All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 3.0. -> *.xxx

music-lover · 19.07.2015, 18:53

Hallo!
Ich hoffe, ich habe alle Regeln verstanden und poste in der richtigen 'Abteilung'.
Mein Musikrechner Win7 (kein Email Zugang) und nur selten Internet aktiv (für Updates) hat einen Trojaner eingefangen. Wie, weiß ich nicht.
Jedenfalls wurden alle meine docx, jpg, pdf, txt nicht aber wav und mp3 in *.zzz umbenannt und verschlüsselt. Scheinbar hat sich die Dateigröße auch verändert, den alle Tools, die ich hier fand (Decrypt Helper von Matthias, Avira, Toll von Dr. Web...) funktionieren leider nicht. Angegebene Gründe sind: Unterschiedliche Dateigröße oder Pärchen passen nicht zusammen.
Ich habe auch versucht, mit Recovery Tools (Ontrac) die 'ältere' Version von der Festplatte wieder herzustellen. Leider keine Erfolg.
Es sind bei mir 2 von 5 Festplatten betroffen. Entweder war ich schneller beim Ausschalten oder der Trojaner verändert nur C: und D:.
Meine Sicherung C: ist von Jänner 2015. Aber die von D: ist von September 2014.
Zwischen September bis heute wurden 1000 Files neu erstellt und bearbeitet.
D.h. wie bei allen betroffenen Personen ein Horror.
Vielleicht findet sich eine nette Person und hilft mir bei der Wiederherstellung der Daten, wenn möglich.
Herzliches Dankeschön!
Oliver

schrauber · 19.07.2015, 20:03

Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

music-lover · 20.07.2015, 13:25

Hi!
Danke für Deine Hilfe!
Ich verstehe jetzt nicht das '#'.
Aber ich poste mal die beiden LOG Files.
Nur zur Klärung. Nach dem ich gemerkt habe, dass der Trojaner auf meiner FP sich gemütlich gemacht habe, habe ich sofort Kaspersky installiert und natürlich auch laufen lassen. Jetzt ist die Frage, ob Du mit den beiden LOG FIles noch etwas anfangen kannst.

NOCHMALS DANKESCHÖN!!!

