microsoft\RAC\HELP_DECRYPT.HTML

C:\Users\All Users\Microsoft\RAC\HELP_DECRYPT.TXT

C:\Users\All Users\Microsoft\RAC\PublishedData\HELP_DECRYPT.HTML

C:\Users\All Users\Microsoft\RAC\PublishedData\HELP_DECRYPT.TXT

C:\Users\All Users\Microsoft\RAC\StateData\HELP_DECRYPT.HTML

C:\Users\All Users\Microsoft\RAC\StateData\HELP_DECRYPT.TXT

C:\Users\All Users\NokiaInstallerCache\HELP_DECRYPT.HTML

C:\Users\All Users\NokiaInstallerCache\HELP_DECRYPT.TXT

C:\Users\All Users\NokiaInstallerCache\PackageCache\HELP_DECRYPT.HTML

C:\Users\All Users\NokiaInstallerCache\PackageCache\HELP_DECRYPT.TXT

C:\Users\All Users\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\HELP_DECRYPT.HTML

C:\Users\All Users\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\HELP_DECRYPT.TXT

C:\Users\All Users\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\Language\HELP_DECRYPT.HTML

C:\Users\All Users\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\Language\HELP_DECRYPT.TXT

C:\Users\All Users\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\HELP_DECRYPT.HTML

C:\Users\All Users\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\HELP_DECRYPT.TXT

C:\Users\All Users\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\Language\HELP_DECRYPT.HTML

C:\Users\All Users\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\Language\HELP_DECRYPT.TXT

C:\Users\All Users\NokiaInstallerCache\ProductCache\HELP_DECRYPT.HTML

C:\Users\All Users\NokiaInstallerCache\ProductCache\HELP_DECRYPT.TXT

C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\HELP_DECRYPT.HTML

C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\HELP_DECRYPT.TXT

C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\HELP_DECRYPT.HTML

C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\HELP_DECRYPT.TXT

C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\Teasers\HELP_DECRYPT.HTML

C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\Teasers\HELP_DECRYPT.TXT

C:\Users\Default\HELP_DECRYPT.HTML

C:\Users\Default\HELP_DECRYPT.TXT

C:\Users\Default\AppData\HELP_DECRYPT.HTML

C:\Users\Default\AppData\HELP_DECRYPT.TXT

C:\Users\Default\AppData\Roaming\HELP_DECRYPT.HTML

C:\Users\Default\AppData\Roaming\HELP_DECRYPT.TXT

C:\Users\Default\AppData\Roaming\AVAST Software\HELP_DECRYPT.HTML

C:\Users\Default\AppData\Roaming\AVAST Software\HELP_DECRYPT.TXT

C:\Users\Default\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.HTML

C:\Users\Default\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.TXT

C:\Users\****\HELP_DECRYPT.HTML

C:\Users\****\HELP_DECRYPT.TXT

C:\Users\****\AppData\HELP_DECRYPT.HTML

C:\Users\****\AppData\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Abworks\lnkdovrphy.dll

C:\Users\****\AppData\Local\Apple\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Apple\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Apple\Bonjour\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Apple\Bonjour\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Google\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Google\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Google\Chrome\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Google\Chrome\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Google\Chrome\Application\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Google\Chrome\Application\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Google\Chrome\User Data\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Google\Chrome\User Data\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\databases\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\databases\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Sync Data\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Sync Data\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Microsoft\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Microsoft\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Microsoft\Media Player\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Microsoft\Media Player\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Microsoft\Media Player\Grafikcache\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Microsoft\Media Player\Grafikcache\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Microsoft\Media Player\Grafikcache\LocalMLS\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Microsoft\Media Player\Grafikcache\LocalMLS\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Mozilla\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Mozilla\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Mozilla\Firefox\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Mozilla\Firefox\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Nokia\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Nokia\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Nokia\Nokia Data Store\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Nokia\Nokia Data Store\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Deleted\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Deleted\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Deleted\DataBase\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Deleted\DataBase\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Thumbnail\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Thumbnail\HELP_DECRYPT.TXT

C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Thumbnail\DataBase\HELP_DECRYPT.HTML

C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Thumbnail\DataBase\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Adobe\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Adobe\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Adobe\Acrobat\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Adobe\Acrobat\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Adobe\Acrobat\10.0\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Adobe\Acrobat\10.0\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Microsoft\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Microsoft\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\1\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\1\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Sun\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Sun\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Sun\Java\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Sun\Java\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\26\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\26\HELP_DECRYPT.TXT

C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.HTML

C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Adobe\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Adobe\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Adobe\Flash Player\AssetCache\QGZYG4D8\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Adobe\Flash Player\AssetCache\QGZYG4D8\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\AVAST Software\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\AVAST Software\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Microsoft\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Microsoft\Document Building Blocks\1031\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Microsoft\Document Building Blocks\1031\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Microsoft\Templates\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Microsoft\Templates\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Mozilla\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Mozilla\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Mozilla\Firefox\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Mozilla\Firefox\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\PC Suite\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\PC Suite\HELP_DECRYPT.TXT

C:\Users\****\AppData\Roaming\PC Suite\359345035684709\HELP_DECRYPT.HTML

C:\Users\****\AppData\Roaming\PC Suite\359345035684709\HELP_DECRYPT.TXT

C:\Users\****\GDesk\HELP_DECRYPT.HTML

C:\Users\****\GDesk\HELP_DECRYPT.TXT

C:\Users\****\GDesk\signsis_files\HELP_DECRYPT.HTML

C:\Users\****\GDesk\signsis_files\HELP_DECRYPT.TXT

C:\Users\****\Videos\HELP_DECRYPT.HTML

C:\Users\****\Videos\HELP_DECRYPT.TXT
C:\Users\****\AppData\Local\Abworks
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [Abworks] => regsvr32.exe C:\Users\****\AppData\Local\Abworks\lnkdovrphy.dll <===== ATTENTION
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [C5FF2788] => C:\Users\****\AppData\Roaming\C5FF2788\bin.exe
C:\Users\****\AppData\Roaming\C5FF2788
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AA132380-4875-4E1D-99ED-7B7AC0780F88}: [NameServer] 195.186.216.33 195.186.152.33
R2 RoamingHelper; C:\Program Files\Option\RoamingHelperSetup\RoamingHelper.exe [19968 2010-04-02] (Option International) [File not signed]
C:\Program Files\Option
Emptytemp:
*****************