CODE]
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by music (administrator) on MUSIC-PC on 20-07-2015 13:58:11
Running from J:\
Loaded Profiles: music (Available Profiles: music)
Platform: Windows 7 Enterprise (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MOTU Inc.) C:\Program Files (x86)\MOTU\motuDNSResponder.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
() C:\Program Files (x86)\Tor\tor.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avpui.exe
(Smartbar) C:\Users\music\AppData\Local\Smartbar\Application\SnapDo.exe
(Cheba) C:\Users\music\AppData\Local\Cheba\Cheba.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files\behringer\behringer_XUF_1394_driver\X-UF 1394 Control Panel.exe
() C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
(PixelMetrics) C:\Program Files (x86)\CaptureWiz\Pro\CaptureWiz.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Universal Audio, Inc.) C:\Program Files (x86)\Universal Audio\Powered Plugins\UATrayIcon.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-01-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [155648 2011-05-03] (Apple Computer, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [UATrayIcon] => C:\Program Files (x86)\Universal Audio\Powered Plugins\UATrayIcon.exe [1404928 2013-06-03] (Universal Audio, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
Winlogon\Notify\hncvavd: C:\Users\music\AppData\Local\hncvavd.dll [2015-07-17] ()
HKU\S-1-5-21-1233522967-52797685-3324903142-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1233522967-52797685-3324903142-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-1233522967-52797685-3324903142-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\music\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-1233522967-52797685-3324903142-1001\...\Run: [Browser Infrastructure Helper] => C:\Users\music\AppData\Local\Smartbar\Application\SnapDo.exe [21536 2013-10-31] (Smartbar)
HKU\S-1-5-21-1233522967-52797685-3324903142-1001\...\Run: [Cheba] => C:\Users\music\AppData\Local\Cheba\Cheba.exe [126976 2015-07-08] (Cheba)
HKU\S-1-5-21-1233522967-52797685-3324903142-1001\...\Run: [hncvavd] => rundll32 "C:\Users\music\AppData\Local\hncvavd.dll",hncvavd <===== ATTENTION
AppInit_DLLs: C:\Users\music\AppData\Local\Cheba\pass64.dll => C:\Users\music\AppData\Local\Cheba\pass64.dll [141312 2015-07-08] (TODO: <Company name>)
AppInit_DLLs-x32: C:\Users\music\AppData\Local\Cheba\pass32.dll => C:\Users\music\AppData\Local\Cheba\pass32.dll [122368 2015-07-08] (TODO: <Company name>)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Behringer X-UF 1394 Control Panel.lnk [2013-05-14]
ShortcutTarget: Behringer X-UF 1394 Control Panel.lnk -> C:\Program Files\behringer\behringer_XUF_1394_driver\X-UF 1394 Control Panel.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MOTU Pedal Service.lnk [2012-12-23]
ShortcutTarget: MOTU Pedal Service.lnk -> C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe ()
Startup: C:\Users\music\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CaptureWiz.lnk [2013-08-01]
ShortcutTarget: CaptureWiz.lnk -> C:\Program Files (x86)\CaptureWiz\Pro\CaptureWiz.exe (PixelMetrics)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1233522967-52797685-3324903142-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Chew&co=AT&userid=6837a47e-d00e-4242-abcc-b66971505980&barcodeid=162196&installDate=01/01/2014&searchtype=ds&q={searchTerms}
HKU\S-1-5-21-1233522967-52797685-3324903142-1001\Software\Microsoft\Internet Explorer\Main,Start Page = Search
HKU\S-1-5-21-1233522967-52797685-3324903142-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Österreich - jetzt mit dem Hotmail-Nachfolger Outlook und Skype
HKU\S-1-5-21-1233522967-52797685-3324903142-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://isearch.babylon.com/?affID=110824&tt=4712_5&babsrc=HP_ss_Btisdt4&mntrId=1c1fb9b6000000000000bcaec5028bfa
HKU\S-1-5-21-1233522967-52797685-3324903142-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=Chew&co=AT&userid=6837a47e-d00e-4242-abcc-b66971505980&barcodeid=162196&installDate=01/01/2014&searchtype=ds&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Chew&co=AT&userid=6837a47e-d00e-4242-abcc-b66971505980&barcodeid=162196&installDate=01/01/2014&searchtype=ds&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Chew&co=AT&userid=6837a47e-d00e-4242-abcc-b66971505980&barcodeid=162196&installDate=01/01/2014&searchtype=ds&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\S-1-5-21-1233522967-52797685-3324903142-1001 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.golsearch.com/?q={searchTerms}&affID=110824&tt=4712_5&babsrc=SP_ss_Btisdt6&mntrId=1c1fb9b6000000000000bcaec5028bfa
SearchScopes: HKU\S-1-5-21-1233522967-52797685-3324903142-1001 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-1233522967-52797685-3324903142-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Chew&co=AT&userid=6837a47e-d00e-4242-abcc-b66971505980&barcodeid=162196&installDate=01/01/2014&searchtype=ds&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1233522967-52797685-3324903142-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.golsearch.com/?q={searchTerms}&affID=110824&tt=4712_5&babsrc=SP_ss_Btisdt6&mntrId=1c1fb9b6000000000000bcaec5028bfa
BHO: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll [2009-11-25] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Babylon toolbar helper -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll No File
BHO-x32: Snap.DoEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll [2009-11-25] (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-17] (Google Inc.)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll [2009-11-25] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll [2009-11-25] (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-17] (Google Inc.)
Toolbar: HKU\S-1-5-21-1233522967-52797685-3324903142-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
Toolbar: HKU\S-1-5-21-1233522967-52797685-3324903142-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-04] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-04] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-04] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-04] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1E8547B1-3D46-4E0B-8594-61BEE31053E6}: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\music\AppData\Roaming\Mozilla\Firefox\Profiles\6a9izthe.default