C:\$RECYCLE.BIN => Moved successfully.
C:\$WINDOWS.~Q\HELP_DECRYPT.HTML => Moved successfully.
C:\$WINDOWS.~Q\HELP_DECRYPT.TXT => Moved successfully.
C:\$WINDOWS.~Q\DATA\HELP_DECRYPT.HTML => Moved successfully.
C:\$WINDOWS.~Q\DATA\HELP_DECRYPT.TXT => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\HELP_DECRYPT.HTML => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\HELP_DECRYPT.TXT => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\Administrator\HELP_DECRYPT.HTML => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\Administrator\HELP_DECRYPT.TXT => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\HELP_DECRYPT.HTML => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\HELP_DECRYPT.TXT => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\HELP_DECRYPT.TXT => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\HELP_DECRYPT.HTML => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\HELP_DECRYPT.TXT => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.HTML => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.TXT => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.HTML => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\Administrator\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.TXT => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\****\HELP_DECRYPT.HTML => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\****\HELP_DECRYPT.TXT => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\****\AppData\HELP_DECRYPT.HTML => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\****\AppData\HELP_DECRYPT.TXT => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\HELP_DECRYPT.TXT => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\HELP_DECRYPT.HTML => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\HELP_DECRYPT.TXT => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Device Metadata\HELP_DECRYPT.HTML => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Device Metadata\HELP_DECRYPT.TXT => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.HTML => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Windows Media\HELP_DECRYPT.TXT => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.HTML => Moved successfully.
C:\$WINDOWS.~Q\DATA\Users\****\AppData\Local\Microsoft\Windows Media\12.0\HELP_DECRYPT.TXT => Moved successfully.
C:\ba9291bd3e00e1ed1c0cb9 => Moved successfully.
C:\ProgramData\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\Microsoft\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\Microsoft\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\Microsoft\RAC\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\Microsoft\RAC\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\Microsoft\RAC\PublishedData\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\Microsoft\RAC\PublishedData\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\Microsoft\RAC\StateData\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\Microsoft\RAC\StateData\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\NokiaInstallerCache\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\NokiaInstallerCache\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\NokiaInstallerCache\PackageCache\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\NokiaInstallerCache\PackageCache\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\Language\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\Language\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\Language\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\Language\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\NokiaInstallerCache\ProductCache\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\NokiaInstallerCache\ProductCache\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\HELP_DECRYPT.TXT => Moved successfully.
C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\Teasers\HELP_DECRYPT.HTML => Moved successfully.
C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\Teasers\HELP_DECRYPT.TXT => Moved successfully.
C:\RegBackup\HELP_DECRYPT.HTML => Moved successfully.
C:\RegBackup\HELP_DECRYPT.TXT => Moved successfully.
C:\RegBackup\****-BOOKLET\HELP_DECRYPT.HTML => Moved successfully.
C:\RegBackup\****-BOOKLET\HELP_DECRYPT.TXT => Moved successfully.
C:\RegBackup\****-BOOKLET\10.01.2015_02.18.31\HELP_DECRYPT.HTML => Moved successfully.
C:\RegBackup\****-BOOKLET\10.01.2015_02.18.31\HELP_DECRYPT.TXT => Moved successfully.
C:\RegBackup\****-BOOKLET\10.01.2015_02.20.09\HELP_DECRYPT.HTML => Moved successfully.
C:\RegBackup\****-BOOKLET\10.01.2015_02.20.09\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrator\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrator\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrator\AppData\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrator\AppData\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrator\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrator\AppData\Local\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrator\AppData\Local\Apple\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrator\AppData\Local\Apple\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrator\AppData\Local\Apple\Bonjour\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrator\AppData\Local\Apple\Bonjour\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\old\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Backup\old\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrator\AppData\Roaming\AVAST Software\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrator\AppData\Roaming\AVAST Software\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Administrator\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Administrator\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.TXT => Moved successfully.
"C:\Users\All Users\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\All Users\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\All Users\Microsoft\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\All Users\Microsoft\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\All Users\Microsoft\RAC\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\All Users\Microsoft\RAC\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\All Users\Microsoft\RAC\PublishedData\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\All Users\Microsoft\RAC\PublishedData\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\All Users\Microsoft\RAC\StateData\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\All Users\Microsoft\RAC\StateData\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\All Users\NokiaInstallerCache\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\All Users\NokiaInstallerCache\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\All Users\NokiaInstallerCache\PackageCache\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\All Users\NokiaInstallerCache\PackageCache\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\All Users\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\All Users\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\All Users\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\Language\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\All Users\NokiaInstallerCache\PackageCache\{2D10FC46-1D96-44C4-8855-85F21B9B011E}\Language\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\All Users\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\All Users\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\All Users\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\Language\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\All Users\NokiaInstallerCache\PackageCache\{8070452B-15D6-4169-B9B9-FCC3B54588AD}\Language\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\All Users\NokiaInstallerCache\ProductCache\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\All Users\NokiaInstallerCache\ProductCache\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\HELP_DECRYPT.TXT" => File/Directory not found.
"C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\Teasers\HELP_DECRYPT.HTML" => File/Directory not found.
"C:\Users\All Users\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\Teasers\HELP_DECRYPT.TXT" => File/Directory not found.
C:\Users\Default\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Default\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Default\AppData\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Default\AppData\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Default\AppData\Roaming\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Default\AppData\Roaming\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Default\AppData\Roaming\AVAST Software\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Default\AppData\Roaming\AVAST Software\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\Default\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\Default\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Abworks\lnkdovrphy.dll => Moved successfully.