FF NewTab: hxxp://feed.snapdo.com/?publisher=Chew&co=AT&userid=6837a47e-d00e-4242-abcc-b66971505980&barcodeid=162196&installDate=01/01/2014&searchtype=nt
FF SearchEngineOrder.1: Search the web (Babylon)
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=6837a47e-d00e-4242-abcc-b66971505980&searchtype=ds&installDate=02/05/2013&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-17] ()
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-18] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-18] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1233522967-52797685-3324903142-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\music\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\music\AppData\Roaming\Mozilla\Firefox\Profiles\6a9izthe.default\user.js [2015-07-18]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll [2010-04-08] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll [2010-03-31] (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll [2010-04-08] ()
FF SearchPlugin: C:\Users\music\AppData\Roaming\Mozilla\Firefox\Profiles\6a9izthe.default\searchplugins\Web Search.xml [2015-02-03]
FF Extension: Firefox Alt-Svc Store Hotfix - C:\Users\music\AppData\Roaming\Mozilla\Firefox\Profiles\6a9izthe.default\Extensions\firefox-hotfix@mozilla.org [2015-04-14]
FF Extension: Firefox Alt-Svc Store Hotfix - C:\Users\music\AppData\Roaming\Mozilla\Firefox\Profiles\6a9izthe.default\Extensions\firefox-hotfix@mozilla.org.xpi [2015-04-14]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-03-26]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-18]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-18]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [194000 2015-07-09] (Kaspersky Lab ZAO)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MOTU_ZeroConf; C:\Program Files (x86)\MOTU\motuDNSResponder.exe [390544 2012-09-06] (MOTU Inc.)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7414256 2015-05-19] (Reimage®)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-02] () [File not signed] <==== ATTENTION
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 arcm_a64; C:\Windows\System32\drivers\arcm_a64.sys [59936 2010-12-25] (ARECA Technology Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
S3 behringer_avs; C:\Windows\System32\Drivers\behringer_avs_x64.sys [73536 2012-06-28] (Archwave AG)
S3 behringer_xuf_1394; C:\Windows\System32\Drivers\behringer_xuf_1394_x64.sys [197440 2012-06-28] (Archwave AG)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-07-09] (Kaspersky Lab UK Ltd)
R3 hypaudio; C:\Windows\System32\DRIVERS\hypaudio64.sys [1484800 2011-08-31] (Universal Audio, Inc.)
R3 hypkern; C:\Windows\System32\drivers\hypkern64.sys [225792 2011-08-31] ()
R3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25808 2013-04-11] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-07-09] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2015-07-09] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-07-09] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [225976 2015-07-09] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [850608 2015-07-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39280 2015-07-09] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [40304 2015-07-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [39280 2015-07-09] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-07-09] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-07-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [85360 2015-07-09] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2015-07-09] (Kaspersky Lab ZAO)
R3 MFWAMIDI64; C:\Windows\System32\drivers\MFWAMIDI64.sys [32408 2012-09-06] (Mark of the Unicorn)
R3 MFWAWAVE64; C:\Windows\System32\drivers\MFWAWAVE64.sys [82584 2012-09-06] (Mark of the Unicorn)
R3 motubus; C:\Windows\System32\drivers\MotuBus64.sys [29848 2012-09-06] (Mark of the Unicorn)
R3 MotuFWA64; C:\Windows\System32\drivers\Motufwa64.sys [609944 2012-09-06] (Mark of the Unicorn)
R3 motumidi64; C:\Windows\System32\drivers\motumidi64.sys [43672 2012-09-06] (MOTU)
R3 MotuUsb64; C:\Windows\System32\Drivers\MotuUsb64.sys [64664 2012-09-06] (MOTU)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 Powercore; C:\Windows\System32\DRIVERS\PCore.sys [371248 2010-07-15] (TC Electronic A/S)
R3 SynUSB64; C:\Windows\System32\DRIVERS\SynUSB64.sys [30352 2009-06-26] (Steinberg Media Technologies GmbH)
R3 UAD2Pcie; C:\Windows\System32\DRIVERS\UAD2Pcie.sys [47616 2013-06-03] (Universal Audio Inc.)
R3 UAD2System; C:\Windows\System32\DRIVERS\UAD2System.sys [89088 2013-06-03] (Universal Audio Inc.)
S3 cpuz134; \??\C:\Users\music\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 MAWGSIF64; system32\drivers\MAWGSIF64.sys [X]
S3 MAWWAVE64; system32\drivers\MAWWAVE64.sys [X]
S3 Motuaw64; system32\drivers\MotuAW64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 13:58 - 2015-07-20 13:58 - 00000000 ____D C:\FRST
2015-07-18 10:06 - 2015-07-18 10:06 - 00004274 _____ C:\Windows\System32\Tasks\ReimageUpdater
2015-07-18 10:05 - 2015-07-18 10:10 - 00000000 ____D C:\Program Files\Reimage
2015-07-18 10:05 - 2015-07-18 10:06 - 00000000 ____D C:\ProgramData\Reimage Protector
2015-07-18 10:04 - 2015-07-18 10:06 - 00000165 _____ C:\Windows\Reimage.ini
2015-07-18 00:10 - 2015-07-18 10:45 - 00262144 _____ C:\Windows\system32\config\elam
2015-07-18 00:06 - 2015-07-18 00:06 - 00002091 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2015-07-18 00:06 - 2015-07-18 00:06 - 00000000 ____D C:\Windows\ELAMBKUP
2015-07-18 00:06 - 2015-07-18 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2015-07-18 00:06 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-07-18 00:05 - 2015-07-20 13:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-07-18 00:05 - 2015-07-18 00:05 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-07-18 00:05 - 2015-07-09 19:11 - 00850608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-07-18 00:05 - 2015-07-09 19:11 - 00225976 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-07-18 00:05 - 2015-07-09 19:11 - 00159960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-07-17 23:37 - 2015-07-17 23:37 - 00000250 _____ C:\Users\music\Documents\Recovery_File_exkdd.txt
2015-07-17 23:09 - 2015-07-17 23:09 - 00000250 _____ C:\Users\music\Documents\Recovery_File_fyplu.txt
2015-07-17 22:52 - 2015-07-17 22:52 - 00031744 _____ C:\Users\music\AppData\Local\hncvavd.dll
2015-07-17 22:52 - 2015-07-17 22:52 - 00000250 _____ C:\Users\music\Documents\Recovery_File_khrng.txt
2015-07-11 01:45 - 2015-07-18 00:08 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2015-07-10 22:37 - 2015-07-10 22:37 - 00054156 ____H C:\Windows\QTFont.qfn
2015-07-10 22:37 - 2015-07-10 22:37 - 00001409 _____ C:\Windows\QTFont.for
2015-07-09 19:11 - 2015-07-09 19:11 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2015-07-09 19:11 - 2015-07-09 19:11 - 00247016 _____ (Kaspersky Lab UK Ltd) C:\Windows\system32\Drivers\cm_km_w.sys
2015-07-09 19:11 - 2015-07-09 19:11 - 00190648 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2015-07-09 19:11 - 2015-07-09 19:11 - 00085360 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2015-07-09 19:11 - 2015-07-09 19:11 - 00065208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2015-07-09 19:11 - 2015-07-09 19:11 - 00064368 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kldisk.sys
2015-07-09 19:11 - 2015-07-09 19:11 - 00040304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2015-07-09 19:11 - 2015-07-09 19:11 - 00039280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys
2015-07-09 19:11 - 2015-07-09 19:11 - 00039280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2015-07-09 19:11 - 2015-07-09 19:11 - 00024944 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klpd.sys
2015-06-27 12:13 - 2015-07-18 01:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-06-27 12:13 - 2015-06-27 12:13 - 00001532 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-06-27 12:13 - 2015-06-27 12:13 - 00001241 _____ C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-06-27 12:13 - 2015-06-27 12:13 - 00001038 _____ C:\Users\Public\Desktop\Best Safe Browser.lnk
2015-06-27 12:13 - 2015-06-27 12:13 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2015-06-26 20:19 - 2015-06-26 20:19 - 00060577 _____ C:\Tango Lago Maggiore_GM.mid
2015-06-24 12:15 - 2015-07-14 15:22 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 13:56 - 2015-04-14 23:32 - 00000306 _____ C:\Windows\Tasks\DOTHMOI.job
2015-07-20 13:56 - 2013-09-02 17:58 - 00132716 _____ C:\Windows\setupact.log
2015-07-20 13:56 - 2010-12-25 11:04 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-20 13:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-20 13:56 - 2009-07-14 06:45 - 00019600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-20 13:56 - 2009-07-14 06:45 - 00019600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-19 12:42 - 2011-02-13 18:29 - 00002186 _____ C:\Windows\wincmd.ini
2015-07-19 12:42 - 2010-12-25 10:29 - 01336403 _____ C:\Windows\WindowsUpdate.log
2015-07-19 12:42 - 2009-07-14 12:49 - 00657438 _____ C:\Windows\system32\perfh007.dat
2015-07-19 12:42 - 2009-07-14 12:49 - 00130810 _____ C:\Windows\system32\perfc007.dat
2015-07-19 12:42 - 2009-07-14 07:13 - 01507170 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-18 10:47 - 2015-06-09 23:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-18 10:47 - 2010-12-25 12:30 - 00074948 _____ C:\Windows\PFRO.log
2015-07-18 10:09 - 2010-12-25 11:04 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-18 02:00 - 2010-12-25 21:34 - 00000000 ____D C:\Users\music\AppData\Local\Adobe
2015-07-18 01:39 - 2015-06-01 18:56 - 00000000 ____D C:\Users\music\dwhelper
2015-07-18 01:39 - 2015-04-14 21:55 - 00000000 ____D C:\Users\music\Documents\Eventide
2015-07-18 01:39 - 2015-04-14 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H3000 Factory
2015-07-18 01:39 - 2015-02-14 01:24 - 00000000 __HDC C:\ProgramData\{7A86240F-63E1-4D58-83D3-E717B0CCAD94}
2015-07-18 01:39 - 2015-02-14 01:24 - 00000000 ____D C:\Program Files\Native Instruments
2015-07-18 01:39 - 2015-02-11 16:02 - 00000000 ____D C:\Program Files\Relab
2015-07-18 01:39 - 2015-02-09 17:12 - 00000000 ____D C:\Users\Public\Documents\NI Resources
2015-07-18 01:39 - 2015-02-09 17:11 - 00000000 __HDC C:\ProgramData\{E029E712-815A-4E1D-BA1D-7313E45BF6B5}
2015-07-18 01:39 - 2015-02-09 16:51 - 00000000 ____D C:\Program Files\Common Files\Avid
2015-07-18 01:39 - 2015-02-03 21:01 - 00000000 ____D C:\ProgramData\PACE
2015-07-18 01:39 - 2015-02-03 20:57 - 00000000 ____D C:\ProgramData\Apple
2015-07-18 01:39 - 2015-02-03 20:57 - 00000000 ____D C:\Program Files\Bonjour
2015-07-18 01:39 - 2015-02-03 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEC Electronics
2015-07-18 01:39 - 2015-02-03 18:14 - 00000000 ____D C:\ProgramData\Acronis
2015-07-18 01:39 - 2013-11-02 20:10 - 00000000 ____D C:\Users\music\Documents\Amazon MP3
2015-07-18 01:39 - 2013-09-19 20:43 - 00000000 ____D C:\ProgramData\BitGuard
2015-07-18 01:39 - 2013-09-09 16:52 - 00000000 ____D C:\temp
2015-07-18 01:39 - 2013-08-20 15:04 - 00000000 ____D C:\Users\Public\Documents\Adobe
2015-07-18 01:39 - 2013-08-15 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wizoo
2015-07-18 01:39 - 2013-08-01 14:28 - 00000000 ____D C:\Users\music\Documents\CaptureWiz
2015-07-18 01:39 - 2013-06-25 00:23 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-18 01:39 - 2013-06-25 00:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UAD Powered Plug-Ins
2015-07-18 01:39 - 2013-06-25 00:23 - 00000000 ____D C:\Program Files\Universal Audio
2015-07-18 01:39 - 2013-06-10 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-18 01:39 - 2013-05-14 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Behringer X-UF 1394 Driver V5.25.0
2015-07-18 01:39 - 2013-05-14 13:47 - 00000000 ____D C:\Program Files\behringer
2015-07-18 01:39 - 2013-05-02 17:57 - 00000000 ____D C:\Users\music\Documents\Free Sound Recorder
2015-07-18 01:39 - 2013-03-27 18:55 - 00000000 ___HD C:\ProgramData\CanonBJ
2015-07-18 01:39 - 2013-03-26 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-07-18 01:39 - 2013-03-26 20:08 - 00000000 __RHD C:\MSOCache
2015-07-18 01:39 - 2013-03-26 20:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-18 01:39 - 2013-03-26 20:08 - 00000000 ____D C:\Program Files\Microsoft Office
2015-07-18 01:39 - 2013-03-26 19:57 - 00000000 ____D C:\Users\music\Documents\Adobe
2015-07-18 01:39 - 2013-03-26 19:57 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-07-18 01:39 - 2013-03-26 19:57 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
2015-07-18 01:39 - 2013-03-26 19:57 - 00000000 ____D C:\Program Files\Common Files\PACE Anti-Piracy
2015-07-18 01:39 - 2013-03-26 19:53 - 00000000 ____D C:\ProgramData\ALM
2015-07-18 01:39 - 2013-03-26 19:51 - 00000000 ____D C:\Users\music\Adobe Flash Builder 4.6