C:\Users\****\AppData\Local\Apple\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Apple\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Apple\Bonjour\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Apple\Bonjour\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Google\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Google\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Google\Chrome\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Google\Chrome\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Google\Chrome\Application\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Google\Chrome\Application\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Google\Chrome\User Data\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Google\Chrome\User Data\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\databases\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\databases\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Sync Data\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Sync Data\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Microsoft\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Microsoft\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Microsoft\Internet Explorer\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Microsoft\Media Player\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Microsoft\Media Player\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Microsoft\Media Player\Grafikcache\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Microsoft\Media Player\Grafikcache\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Microsoft\Media Player\Grafikcache\LocalMLS\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Microsoft\Media Player\Grafikcache\LocalMLS\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Microsoft\Windows Mail\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Microsoft\Windows Mail\Backup\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Microsoft\Windows Mail\Stationery\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Mozilla\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Mozilla\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Mozilla\Firefox\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Mozilla\Firefox\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Nokia\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Nokia\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Nokia\Nokia Data Store\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Nokia\Nokia Data Store\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Deleted\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Deleted\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Deleted\DataBase\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Deleted\DataBase\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Thumbnail\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Thumbnail\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Thumbnail\DataBase\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Local\Nokia\Nokia Data Store\Thumbnail\DataBase\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\LocalLow\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\LocalLow\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\LocalLow\Adobe\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\LocalLow\Adobe\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\LocalLow\Adobe\Acrobat\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\LocalLow\Adobe\Acrobat\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\LocalLow\Adobe\Acrobat\10.0\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\LocalLow\Adobe\Acrobat\10.0\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\LocalLow\Microsoft\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\LocalLow\Microsoft\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\1\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\1\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\LocalLow\Microsoft\OfficeStarter\1\http^3a^2f^2fads1.msn.com^2fads^2f95672\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\LocalLow\Sun\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\LocalLow\Sun\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\26\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\26\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Roaming\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Roaming\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Roaming\Adobe\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Roaming\Adobe\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Roaming\Adobe\Flash Player\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Roaming\Adobe\Flash Player\AssetCache\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Roaming\Adobe\Flash Player\AssetCache\QGZYG4D8\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Roaming\Adobe\Flash Player\AssetCache\QGZYG4D8\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Roaming\AVAST Software\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Roaming\AVAST Software\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Roaming\AVAST Software\Avast\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Roaming\Microsoft\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Roaming\Microsoft\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Roaming\Microsoft\Document Building Blocks\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Roaming\Microsoft\Document Building Blocks\1031\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Roaming\Microsoft\Document Building Blocks\1031\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Roaming\Microsoft\Templates\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Roaming\Microsoft\Templates\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Roaming\Mozilla\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Roaming\Mozilla\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Roaming\Mozilla\Firefox\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Roaming\Mozilla\Firefox\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Roaming\PC Suite\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Roaming\PC Suite\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Roaming\PC Suite\359345035684709\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\AppData\Roaming\PC Suite\359345035684709\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\GDesk\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\GDesk\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\GDesk\signsis_files\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\GDesk\signsis_files\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\Videos\HELP_DECRYPT.HTML => Moved successfully.
C:\Users\****\Videos\HELP_DECRYPT.TXT => Moved successfully.
C:\Users\****\AppData\Local\Abworks => Moved successfully.
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Abworks => value deleted successfully.
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\Software\Microsoft\Windows\CurrentVersion\Run\\C5FF2788 => value deleted successfully.
C:\Users\****\AppData\Roaming\C5FF2788 => Moved successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value deleted successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AA132380-4875-4E1D-99ED-7B7AC0780F88}\\NameServer => value deleted successfully.
RoamingHelper => Service stopped successfully.
RoamingHelper => Service deleted successfully.
C:\Program Files\Option => Moved successfully.
EmptyTemp: => Removed 15.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 13:45:13 ====
Nun noch das frischen Frst Log:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by **** (administrator) on ****-BOOKLET on 01-02-2015 13:53:01
Running from C:\Users\****\Downloads
Loaded Profiles: **** (Available profiles: **** & Administrator)
Platform: Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\HDPSrv.exe
() C:\Windows\System32\prldrsrv.exe
(COMPAL ELECTRONIC INC.) C:\Program Files\HotKey\CeEKey.exe
(Nokia) C:\Program Files\Power Management\NpwrMngr.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Windows\System32\HDPSrv.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Nokia) C:\Program Files\Nokia\Nokia Social Hub\Hub.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avast Software) C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Nokia\Nokia Booklet software updater\NBSUTool.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-09] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [5225064 2015-01-28] (AVAST Software)
HKLM\...\Run: [CeEKEY] => C:\Program Files\HotKey\CeEKey.exe [1607024 2010-04-06] (COMPAL ELECTRONIC INC.)
HKLM\...\Run: [ConMgr] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [504160 2009-09-10] (CSR, plc)
HKLM\...\Run: [CSRSkype] => C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [346464 2009-09-10] (CSR, plc)
HKLM\...\Run: [HDPSrv] => C:\Windows\system32\HDPSrv.exe [180224 2009-12-24] ()
HKLM\...\Run: [NokiaMServer] => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [NpwrMngr] => C:\Program Files\Power Management\NpwrMngr.exe [488816 2009-12-23] (Nokia)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Run: [Nokia Social Hub] => C:\Program Files\Nokia\Nokia Social Hub\Hub.exe [4941824 2010-04-21] (Nokia)
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3075977200-4285461987-214124539-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3075977200-4285461987-214124539-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?q={searchTerms}&form=NKATDF&pc=MANK&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3075977200-4285461987-214124539-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3075977200-4285461987-214124539-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.bluewin.ch