2015-07-18 01:39 - 2013-03-26 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2015-07-18 01:39 - 2013-03-26 19:47 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-07-18 01:39 - 2013-03-26 19:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-07-18 01:39 - 2013-03-26 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2015-07-18 01:39 - 2013-03-26 19:46 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-07-18 01:39 - 2013-03-26 19:46 - 00000000 ____D C:\Program Files\Adobe
2015-07-18 01:39 - 2013-02-09 16:35 - 00000000 ____D C:\ProgramData\expLauncher
2015-07-18 01:39 - 2012-12-23 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOTU
2015-07-18 01:39 - 2012-12-23 15:38 - 00000000 ____D C:\Program Files\MOTU
2015-07-18 01:39 - 2012-11-21 02:01 - 00000000 ____D C:\Users\music\Documents\Cubase Projects
2015-07-18 01:39 - 2012-11-21 01:59 - 00000000 ____D C:\Program Files\Common Files\VST3
2015-07-18 01:39 - 2012-11-21 01:59 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2015-07-18 01:39 - 2012-11-21 00:48 - 00000000 ____D C:\Users\music\JDownloader
2015-07-18 01:39 - 2012-11-21 00:47 - 00000000 ____D C:\ProgramData\Babylon
2015-07-18 01:39 - 2012-11-21 00:20 - 00000000 ____D C:\Program Files\eLicenser
2015-07-18 01:39 - 2012-10-02 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wibu Emu
2015-07-18 01:39 - 2012-10-02 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Algorithmix
2015-07-18 01:39 - 2012-08-05 00:52 - 00000000 ____D C:\Users\music\Documents\Usenet.nl
2015-07-18 01:39 - 2012-08-04 23:31 - 00000000 ____D C:\ProgramData\Mozilla
2015-07-18 01:39 - 2011-07-31 19:34 - 00000000 ____D C:\___FÜR REAKTIVIERUNG
2015-07-18 01:39 - 2011-06-14 22:25 - 00000000 ____D C:\jBridgefürKonvert
2015-07-18 01:39 - 2011-05-03 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-18 01:39 - 2011-05-03 21:24 - 00000000 ____D C:\ProgramData\Apple Computer
2015-07-18 01:39 - 2011-03-27 18:12 - 00000000 __HDC C:\ProgramData\{B895D3F6-931C-4B01-A8AC-DCDBBE28F2F9}
2015-07-18 01:39 - 2011-03-27 18:12 - 00000000 ____D C:\ProgramData\Native Instruments
2015-07-18 01:39 - 2011-02-13 22:21 - 00000000 __HDC C:\ProgramData\{39752E59-CE7D-4919-9B7F-020F8C66116C}
2015-07-18 01:39 - 2011-02-13 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCM Native Reverb Bundle
2015-07-18 01:39 - 2011-02-13 22:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Ease
2015-07-18 01:39 - 2011-02-13 22:06 - 00000000 ____D C:\ProgramData\Audio Ease
2015-07-18 01:39 - 2011-02-13 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProjectSAM Symphobia
2015-07-18 01:39 - 2011-02-13 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project SAM Symphobia
2015-07-18 01:39 - 2011-02-13 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steinberg WaveLab
2015-07-18 01:39 - 2011-02-13 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments FM7
2015-07-18 01:39 - 2011-02-03 00:00 - 00000000 __HDC C:\ProgramData\{B2E750D8-6229-4554-B170-E8C77EDC1596}
2015-07-18 01:39 - 2011-02-02 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments FM8
2015-07-18 01:39 - 2011-02-02 23:57 - 00000000 ____D C:\Program Files\Common Files\Digidesign
2015-07-18 01:39 - 2011-02-02 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KORG
2015-07-18 01:39 - 2011-02-02 23:26 - 00000000 ____D C:\ProgramData\KORG
2015-07-18 01:39 - 2011-01-26 23:12 - 00000000 ____D C:\ProgramData\ATI
2015-07-18 01:39 - 2011-01-26 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-07-18 01:39 - 2011-01-26 23:09 - 00000000 ____D C:\Program Files\ATI Technologies
2015-07-18 01:39 - 2011-01-26 23:08 - 00000000 ____D C:\ATI
2015-07-18 01:39 - 2011-01-26 22:58 - 00000000 ____D C:\Users\music\Downloads\PC Drivers HeadQuarters
2015-07-18 01:39 - 2011-01-26 22:58 - 00000000 ____D C:\ProgramData\PC Drivers HeadQuarters
2015-07-18 01:39 - 2011-01-26 22:41 - 00000000 ____D C:\Program Files\ATI
2015-07-18 01:39 - 2011-01-23 21:19 - 00000000 ____D C:\Users\music\Documents\TC Electronic
2015-07-18 01:39 - 2011-01-23 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-07-18 01:39 - 2011-01-01 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arturia
2015-07-18 01:39 - 2011-01-01 23:08 - 00000000 ____D C:\ProgramData\Arturia
2015-07-18 01:39 - 2011-01-01 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaveLab 6
2015-07-18 01:39 - 2011-01-01 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Drums Overkill
2015-07-18 01:39 - 2010-12-30 00:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jBridge
2015-07-18 01:39 - 2010-12-30 00:20 - 00000000 ____D C:\Program Files\JBridge
2015-07-18 01:39 - 2010-12-29 23:58 - 00000000 ____D C:\Users\music\Documents\FXpansion
2015-07-18 01:39 - 2010-12-29 23:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FXpansion
2015-07-18 01:39 - 2010-12-29 23:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antares Audio Technologies
2015-07-18 01:39 - 2010-12-29 21:29 - 00000000 ____D C:\Users\music\Documents\Toontrack
2015-07-18 01:39 - 2010-12-29 21:23 - 00000000 ____D C:\ProgramData\Toontrack
2015-07-18 01:39 - 2010-12-29 00:29 - 00000000 __HDC C:\ProgramData\{FF8E9195-32BC-4C16-AF7B-A1BE466A0B25}
2015-07-18 01:39 - 2010-12-29 00:03 - 00000000 __HDC C:\ProgramData\{8ABB31F1-7D39-4689-BA29-E75D868AB3C8}
2015-07-18 01:39 - 2010-12-28 23:51 - 00000000 __HDC C:\ProgramData\{0B4D9C16-79C4-4275-AE32-0D58B604783C}
2015-07-18 01:39 - 2010-12-28 23:14 - 00000000 __HDC C:\ProgramData\{3342DAE4-E9C8-491C-8DD2-FA5D6CB18DA6}
2015-07-18 01:39 - 2010-12-28 22:46 - 00000000 ____D C:\ProgramData\Temporary
2015-07-18 01:39 - 2010-12-28 22:46 - 00000000 ____D C:\ProgramData\Celemony Software GmbH
2015-07-18 01:39 - 2010-12-28 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Melodyne 3.2
2015-07-18 01:39 - 2010-12-28 22:22 - 00000000 ____D C:\Users\music\Documents\Native Instruments
2015-07-18 01:39 - 2010-12-28 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2015-07-18 01:39 - 2010-12-28 22:19 - 00000000 __HDC C:\ProgramData\{BF329843-149E-4A5A-82A1-0250286442D0}
2015-07-18 01:39 - 2010-12-28 22:18 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2015-07-18 01:39 - 2010-12-28 22:08 - 00000000 ____D C:\MusicLab
2015-07-18 01:39 - 2010-12-28 21:28 - 00000000 ____D C:\ProgramData\Note
2015-07-18 01:39 - 2010-12-28 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicLab
2015-07-18 01:39 - 2010-12-28 19:11 - 00000000 ____D C:\ProgramData\Spectrasonics
2015-07-18 01:39 - 2010-12-28 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steinberg
2015-07-18 01:39 - 2010-12-28 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2015-07-18 01:39 - 2010-12-27 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yellow Tools Independence Pro 2.5
2015-07-18 01:39 - 2010-12-26 23:44 - 00000000 ____D C:\Users\music\Documents\Steinberg
2015-07-18 01:39 - 2010-12-25 23:10 - 00000000 ____D C:\ProgramData\Yellow Tools
2015-07-18 01:39 - 2010-12-25 22:42 - 00000000 ____D C:\ProgramData\TC Electronic
2015-07-18 01:39 - 2010-12-25 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TC Electronic
2015-07-18 01:39 - 2010-12-25 22:39 - 00000000 ____D C:\ProgramData\Universal Audio
2015-07-18 01:39 - 2010-12-25 22:13 - 00000000 ____D C:\Program Files\DIFX
2015-07-18 01:39 - 2010-12-25 22:02 - 00000000 ____D C:\ProgramData\VST3 Presets
2015-07-18 01:39 - 2010-12-25 21:37 - 00000000 ____D C:\Users\music\Documents\VST3 Presets
2015-07-18 01:39 - 2010-12-25 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
2015-07-18 01:39 - 2010-12-25 21:35 - 00000000 ____D C:\ProgramData\eLicenser
2015-07-18 01:39 - 2010-12-25 21:33 - 00000000 ____D C:\ProgramData\Adobe
2015-07-18 01:39 - 2010-12-25 21:31 - 00000000 ____D C:\ProgramData\McAfee
2015-07-18 01:39 - 2010-12-25 21:28 - 00000000 ____D C:\ProgramData\Syncrosoft
2015-07-18 01:39 - 2010-12-25 21:17 - 00000000 ____D C:\ProgramData\Steinberg
2015-07-18 01:39 - 2010-12-25 21:17 - 00000000 ____D C:\Program Files\Steinberg
2015-07-18 01:39 - 2010-12-25 21:17 - 00000000 ____D C:\Program Files\Common Files\Steinberg
2015-07-18 01:39 - 2010-12-25 21:14 - 00000000 ____D C:\ProgramData\Applications
2015-07-18 01:39 - 2010-12-25 11:04 - 00000000 ____D C:\ProgramData\Google
2015-07-18 01:39 - 2010-12-25 11:04 - 00000000 ____D C:\Program Files\Google
2015-07-18 01:39 - 2010-12-25 10:54 - 00000000 ____D C:\ProgramData\Matrox
2015-07-18 01:39 - 2010-12-25 10:53 - 00000000 ____D C:\mgafold
2015-07-18 01:39 - 2010-12-25 10:28 - 00000000 __SHD C:\Recovery
2015-07-18 01:39 - 2009-07-14 13:07 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-18 01:39 - 2009-07-14 13:06 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
2015-07-18 01:39 - 2009-07-14 13:06 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-18 01:39 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-18 01:39 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-07-18 01:39 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-07-18 01:39 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-07-18 01:39 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2015-07-18 01:39 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-07-18 01:39 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\MSBuild
2015-07-18 01:39 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-07-18 01:39 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-07-18 01:39 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-18 01:39 - 2009-07-14 05:20 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-18 01:39 - 2009-07-14 05:20 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-18 01:39 - 2009-07-14 05:20 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-18 01:39 - 2009-07-14 05:20 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-18 01:39 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-18 01:39 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-18 01:39 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Windows NT
2015-07-18 01:39 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-18 01:39 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-07-18 01:39 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Services
2015-07-18 01:39 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-18 00:47 - 2013-06-21 11:07 - 00000000 ____D C:\Users\music\AppData\Roaming\File Scout
2015-07-18 00:14 - 2011-07-31 18:38 - 00000000 ____D C:\Windows\windupdate
2015-07-17 23:02 - 2010-12-25 11:04 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-17 23:02 - 2010-12-25 11:04 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-17 22:53 - 2015-02-14 02:09 - 00954190 _____ C:\Users\music\Desktop\tyros5_en_dl_c0.pdf.zzz
2015-07-17 22:53 - 2012-08-08 00:20 - 00655630 _____ C:\Users\music\Desktop\TYROS4_VoiceList.pdf.zzz
2015-07-17 22:53 - 2011-08-24 20:29 - 00036782 _____ C:\Users\music\Documents\Schatzifoto-MP.doc.zzz
2015-07-17 22:53 - 2011-01-18 16:39 - 01343102 _____ C:\Users\music\Desktop\Marvell9123_Controller_1001036-WHQL.zip.zzz
2015-07-17 22:38 - 2013-03-26 21:33 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-17 22:38 - 2013-03-26 21:33 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-11 00:24 - 2013-08-21 00:56 - 00000320 _____ C:\Windows\wcx_ftp.ini
2015-07-10 22:50 - 2010-12-28 13:48 - 00000000 ____D C:\Users\music\AppData\Roaming\vlc
2015-07-10 10:41 - 2013-08-27 17:18 - 00000132 _____ C:\Users\music\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2015-07-09 23:49 - 2012-08-04 23:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-09 23:47 - 2010-12-25 13:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-09 12:44 - 2015-03-17 18:08 - 00000000 ____D C:\Users\music\AppData\Local\Cheba
2015-06-27 12:13 - 2015-02-11 16:24 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2015-06-27 12:13 - 2013-06-04 14:23 - 00000000 ____D C:\Users\music\AppData\Roaming\DVDVideoSoft
2015-06-27 12:02 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2013-08-20 12:48 - 2013-08-27 22:11 - 0000132 _____ () C:\Users\music\AppData\Roaming\Adobe CS6-GIF-Format - Voreinstellungen
2013-08-27 17:18 - 2015-07-10 10:41 - 0000132 _____ () C:\Users\music\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2010-12-26 14:24 - 2012-12-17 01:33 - 0000383 _____ () C:\Users\music\AppData\Roaming\MOTU CueMix Prefs.prefs
2013-08-22 15:08 - 2013-08-28 00:10 - 0001456 _____ () C:\Users\music\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2015-07-17 22:52 - 2015-07-17 22:52 - 0031744 _____ () C:\Users\music\AppData\Local\hncvavd.dll
2010-12-25 17:46 - 2010-12-25 17:46 - 0000017 _____ () C:\Users\music\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\music\AppData\Local\Temp\AMPing.exe
C:\Users\music\AppData\Local\Temp\FreeYouTubeDownload.exe
C:\Users\music\AppData\Local\Temp\InstallManager_BAB_BAB.exe
C:\Users\music\AppData\Local\Temp\rad0B252.tmp.exe
C:\Users\music\AppData\Local\Temp\ReimagePackage.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-09 17:03