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3075977200-4285461987-214124539-1000: @tools.google.com/Google Update;version=3 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3075977200-4285461987-214124539-1000: @tools.google.com/Google Update;version=9 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Stealthy - C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se8418ap.default\Extensions\stealthyextension@gmail.com.xpi [2011-05-19]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-02-28]
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2010-07-01]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2010-07-01]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.bluewin.ch/"
CHR Plugin: (Shockwave Flash) - C:\Users\****\AppData\Local\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\****\AppData\Local\Google\Chrome\Application\40.0.2214.91\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\****\AppData\Local\Google\Chrome\Application\40.0.2214.91\pdf.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Google Update) - C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_287.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-25]
CHR Extension: (Google Wallet) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-25]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-01-01]
StartMenuInternet: Google Chrome.ENT2PAEKF5UFKJNFFNKFI6MGBA - C:\Users\****\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2015-01-01] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\Alwil Software\Avast5\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-01] (Avast Software)
R2 HDPSrv; C:\WINDOWS\system32\HDPSrv.exe [180224 2009-12-24] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 PrLdrSrv; C:\Windows\system32\PrLdrSrv.exe [11776 2010-04-23] () [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [615936 2010-06-14] (Nokia) [File not signed]
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [111488 2009-09-10] (CSR, plc)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-01] ()
R0 EMSC; C:\Windows\System32\DRIVERS\EvMngr.SYS [19824 2009-06-25] ()
R3 GTNDIS62; C:\Windows\System32\DRIVERS\Gtuhs62.sys [159744 2010-04-13] (Option N.V.)
R3 GTUHSBUS; C:\Windows\System32\DRIVERS\gtuhsbus.sys [151552 2010-03-12] (Option N.V.)
R3 GTUHSSER; C:\Windows\System32\DRIVERS\gtuhsser.sys [8064 2010-02-26] (Option N.V.)
R0 HDFilter; C:\Windows\System32\DRIVERS\HDFilter.sys [20848 2009-07-04] (COMPAL ELECTRONIC INC.)
R3 igd; C:\Windows\System32\DRIVERS\igdkmd32.sys [647904 2010-03-26] (Intel Corporation)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-03] (COMPAL ELECTRONIC INC.)
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [14848 2012-08-23] (Microsoft Corporation) [File not signed]
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [584872 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [197800 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [24232 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [20136 2013-06-26] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys [218192 2015-01-01] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\****\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 13:51 - 2015-02-01 13:51 - 00000199 _____ () C:\Windows\system32\2015-02-01-12-51-21.024-AvastVBoxSVC.exe-2052.log
2015-02-01 13:21 - 2015-02-01 13:21 - 00000199 _____ () C:\Windows\system32\2015-02-01-12-21-35.011-AvastVBoxSVC.exe-3224.log
2015-02-01 13:18 - 2015-02-01 13:19 - 00496824 _____ () C:\Windows\Minidump\020115-32682-01.dmp
2015-02-01 12:25 - 2015-02-01 12:25 - 00000000 ____D () C:\Windows\Sun
2015-02-01 12:24 - 2015-02-01 12:24 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-02-01 12:23 - 2015-02-01 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-01 12:23 - 2015-02-01 12:22 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-02-01 08:17 - 2015-02-01 08:19 - 00023156 _____ () C:\Users\****\Downloads\Addition.txt
2015-02-01 08:15 - 2015-02-01 13:54 - 00015069 _____ () C:\Users\****\Downloads\FRST.txt
2015-02-01 08:13 - 2015-02-01 08:13 - 00001219 _____ () C:\Users\****\Desktop\checkup.txt
2015-02-01 08:05 - 2015-02-01 08:05 - 00852573 _____ () C:\Users\****\Desktop\SecurityCheck.exe
2015-01-30 12:16 - 2015-01-30 12:16 - 00000348 _____ () C:\Lokaler Datenträger (Q) - Verknüpfung.lnk
2015-01-30 11:51 - 2015-01-30 11:51 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 11:50 - 2015-01-30 11:51 - 01707939 _____ (Thisisu) C:\Users\****\Downloads\JRT.exe
2015-01-30 11:36 - 2015-01-30 11:36 - 00000199 _____ () C:\Windows\system32\2015-01-30-10-36-05.047-AvastVBoxSVC.exe-3172.log
2015-01-30 11:14 - 2015-01-30 11:31 - 00000000 ____D () C:\AdwCleaner
2015-01-30 11:06 - 2015-01-30 11:07 - 02194432 _____ () C:\Users\****\Downloads\AdwCleaner_4.109.exe
2015-01-30 10:50 - 2015-01-30 10:50 - 00000199 _____ () C:\Windows\system32\2015-01-30-09-50-36.060-AvastVBoxSVC.exe-5652.log
2015-01-30 10:01 - 2015-01-30 11:02 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 10:01 - 2015-01-30 10:01 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-30 10:01 - 2015-01-30 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-30 10:01 - 2015-01-30 10:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-30 10:01 - 2015-01-30 10:01 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-30 10:01 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-30 10:01 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-30 10:01 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-30 09:56 - 2015-01-30 09:58 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\****\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-30 08:18 - 2015-01-30 08:18 - 00000199 _____ () C:\Windows\system32\2015-01-30-07-18-42.047-AvastVBoxSVC.exe-3212.log
2015-01-29 22:12 - 2015-01-29 22:12 - 00000199 _____ () C:\Windows\system32\2015-01-29-21-12-23.046-AvastVBoxSVC.exe-3172.log
2015-01-29 01:38 - 2015-01-29 01:38 - 00000249 _____ () C:\Windows\system32\2015-01-29-00-38-24.051-aswFe.exe-15716.log
2015-01-29 01:27 - 2015-01-29 01:38 - 00000249 _____ () C:\Windows\system32\2015-01-29-00-27-23.045-aswFe.exe-13928.log
2015-01-29 01:27 - 2015-01-29 01:27 - 00000199 _____ () C:\Windows\system32\2015-01-29-00-27-10.036-AvastVBoxSVC.exe-9804.log
2015-01-29 01:20 - 2015-01-29 01:20 - 00000199 _____ () C:\Windows\system32\2015-01-29-00-20-07.005-AvastVBoxSVC.exe-7036.log
2015-01-29 01:12 - 2015-01-29 22:58 - 00014349 _____ () C:\ComboFix.txt
2015-01-28 23:54 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-28 23:54 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-28 23:54 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-28 23:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-28 23:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-28 23:54 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-28 23:54 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-28 23:54 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-28 23:53 - 2015-01-29 01:13 - 00000000 ____D () C:\Qoobox
2015-01-28 23:50 - 2015-01-28 23:41 - 05610841 ____R (Swearware) C:\Users\****\Downloads\ComboFix.exe
2015-01-28 23:41 - 2015-01-29 01:06 - 00000000 ____D () C:\Windows\erdnt
2015-01-28 23:21 - 2015-01-28 23:21 - 00002138 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-28 23:21 - 2015-01-28 23:21 - 00000199 _____ () C:\Windows\system32\2015-01-28-22-21-41.095-AvastVBoxSVC.exe-6008.log
2015-01-28 23:21 - 2015-01-28 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-28 23:19 - 2015-01-01 16:07 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-28 23:03 - 2014-11-07 16:35 - 132469808 _____ (AVAST Software) C:\Users\****\Downloads\avast_free_antivirus_setup.exe
2015-01-27 23:09 - 2015-02-01 08:15 - 00000000 ____D () C:\Users\****\Downloads\FRST-OlderVersion
2015-01-27 22:52 - 2015-01-29 22:11 - 00000000 ___HD () C:\Users\****\AppData\Roaming\C9F068BE
2015-01-27 00:56 - 2015-02-01 13:18 - 137826197 _____ () C:\Windows\MEMORY.DMP
2015-01-27 00:56 - 2015-02-01 13:18 - 00000000 ____D () C:\Windows\Minidump
2015-01-27 00:56 - 2015-01-27 00:56 - 00510968 _____ () C:\Windows\Minidump\012715-35568-01.dmp
2015-01-26 21:05 - 2015-01-26 21:11 - 00000000 ____D () C:\Users\****\AppData\Roaming\Local Store
2015-01-25 23:42 - 2015-01-27 23:18 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-25 23:18 - 2015-01-28 22:07 - 00000000 ____D () C:\Users\****\AppData\Roaming\Bihy
2015-01-25 22:59 - 2015-01-25 22:59 - 00000272 _____ () C:\Users\****\HELP_DECRYPT.URL
2015-01-25 22:59 - 2015-01-25 22:59 - 00000272 _____ () C:\Users\HELP_DECRYPT.URL
2015-01-25 22:47 - 2015-01-25 22:47 - 00000272 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 22:47 - 2015-01-25 22:47 - 00000272 _____ () C:\Users\****\AppData\HELP_DECRYPT.URL
2015-01-25 22:45 - 2015-01-25 22:45 - 00000272 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Default\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Default\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Default\AppData\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Default User\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Default User\AppData\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Administrator\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\Users\Administrator\AppData\HELP_DECRYPT.URL