==================== End of log ============================

--- --- ---
FRST Additions Logfile:

Code:

ATTFilter

Additional
FRST Logfile:

	Code: 

 ATTFilter

  
	scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by music at 2015-07-20 13:58:34
Running from J:\
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1233522967-52797685-3324903142-500 - Administrator - Disabled)
Gast (S-1-5-21-1233522967-52797685-3324903142-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1233522967-52797685-3324903142-1002 - Limited - Enabled)
music (S-1-5-21-1233522967-52797685-3324903142-1001 - Administrator - Enabled) => C:\Users\music

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
Adobe Reader X - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Algorithmix reNOVAtor 2.1 (HKLM-x32\...\Algorithmix reNOVAtor 2.1) (Version:  - )
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-1233522967-52797685-3324903142-1001\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Analog Factory 2.5 (HKLM-x32\...\Analog Factory_is1) (Version:  - Arturia)
Antares Autotune Evo VST RTAS v6.0.9 (HKLM-x32\...\Antares Autotune Evo VST RTAS_is1) (Version:  - )
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
ATI Catalyst Install Manager (HKLM\...\{C5970161-E13E-6661-BBDA-A08268313C83}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
AudioEase Altiverb VST RTAS v6.12 (HKLM-x32\...\AudioEase Altiverb VST RTAS_is1) (Version:  - )
Babylon Chrome Toolbar (HKLM-x32\...\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}) (Version: 2.0.0.4 - Babylon Ltd) <==== ATTENTION
Babylon toolbar  (HKLM-x32\...\BabylonToolbar) (Version:  - BabylonToolbar) <==== ATTENTION
BEHRINGER X-UF 1394 Driver v5.25.0.0 (HKLM-x32\...\BEHRINGER X-UF 1394 Driver v5.25.0.0) (Version: 5.25.0.0 - BEHRINGER)
BitGuard (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version:  - MediaTechSoft Inc.) <==== ATTENTION
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CaptureWizPro 4.40 (HKLM-x32\...\CaptureWiz) (Version:  - )
ccc-core-static (x32 Version: 2011.0104.2155.39304 - Ihr Firmenname) Hidden
Drums Overkill (HKLM-x32\...\ Drums Overkill) (Version:  - )
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version:  - Steinberg Media Technologies GmbH)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.96 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology) Hidden
Free YouTube to MP3 Converter version 3.12.59.616 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.616 - DVDVideoSoft Ltd.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Jupiter-8V2 2.0 (HKLM-x32\...\Jupiter-8V2_is1) (Version:  - Arturia)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
KORG Legacy Collection - LegacyCell (HKLM-x32\...\{1EC82637-F2BD-4F2F-B4DE-F38B70D0DDC3}) (Version: 1.2.3 - KORG Inc.)
KORG Legacy Collection - M1 (HKLM-x32\...\{6423EF42-19F9-4FF6-83D7-177B391D96B6}) (Version: 1.6.3 - KORG Inc.)
KORG Legacy Collection - MDE-X (HKLM-x32\...\{E8FD2DF4-CF22-4996-BBF5-FE37D13A420E}) (Version: 1.2.8 - KORG Inc.)
KORG Legacy Collection - MonoPoly (HKLM-x32\...\{9B208107-DCBC-4815-A85D-E7151CFD454C}) (Version: 1.0.3 - KORG Inc.)
KORG Legacy Collection - MS-20 (HKLM-x32\...\{836361D1-D74F-416F-B8B2-DCB7ED89B111}) (Version: 1.2.4 - KORG Inc.)
KORG Legacy Collection - Polysix (HKLM-x32\...\{B7D95B65-E05B-4B05-B669-7A1AC21BAB67}) (Version: 1.2.4 - KORG Inc.)
KORG Legacy Collection - WAVESTATION (HKLM-x32\...\{7F025596-53EC-421A-BB05-742A4D6CC8E3}) (Version: 1.6.5 - KORG Inc.)
Melodyne 3.2 (HKLM-x32\...\{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}) (Version: 3.2.0202 - Celemony Software GmbH)
Melodyne 3.2 (x32 Version: 3.2.0202 - Celemony Software GmbH) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MOTU Hardware (HKLM\...\{A05D2328-5096-4748-981B-493B1D56BBEB}) (Version: 4.0.5.5333 - MOTU)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MusicLab RealGuitar 2.0 (HKLM-x32\...\{1864B4F0-7777-4A57-9930-C2B307597966}) (Version:  - MusicLab, Inc.)
Native Instruments Berlin Concert Grand (HKLM-x32\...\Native Instruments Berlin Concert Grand) (Version:  - Native Instruments)
Native Instruments FM7 VSTi DXI RTAS v1.1.3.4 (HKLM-x32\...\Native Instruments FM7 VSTi DXI RTAS v1.1.3.4) (Version:  - )
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version:  - Native Instruments)
Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS (HKLM-x32\...\Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS) (Version:  - )
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.4.3.307 - Native Instruments)
Native Instruments New York Concert Grand (HKLM-x32\...\Native Instruments New York Concert Grand) (Version:  - Native Instruments)
Native Instruments Scarbee Funk Guitarist (HKLM-x32\...\Native Instruments Scarbee Funk Guitarist) (Version:  - Native Instruments)
Native Instruments Session Guitarist - Strummed Acoustic (HKLM-x32\...\Native Instruments Session Guitarist - Strummed Acoustic) (Version: 1.0.0.8 - Native Instruments)
Native Instruments Upright Piano (HKLM-x32\...\Native Instruments Upright Piano) (Version:  - Native Instruments)
Native Instruments Vienna Concert Grand (HKLM-x32\...\Native Instruments Vienna Concert Grand) (Version:  - Native Instruments)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.6.0840 - PACE Anti-Piracy, Inc.)
PACE License Support Win64 (Version: 2.4.6.0840 - PACE Anti-Piracy, Inc.) Hidden
PCM Native Reverb Bundle (HKLM-x32\...\PCM Native Reverb Bundle) (Version:  - Lexicon)
PCM Native Reverb Bundle (x32 Version: 1.1.3 - Lexicon) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Project SAM Symphobia 1.0 (HKLM-x32\...\{676FAD0D-40C3-4911-93E7-5C70C201ADEA}_is1) (Version:  - )
ProjectSAM Symphobia (HKLM-x32\...\ProjectSAM Symphobia) (Version:  - )
QuickTime (x32 Version: 7.0.4 - Apple Computer, Inc.) Hidden
RealStrat 1.0 (HKLM-x32\...\{58206080-3E1F-4418-8117-D190FC71BF58}) (Version:  - MusicLab)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6037 - Realtek Semiconductor Corp.)
Reimage Protector (HKLM\...\Reimage Protector) (Version:  - Reimage) <==== ATTENTION