2015-01-25 22:44 - 2015-01-25 22:44 - 00000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-25 22:43 - 2015-01-29 22:11 - 00000000 ____D () C:\Users\****\AppData\Local\Ihsoft
2015-01-25 22:42 - 2015-01-25 22:42 - 00000416 _____ () C:\Windows\BRWMARK.INI
2015-01-25 22:42 - 2015-01-25 22:42 - 00000034 _____ () C:\Windows\system32\BD5280DW.DAT
2015-01-25 22:42 - 2015-01-25 22:42 - 00000017 _____ () C:\ProgramData\systemskey.ini
2015-01-25 22:06 - 2015-01-29 07:02 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-01-25 20:53 - 2015-01-25 20:53 - 00000491 _____ () C:\Users\****\Downloads\gmer log 25.01.15.log
2015-01-23 21:09 - 2015-01-23 21:09 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-23 21:08 - 2015-02-01 13:19 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000UA.job
2015-01-23 21:08 - 2015-01-31 22:47 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000Core.job
2015-01-23 21:07 - 2015-01-23 21:12 - 00000000 ____D () C:\Users\****\AppData\Local\500950
2015-01-23 21:07 - 2015-01-23 21:07 - 35763832 _____ (Google Inc.) C:\Users\****\Downloads\google-chrome.exe
2015-01-23 20:45 - 2015-01-23 20:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-22 22:32 - 2015-02-01 13:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apple
2015-01-22 22:31 - 2015-01-22 22:31 - 00001419 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-22 22:30 - 2015-01-22 22:30 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2015-01-22 22:16 - 2015-01-22 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
2015-01-22 22:15 - 2015-01-22 22:31 - 00000000 ____D () C:\Program Files\Bonjour Print Services
2015-01-22 22:14 - 2015-02-01 13:44 - 00000000 ____D () C:\Users\****\AppData\Local\Apple
2015-01-22 22:14 - 2015-01-22 22:14 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-22 22:14 - 2015-01-22 22:14 - 00000000 ____D () C:\Program Files\Apple Software Update
2015-01-22 22:13 - 2015-01-22 22:13 - 00000000 ____D () C:\ProgramData\Apple
2015-01-22 22:13 - 2015-01-22 22:13 - 00000000 ____D () C:\Program Files\Bonjour
2015-01-22 22:01 - 2015-01-22 22:02 - 05436744 _____ (Apple Inc.) C:\Users\****\Downloads\BonjourPS202Setup.exe
2015-01-22 20:28 - 2015-01-22 20:28 - 00000000 _____ () C:\ProgramData\HDPSetting.ini
2015-01-20 02:17 - 2015-01-20 02:17 - 00001419 _____ () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-20 02:15 - 2015-01-20 02:15 - 00000020 ___SH () C:\Users\****\ntuser.ini
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Startmenü
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\ProgramData\Startmenü
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 _SHDL () C:\ProgramData\Dokumente
2015-01-20 02:15 - 2015-01-20 02:15 - 00000000 ____D () C:\Recovery
2015-01-20 02:05 - 2015-02-01 13:51 - 00062739 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 01:50 - 2015-01-20 01:50 - 00021532 _____ () C:\Windows\system32\emptyregdb.dat
2015-01-20 01:41 - 2015-02-01 13:44 - 00000000 ____D () C:\Users\Default\AppData\Roaming\AVAST Software
2015-01-20 01:41 - 2015-02-01 13:44 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\AVAST Software
2015-01-20 01:41 - 2015-01-20 01:41 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-01-20 01:41 - 2015-01-20 01:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-01-20 01:06 - 2015-02-01 13:44 - 00000000 ____D () C:\Users\****
2015-01-20 01:06 - 2015-02-01 13:44 - 00000000 ____D () C:\Users\Administrator
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Startmenü
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Netzwerkumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Druckumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Documents\Eigene Musik
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\Documents\Eigene Bilder
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\****\AppData\Local\Verlauf
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-01-20 01:06 - 2015-01-20 01:06 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2015-01-20 01:06 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:06 - 2009-07-14 05:42 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:06 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:06 - 2009-07-14 05:37 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:04 - 2015-01-20 01:04 - 00000000 ____D () C:\Windows\system32\RTCOM
2015-01-20 01:04 - 2015-01-20 01:04 - 00000000 ____D () C:\Program Files\Realtek
2015-01-20 01:03 - 2015-01-20 01:03 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-01-20 01:03 - 2015-01-20 01:03 - 00000000 ____D () C:\Program Files\Synaptics
2015-01-20 01:02 - 2015-01-20 01:02 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-01-20 00:59 - 2015-01-20 01:05 - 00001355 _____ () C:\Windows\TSSysprep.log
2015-01-20 00:57 - 2015-01-20 02:15 - 00000000 ____D () C:\Windows\Panther
2015-01-20 00:54 - 2015-01-20 00:54 - 00262144 _____ () C:\Windows\system32\config\userdiff
2015-01-20 00:30 - 2015-02-01 13:44 - 00000000 ____D () C:\$WINDOWS.~Q
2015-01-20 00:25 - 2015-01-20 00:29 - 00000000 ____D () C:\$INPLACE.~TR
2015-01-19 23:11 - 2015-01-20 01:52 - 00006137 _____ () C:\Windows\comsetup.log
2015-01-19 22:59 - 2015-01-19 22:59 - 00000199 _____ () C:\Windows\system32\2015-01-19-21-59-47.056-AvastVBoxSVC.exe-2804.log
2015-01-19 22:47 - 2015-01-19 22:47 - 00000249 _____ () C:\Windows\system32\2015-01-19-21-47-40.038-aswFe.exe-912.log
2015-01-19 22:25 - 2015-01-19 22:47 - 00000249 _____ () C:\Windows\system32\2015-01-19-21-25-01.028-aswFe.exe-3604.log
2015-01-19 22:24 - 2015-01-19 22:24 - 00000199 _____ () C:\Windows\system32\2015-01-19-21-24-52.051-AvastVBoxSVC.exe-2552.log
2015-01-19 22:14 - 2015-01-20 01:19 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-10 02:18 - 2015-02-01 13:44 - 00000000 ____D () C:\RegBackup
2015-01-10 02:18 - 2015-01-10 02:18 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-****-BOOKLET-Microsoft-Windows-7-Starter-(32-bit).dat
2015-01-07 20:53 - 2015-01-07 20:53 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2015-01-07 20:52 - 2015-01-20 01:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-01-07 20:50 - 2015-01-20 01:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-01-07 20:49 - 2015-02-01 13:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVAST Software
2015-01-07 20:49 - 2010-06-29 13:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2015-01-05 22:04 - 2015-01-20 01:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-04 22:30 - 2014-12-04 05:38 - 00728576 ____N (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-04 22:30 - 2014-12-04 05:38 - 00610304 ____N (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-04 22:30 - 2014-12-02 00:28 - 01160872 ____N (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-04 22:29 - 2014-12-04 05:38 - 00337920 ____N (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-04 22:29 - 2014-12-04 05:38 - 00315392 ____N (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-04 22:27 - 2015-01-04 22:29 - 00380416 _____ () C:\Users\****\Downloads\Gmer-19357.exe
2015-01-04 22:12 - 2014-11-21 08:16 - 02861568 ____N (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-04 22:02 - 2015-02-01 13:53 - 00000000 ____D () C:\FRST
2015-01-04 21:59 - 2015-02-01 08:15 - 01122304 _____ (Farbar) C:\Users\****\Downloads\FRST.exe
2015-01-04 21:56 - 2015-01-04 21:57 - 00000472 _____ () C:\Users\****\Downloads\defogger_disable.log
2015-01-04 21:56 - 2015-01-04 21:56 - 00000000 _____ () C:\Users\****\defogger_reenable
2015-01-04 21:54 - 2015-01-04 21:55 - 00050477 _____ () C:\Users\****\Downloads\Defogger.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-01 13:52 - 2010-11-20 22:01 - 01629396 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-01 13:47 - 2014-01-21 21:51 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 13:47 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-01 13:47 - 2009-07-14 05:39 - 00268042 _____ () C:\Windows\setupact.log
2015-02-01 13:45 - 2009-07-14 05:34 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 13:45 - 2009-07-14 05:34 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 13:44 - 2014-01-21 21:41 - 00000000 ____D () C:\Users\****\AppData\Roaming\AVAST Software
2015-02-01 13:44 - 2011-09-10 10:31 - 00000000 ____D () C:\Users\****\AppData\Local\Google
2015-02-01 13:44 - 2010-07-12 22:23 - 00000000 ____D () C:\Users\****\GDesk
2015-02-01 13:44 - 2010-07-05 09:33 - 00000000 ____D () C:\Users\****\AppData\Roaming\Adobe
2015-02-01 13:44 - 2010-07-05 09:19 - 00000000 ____D () C:\Users\****\AppData\Roaming\Mozilla
2015-02-01 13:44 - 2010-07-05 09:19 - 00000000 ____D () C:\Users\****\AppData\Local\Mozilla
2015-02-01 13:44 - 2010-07-01 21:53 - 00000000 ____D () C:\Users\****\AppData\Local\Nokia
2015-02-01 13:44 - 2010-07-01 21:50 - 00000000 ____D () C:\Users\****\AppData\Roaming\PC Suite
2015-02-01 13:44 - 2010-07-01 21:35 - 00000000 ____D () C:\ProgramData\NokiaInstallerCache
2015-02-01 13:44 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-02-01 13:18 - 2010-11-20 22:48 - 00018150 _____ () C:\Windows\PFRO.log
2015-02-01 12:24 - 2013-10-25 08:44 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-01 12:21 - 2013-09-04 21:05 - 00000000 ____D () C:\Program Files\Java
2015-02-01 12:11 - 2014-01-21 21:51 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 12:10 - 2013-01-13 01:32 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 10:46 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\security
2015-01-29 01:12 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-29 01:00 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-29 00:10 - 2010-04-23 11:44 - 00000000 ____D () C:\ProgramData\temp
2015-01-27 23:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-25 20:07 - 2013-01-13 01:31 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-25 20:07 - 2011-06-15 00:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-25 19:59 - 2009-07-14 03:04 - 00000580 _____ () C:\Windows\win.ini
2015-01-25 19:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-23 20:59 - 2014-01-21 21:51 - 00000000 ____D () C:\Program Files\Google
2015-01-22 23:11 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-22 22:31 - 2009-07-14 05:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-20 21:09 - 2012-11-19 09:53 - 00000000 ____D () C:\Users\****\AppData\Local\Wuala
2015-01-20 21:07 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\restore
2015-01-20 20:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-20 02:32 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-01-20 02:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\Recovery
2015-01-20 02:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-20 02:11 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-20 02:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Registration
2015-01-20 01:51 - 2009-07-14 05:39 - 00005715 _____ () C:\Windows\setuperr.log
2015-01-20 01:44 - 2009-07-14 05:33 - 00287424 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-20 01:41 - 2009-07-14 05:34 - 00005157 _____ () C:\Windows\DtcInstall.log
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 01:41 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 01:38 - 2010-07-18 21:53 - 00000000 ____D () C:\Users\****\Downloads\LinuxKDE(eng).gdd
2015-01-20 01:38 - 2010-07-18 21:47 - 00000000 ____D () C:\Users\****\Downloads\SNP88.gdd
2015-01-20 01:38 - 2010-07-18 21:41 - 00000000 ____D () C:\Users\****\Downloads\CrepusculumByPingwinGTS.gdd
2015-01-20 01:38 - 2010-07-18 21:34 - 00000000 ____D () C:\Users\****\Downloads\diamond-v04
2015-01-20 01:37 - 2012-08-18 10:14 - 00000000 ____D () C:\Users\****\AppData\Roaming\SoftGrid Client
2015-01-20 01:37 - 2012-08-18 10:14 - 00000000 ____D () C:\Users\****\AppData\Local\SoftGrid Client
2015-01-20 01:37 - 2010-07-13 00:04 - 00000000 ____D () C:\Users\****\AppData\Roaming\WinRAR
2015-01-20 01:37 - 2010-07-13 00:02 - 00000000 ____D () C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-20 01:37 - 2010-07-05 09:33 - 00000000 ____D () C:\Users\****\AppData\Roaming\Macromedia
2015-01-20 01:37 - 2010-07-01 22:09 - 00000000 ____D () C:\Users\****\AppData\Roaming\Nokia Ovi Suite
2015-01-20 01:37 - 2010-07-01 21:57 - 00000000 ____D () C:\Users\****\AppData\Roaming\Nokia
2015-01-20 01:37 - 2010-07-01 21:56 - 00000000 ____D () C:\Users\****\AppData\Local\NokiaAccount
2015-01-20 01:36 - 2011-01-26 21:53 - 00000000 ____D () C:\Users\****\AppData\Local\Adobe
2015-01-20 01:19 - 2014-07-26 20:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-20 01:19 - 2011-07-30 15:11 - 00000000 ____D () C:\Windows\system32\SPReview
2015-01-20 01:19 - 2011-07-16 23:18 - 00000000 ____D () C:\Windows\system32\EventProviders
2015-01-20 01:19 - 2010-07-05 09:32 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-20 01:19 - 2010-04-23 10:54 - 00000000 ____D () C:\Windows\{9BA86693-F49A-4DA1-BBB3-827DFB688228}
2015-01-20 01:19 - 2010-04-23 10:53 - 00000000 ____D () C:\Windows\system32\Lang
2015-01-20 01:19 - 2010-04-23 10:51 - 00000000 ____D () C:\Windows\system32\Microsoft.VC80.MFC
2015-01-20 01:19 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-PT
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\it-IT
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\hu-HU
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2015-01-20 01:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\el-GR
2015-01-20 01:18 - 2010-07-05 11:03 - 00000000 ____D () C:\Windows\pss
2015-01-20 01:18 - 2010-06-29 13:20 - 00000000 ____D () C:\Windows\SHELLNEW
2015-01-20 01:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-20 01:16 - 2014-08-02 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-20 01:16 - 2014-01-21 21:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-20 01:16 - 2013-01-25 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2015-01-20 01:16 - 2013-01-25 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-20 01:16 - 2012-11-19 09:58 - 00000000 ____D () C:\ProgramData\Sun
2015-01-20 01:16 - 2011-01-26 21:46 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-20 01:16 - 2011-01-26 21:42 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-20 01:16 - 2010-08-30 14:53 - 00000000 ____D () C:\ProgramData\Alwil Software
2015-01-20 01:16 - 2010-08-13 20:51 - 00000000 ____D () C:\Program Files\PC Connectivity Solution
2015-01-20 01:16 - 2010-07-13 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-20 01:16 - 2010-07-13 00:01 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-20 01:16 - 2010-07-01 21:50 - 00000000 ____D () C:\ProgramData\PC Suite
2015-01-20 01:16 - 2010-06-30 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
2015-01-20 01:16 - 2010-06-30 23:11 - 00000000 ____D () C:\Program Files\Nokia
2015-01-20 01:16 - 2010-06-29 13:31 - 00000000 ____D () C:\ProgramData\fssg
2015-01-20 01:16 - 2010-06-29 13:30 - 00000000 ____D () C:\ProgramData\f-secure
2015-01-20 01:16 - 2010-06-29 13:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-20 01:16 - 2010-04-23 10:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-20 01:16 - 2010-04-23 10:56 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-01-20 01:16 - 2010-04-23 10:51 - 00000000 ____D () C:\ProgramData\win7_32
2015-01-20 01:16 - 2010-04-23 10:51 - 00000000 ____D () C:\Program Files\Power Management
2015-01-20 01:16 - 2010-04-23 10:29 - 00000000 ____D () C:\ProgramData\Nokia
2015-01-20 01:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-01-20 01:15 - 2014-11-11 21:13 - 00000000 ____D () C:\Program Files\GUM8EBC.tmp
2015-01-20 01:15 - 2013-01-25 11:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-20 01:15 - 2012-08-18 10:08 - 00000000 ____D () C:\Program Files\Microsoft Application Virtualization Client
2015-01-20 01:15 - 2010-07-05 09:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-20 01:15 - 2010-06-29 13:22 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-01-20 01:15 - 2010-06-29 13:22 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2015-01-20 01:15 - 2010-06-29 13:19 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-20 01:15 - 2010-04-23 10:57 - 00000000 ____D () C:\Program Files\Microsoft Office Suite Activation Assistant
2015-01-20 01:15 - 2010-04-23 10:52 - 00000000 ____D () C:\Program Files\Intel
2015-01-20 01:15 - 2010-04-23 10:51 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-20 01:15 - 2010-04-23 10:51 - 00000000 ____D () C:\Program Files\HotKey
2015-01-20 01:14 - 2014-11-11 21:14 - 00000000 ____D () C:\Program Files\GUM1317.tmp
2015-01-20 01:14 - 2014-08-02 11:53 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-20 01:14 - 2014-07-04 23:22 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-01-20 01:14 - 2011-06-21 21:14 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-20 01:14 - 2011-01-12 22:48 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2015-01-20 01:14 - 2010-07-01 21:43 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2015-01-20 01:14 - 2010-07-01 21:42 - 00000000 ____D () C:\Program Files\DIFX
2015-01-20 01:14 - 2010-06-29 13:32 - 00000000 ____D () C:\Program Files\F-Secure
2015-01-20 01:14 - 2010-04-23 10:56 - 00000000 ____D () C:\Program Files\ASIX Electronics Corporation
2015-01-20 01:14 - 2010-04-23 10:55 - 00000000 ____D () C:\Program Files\CSR
2015-01-20 01:14 - 2010-04-23 10:54 - 00000000 ____D () C:\Program Files\Atheros
2015-01-20 01:14 - 2010-04-23 10:51 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-01-20 01:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-20 01:14 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-20 01:13 - 2011-06-21 21:14 - 00000000 ____D () C:\Program Files\Adobe
2015-01-20 01:13 - 2010-08-30 14:53 - 00000000 ____D () C:\Program Files\Alwil Software
2015-01-20 01:04 - 2009-07-14 03:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 00:56 - 2009-07-14 05:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-20 00:56 - 2009-07-14 05:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-01-20 00:14 - 2010-06-30 04:00 - 01702239 _____ () C:\Windows\WindowsUpdate (1).log
2015-01-19 23:01 - 2011-02-28 23:45 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-19 22:59 - 2010-08-30 14:54 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-08 09:55 - 2010-06-29 14:33 - 00249488 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 20:31 - 2014-11-11 22:09 - 00044846 _____ () C:\Windows\IE11_main.log
2015-01-05 21:24 - 2013-08-12 20:00 - 00000000 ____D () C:\Windows\system32\MRT

==================== Files in the root of some directories =======

2014-11-11 21:14 - 2014-11-11 21:14 - 6000640 _____ () C:\Program Files\GUT1328.tmp
2014-11-11 21:13 - 2014-11-11 21:24 - 6000640 _____ () C:\Program Files\GUT8ECC.tmp
2015-01-25 22:47 - 2015-01-25 22:47 - 0045538 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.PNG
2015-01-25 22:47 - 2015-01-25 22:47 - 0000272 _____ () C:\Users\****\AppData\Roaming\HELP_DECRYPT.URL
2015-01-25 22:45 - 2015-01-25 22:45 - 0045538 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.PNG
2015-01-25 22:45 - 2015-01-25 22:45 - 0000272 _____ () C:\Users\****\AppData\Local\HELP_DECRYPT.URL
2015-01-22 20:28 - 2015-01-22 20:28 - 0000000 _____ () C:\ProgramData\HDPSetting.ini
2015-01-25 22:44 - 2015-01-25 22:44 - 0045538 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-01-25 22:44 - 2015-01-25 22:44 - 0000272 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-01-25 22:42 - 2015-01-25 22:42 - 0000017 _____ () C:\ProgramData\systemskey.ini

Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\NEventMessages.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-27 01:50

==================== End Of Log ============================
--- --- ---


und noch das Addition Log:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2015
Ran by **** at 2015-02-01 13:55:37
Running from C:\Users\****\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
Atheros 802.11 bgn Network Adapter (HKLM\...\InstallShield_{06A6143C-0703-4946-9E20-355F306ADF11}) (Version: 1.0.0.0 - Atheros)
Atheros 802.11 bgn Network Adapter (Version: 1.0.0.0 - Atheros) Hidden
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
AX88772A & AX88772 Windows 7 Drivers (HKLM\...\InstallShield_{620DA0EB-574D-45B5-B3E9-B85AECA41D59}) (Version: 1.0.0.0 - ASIX Electronics Corporation)
AX88772A & AX88772 Windows 7 Drivers (Version: 1.0.0.0 - ASIX Electronics Corporation) Hidden
Bluetooth Feature Pack 5.0 (HKLM\...\{0439D13F-C7CD-458A-90DE-44135CBD40B8}) (Version: 5.0.12 - CSR Plc.)
Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version: 2.0.2.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Google Chrome (HKU\S-1-5-21-3075977200-4285461987-214124539-1000\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Hard Disk Protection (HKLM\...\InstallShield_{08188833-CF3E-4067-B884-6049B0A38A35}) (Version: 1.0.0.18C - Nokia)
Hard Disk Protection (Version: 1.0.0.18C - Nokia) Hidden
Hotkey Utility (HKLM\...\InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}) (Version: 1.0.0.21C - Nokia)
Hotkey Utility (Version: 1.0.0.21C - Nokia) Hidden
Intel(R) Graphics Media Accelerator 500 (HKLM\...\LPCO) (Version:  -  Intel Corporation)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (HKLM\...\{9E871D09-064D-3BC9-963B-3AB8ABE1273D}) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{4903D172-DCCB-392F-93A3-34CA9D47FE3D}) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Miniprogramm zum Abrufen von Nokia Ovi Suite (HKLM\...\{3A519502-3354-4290-A852-7A1835BA678F}) (Version: 1.0.45 - Nokia)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Booklet Software Updater (HKLM\...\{8C7AC9E7-A635-4C73-B360-FE6AE4E8DD93}) (Version: 1.1.100 - Nokia)
Nokia Connectivity Cable Driver (HKLM\...\{F1FDAA01-988C-423F-AC12-0D8F333943FD}) (Version: 7.1.31.0 - Nokia)
Nokia Ovi Suite (HKLM\...\Nokia Ovi Suite) (Version: 2.2.0.245 - Nokia)
Nokia Ovi Suite (Version: 2.2.0.245 - Nokia) Hidden
Nokia Ovi Suite Software Updater (HKLM\...\{A0D65C73-F2C5-432F-8788-90F8A2E99B98}) (Version: 02.05.002.42441 - Nokia Corporation)
Nokia Social Hub (HKLM\...\{F4A31D1A-8ABB-4977-848E-26F76F5212B0}) (Version: 1.0.585 - Nokia)
Option WWAN Driver 5.1.37.0 Installer  (HKLM\...\{884BB5CC-108E-41a9-936D-955C999C06A1}_x) (Version: 3.5.1.1140 - Option NV)
Option WWAN Driver 5.1.37.0 Installer (Version: 3.5.1.1140 - Option NV) Hidden
Ovi Desktop Sync Engine (Version: 1.4.78.0 - Nokia) Hidden
Ovi Maps Gadget (HKLM\...\{698A3082-B4AF-4113-8068-79C868C4B0C9}) (Version: 1.0.13867 - Nokia)
OviMPlatform (Version: 2.6.195.0 - Nokia) Hidden
PC Connectivity Solution (HKLM\...\{29F563F4-8807-4496-8463-441EAA0E96AB}) (Version: 10.26.0.0 - Nokia)
Power Management (HKLM\...\InstallShield_{C36E5EC0-A87E-4994-844B-1DE75ED22BD8}) (Version: 1.0.0.18C - Nokia)
Power Management (Version: 1.0.0.18C - Nokia) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5999 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoamingHelperSetup (HKLM\...\{C358D274-1BA4-4F57-95C4-4669AE126B99}) (Version: 1.0.0 - Option)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.3.0 - Synaptics Incorporated)
Tap to wake up (HKLM\...\InstallShield_{0B23E38B-F4D8-44A9-A3D3-95020D35D8C9}) (Version: 1.0.0.19C - Nokia)
Tap to wake up (Version: 1.0.0.19C - Nokia) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Utility Common Driver (Version: 1.77.0.2C - NOKIA) Hidden
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\browser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\****\AppData\Local\Google\Chrome\Application\40.0.2214.94\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3075977200-4285461987-214124539-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)

==================== Restore Points  =========================

28-01-2015 23:16:46 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-01-29 01:00 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3201A1B4-6C25-46D5-BC40-232F14D989FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-21] (Google Inc.)
Task: {773C2256-6E9D-4A26-B6A8-2B2B69FDB1FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {7E476722-6C80-4EA0-8B46-48B6F562E67C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000Core => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {A320242A-44DE-4938-A0A7-6476C923136C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000UA => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2015-01-23] (Google Inc.)
Task: {A6B2DB9E-6523-460F-A1F1-6F1C15D943E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {DF4F6C72-D05F-409D-BB27-9014CFBBC242} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-21] (Google Inc.)
Task: {E3457BE7-F260-4266-BE08-4DEE4761FA99} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {E43D2EF0-0F74-4346-B530-03932149ADAF} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2015-01-01] (AVAST Software)
Task: {E7CE1F64-F0B0-4581-96EE-3E2882FEF1E6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F762FFD0-B96E-4EB6-933D-A91579976F09} - System32\Tasks\Nokia\Booklet software updater\Check for updates => NBSUTool.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000Core.job => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3075977200-4285461987-214124539-1000UA.job => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-02-01 12:11 - 2015-02-01 12:11 - 02913280 _____ () C:\Program Files\Alwil Software\Avast5\defs\15020100\algo.dll
2015-01-01 16:04 - 2015-01-01 16:04 - 02151544 _____ () C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxVMM.dll
2015-01-01 16:03 - 2015-01-01 16:03 - 00021488 _____ () C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxREM.dll
2015-01-01 16:03 - 2015-01-01 16:03 - 04474224 _____ () C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxRT.dll
2010-04-23 10:56 - 2009-12-24 19:13 - 00180224 _____ () C:\WINDOWS\system32\HDPSrv.exe
2010-04-23 10:51 - 2010-04-23 10:51 - 00011776 _____ () C:\Windows\system32\PrLdrSrv.exe
2010-04-23 10:51 - 2010-04-23 10:51 - 00024576 _____ () C:\Windows\system32\EKECioCtl.dll
2015-01-01 16:06 - 2015-01-01 16:06 - 38562088 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2010-04-23 10:56 - 2009-12-24 19:13 - 00180224 _____ () C:\Windows\System32\HDPSrv.exe
2010-04-21 12:39 - 2010-04-21 12:39 - 02145792 _____ () C:\Program Files\Nokia\Nokia Social Hub\QtCore4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 07983616 _____ () C:\Program Files\Nokia\Nokia Social Hub\QtGui4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00335360 _____ () C:\Program Files\Nokia\Nokia Social Hub\QtXml4.dll
2010-04-21 12:38 - 2010-04-21 12:38 - 00925184 _____ () C:\Program Files\Nokia\Nokia Social Hub\QtNetwork4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00187904 _____ () C:\Program Files\Nokia\Nokia Social Hub\QtSql4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00022528 _____ () C:\Program Files\Nokia\Nokia Social Hub\imageformats\qgif4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00027648 _____ () C:\Program Files\Nokia\Nokia Social Hub\imageformats\qico4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00119808 _____ () C:\Program Files\Nokia\Nokia Social Hub\imageformats\qjpeg4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00220672 _____ () C:\Program Files\Nokia\Nokia Social Hub\imageformats\qmng4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00278528 _____ () C:\Program Files\Nokia\Nokia Social Hub\imageformats\qtiff4.dll
2010-04-21 12:39 - 2010-04-21 12:39 - 00417792 _____ () C:\Program Files\Nokia\Nokia Social Hub\sqldrivers\qsqlite4.dll
2015-01-01 16:03 - 2015-01-01 16:03 - 00317632 _____ () C:\Program Files\Alwil Software\Avast5\ng\vbox\VBoxDDU.dll
2010-05-10 15:33 - 2010-05-10 15:33 - 00352640 _____ () C:\Program Files\Nokia\Nokia Booklet software updater\NBSUTool.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3075977200-4285461987-214124539-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-3075977200-4285461987-214124539-501 - Limited - Disabled)
**** (S-1-5-21-3075977200-4285461987-214124539-1000 - Administrator - Enabled) => C:\Users\****

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2015 01:48:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2015 01:42:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/01/2015 01:37:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/01/2015 01:34:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/01/2015 01:20:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2015 00:36:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/01/2015 00:31:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/01/2015 00:13:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

Error: (02/01/2015 00:10:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12787839

Error: (02/01/2015 00:10:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12787839


System errors:
=============
Error: (02/01/2015 01:45:25 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (02/01/2015 01:27:49 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (02/01/2015 01:19:05 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x00000003, 0x84a0c030, 0x82166ae0, 0x83fc85b8)C:\Windows\MEMORY.DMP020115-32682-01

Error: (02/01/2015 01:18:45 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎01.‎02.‎2015 um 12:47:15 unerwartet heruntergefahren.

Error: (02/01/2015 00:10:35 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (02/01/2015 08:37:22 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (01/31/2015 10:37:15 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (01/31/2015 04:18:33 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14

Error: (01/31/2015 04:16:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (01/31/2015 04:16:18 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "PrLdrSrv" hat einen ungültigen aktuellen Status gemeldet: 14


Microsoft Office Sessions:
=========================

schrauber 01.02.2015 17:39
Adobe Reader gibt es in Version 11
Adobe Reader-Installation für alle Versionen


Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

schuemli 04.02.2015 19:15
Habe alles der Reihe nach abgearbeitet. Sicher läuft jetzt der PC wieder viel schneller als vorher. Auch sind die "Decrypt"-Dateien aus den diversen Ordnern weg. Was aber nach wie vor nicht funktioniert ist, dass PDFs geöffnet werden (Office-Dateien weiss ich nicht, weil ich davon nichts installiert habe). Folgende Meldung erscheint: "Adobe Reader konnte "****.pdf" nicht öffnen, da der Dateityp nicht unterstützt wird oder die Datei beschädigt ist".
Hast du noch eine Idee?

schrauber 05.02.2015 07:25
Installiere den Adobe Reader mal neu, und/oder einen anderen Reader (NitroPDF). Geht es dann?

schuemli 08.02.2015 21:41
Habe NitroPdf installiert. Meine PDFs starteten auch damit nicht. Habe mir darauf ein x-beliebiges Handbuch als PDF runtergeladen. Dies lies sich dann mit Nitro und auch Adobe Reader öffnen.
Ok. Meine PDFs sind alle futsch (stört mich nicht, weil ich die auch auf meinem PC im Geschäft habe). Trotzdem finde ich es sehr eigenartig, wie das passieren konnte. Hat das irgendwas mit den Viren zu tun, die ich mir eingefangen hatte?

Nochwas: Einige Dateiordner sind Schreibgeschützt. So z.B. im Ordner Benutzer mein Benutzerordner. Die Ordner Administrator und Öffentlich sind hingegen nicht schreibgeschützt. Schreibgeschützt sind auch die Ordner MSOCache und Recovery. Das ist mir vorher nie aufgefallen.

schrauber 09.02.2015 06:56
Schreibgeschützt, also Schloss dran, oder auch gar kein Zugriff bei Doppelklick?

schuemli 15.02.2015 20:52
Die oben genannten Ordner haben ein Schloss dran. Also auch mein Ordner unter der Datei Benutzer. Das hab ich garantiert nicht selbst gemacht!

schrauber 16.02.2015 17:51
Das ist WIndows 7, völlig normal.
Kommt weil wir versteckte Dateien und Co anzeigen lassen:
C: einige ordner haben plötzlich ein - Microsoft Community


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:20 Uhr.
Seite 3 von 3 12 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58