Relab LX480 Lite VST v1.0 (HKLM-x32\...\Relab LX480 Lite_is1) (Version:  - )
Sibelius Scorch (all browsers) (HKLM-x32\...\{968ECEB6-5476-4131-B5E0-41D01D621243}) (Version: 6.2.0 - Sibelius Software)
Snap.Do (HKLM-x32\...\{084B3661-F647-4E44-9018-D7DCDF538057}) (Version: 11.7.1.13233 - ReSoft Ltd.) <==== ATTENTION
Sonnox Oxford Inflator Native VST v1.5.1 (HKLM-x32\...\Sonnox Oxford Inflator Native VST_is1) (Version:  - Team AiR 2007)
Sonnox Oxford Limiter Native VST v1.1.1 (HKLM-x32\...\Sonnox Oxford Limiter Native VST_is1) (Version:  - Team AiR 2007)
Sonnox Oxford R3 Dynamics Native VST v1.3.1 (HKLM-x32\...\Sonnox Oxford R3 Dynamics Native VST_is1) (Version:  - Team AiR 2007)
Sonnox Oxford R3 EQ Native VST v1.6.1 (HKLM-x32\...\Sonnox Oxford R3 EQ Native VST_is1) (Version:  - Team AiR 2007)
Sonnox Oxford Reverb Native VST v1.0 (HKLM-x32\...\Sonnox Oxford Reverb Native VST_is1) (Version:  - Team AiR 2007)
Sonnox Oxford TransMod Native VST v1.3.1 (HKLM-x32\...\Sonnox Oxford TransMod Native VST_is1) (Version:  - Team AiR 2007)
Steinberg Cubase 5 64bit (HKLM\...\{8A9065DA-0293-41DA-A349-16E1A2605F64}) (Version: 5.5.2 - Steinberg Media Technologies GmbH)
Steinberg Cubase 6 64bit (HKLM\...\{C6651CD0-4892-4465-96AC-C9864A695FF9}) (Version: 6.5.0 - Steinberg Media Technologies GmbH)
Steinberg Cubase 7 64bit (HKLM\...\{57FB2180-0FC7-41FC-8D76-3C4271CF4422}) (Version: 7.0.5 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg Eucon Adapter 6.5 64bit (HKLM\...\{95D90857-61C2-4927-85FF-A317E46E7351}) (Version: 6.5.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Allen Morgan Signature Drums (HKLM-x32\...\{611A7035-0172-4B9B-8BB6-5046F6867D8A}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content (HKLM-x32\...\{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}) (Version: 1.6.1 - Steinberg Media Technologies GmbH)
Steinberg HALionOne 64bit (HKLM\...\{743C5D75-6BC8-4881-BF7D-E7DF29F155F4}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Additional Content Set 01 (HKLM-x32\...\{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}) (Version: 1.0.0.001 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 2.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content 2 (HKLM-x32\...\{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Padshop 64bit (HKLM\...\{75F15019-C0C2-4047-AA45-97B4BD313719}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg Retrologue 64bit (HKLM\...\{4D65ECE6-131D-4B5F-8470-2750D3161619}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg Virtual Guitarist 2 (HKLM-x32\...\VG2_is1) (Version:  - Steinberg Media Technologies GmbH.)
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg WaveLab 5.01b (HKLM-x32\...\Steinberg WaveLab 5.01b) (Version:  - )
Superior Drummer 64 bit (HKLM\...\{22029AEE-38DF-4E35-AEF4-FE8CA3F6667F}) (Version: 2.2.2 - Toontrack)
TC Electronic PowerCore (HKLM\...\{29E65F87-3B96-4F74-84E8-6088411A85C3}) (Version: 4.0.3 - TC Electronic)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version:  - )
UAD drivers. This may take a while... (x32 Version: 7.0.1.3150 - Universal Audio, Inc.) Hidden
UAD Powered Plug-Ins (HKLM-x32\...\{80aeccba-72ec-4f2f-aa34-09c1cc72e3fb}) (Version: 7.0.1.3150 - Universal Audio, Inc.)
UAD Powered Plug-Ins (Version: 7.0.1.3150 - Universal Audio, Inc.) Hidden
UAD Powered Plug-Ins (x32 Version: 7.0.1.3150 - Universal Audio, Inc.) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player 1.1.5 (HKLM-x32\...\VLC media player) (Version: 1.1.5 - VideoLAN)
WaveLab 6 (HKLM-x32\...\WaveLabPro) (Version: 6.1.1.353 - Steinberg)
Windows Driver Package - Universal Audio Inc. (UAD2Pcie) UAD2DSP  (03/29/2012 6.01.0097) (HKLM\...\7BE5DD05AFC7EA233501CC85DB3E9E78F8E95311) (Version: 03/29/2012 6.01.0097 - Universal Audio Inc.)
Windows Driver Package - Universal Audio Inc. (UAD2Pcie) UAD2DSP  (08/31/2011 6.00.0060) (HKLM\...\96BD8EA013D8CF2FE3D65289F918D489EE937CC3) (Version: 08/31/2011 6.00.0060 - Universal Audio Inc.)
Windows Driver Package - Universal Audio Inc. (UAD2Pcie) UAD2DSP  (09/14/2012 6.03.0420) (HKLM\...\9E577FF8CA73CD32BD55D49A8B4AAD74F2693610) (Version: 09/14/2012 6.03.0420 - Universal Audio Inc.)
Windows Driver Package - Universal Audio Inc. (UAD2Pcie) UAD2DSP  (11/30/2010 ) (HKLM\...\D6464B370822574865708071F3E87D186FAC7BA4) (Version: 11/30/2010  - Universal Audio Inc.)
Windows Driver Package - Universal Audio Inc. (UAD2System) UAD2DSP  (03/29/2012 6.01.0097) (HKLM\...\157A0C000E37CBCABDDE054F327E7E179DF71430) (Version: 03/29/2012 6.01.0097 - Universal Audio Inc.)
Windows Driver Package - Universal Audio Inc. (UAD2System) UAD2DSP  (08/31/2011 6.00.0060) (HKLM\...\E1F7D5F4285378EAAEA84607BE85FF3E4544FB51) (Version: 08/31/2011 6.00.0060 - Universal Audio Inc.)
Windows Driver Package - Universal Audio Inc. (UAD2System) UAD2DSP  (09/14/2012 6.03.0420) (HKLM\...\21831831B795B28D5F20754E5039CAE1AA97A986) (Version: 09/14/2012 6.03.0420 - Universal Audio Inc.)
Windows Driver Package - Universal Audio Inc. (UAD2System) UAD2DSP  (11/30/2010 ) (HKLM\...\072DA3D1AC97714EA927A1A5770099D1AB131FD5) (Version: 11/30/2010  - Universal Audio Inc.)
Windows-Treiberpaket - TC Electronic (Powercore) PowerCore  (07/15/2010 4.0.3.212) (HKLM\...\B1B2DEDFEEB4ADFB886FCD6F5136418080E0C1DD) (Version: 07/15/2010 4.0.3.212 - TC Electronic)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Wizoo WizooVerb W2  VST RTAS v1.0 (HKLM-x32\...\Wizoo WizooVerb W2  VST RTAS v1.0) (Version:  - )
yellow tools Independence Pro 2.5.4 Software Suite 64bit (HKLM-x32\...\yellow tools Independence Pro 2.5.4 Software Suite 64bit) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2013-03-26 20:05 - 00001068 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 validation.sls.microsoft.com
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {064A27D0-B573-4789-AABC-4D01BA2C5A3C} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {0927BA5D-196C-411C-A960-FDAAD30D9A8F} - System32\Tasks\{82B2306D-2A1F-4D0C-8A7C-CE8D2CD92401} => C:\Program Files (x86)\WIBUKEY\H2O\CXWibu.exe
Task: {0CDED09A-2508-42CB-81F2-24D4787DD0D7} - System32\Tasks\{8B52E8B6-4C87-42BD-A939-BB66D330C346} => pcalua.exe -a C:\PROGRA~2\ALGORI~1\RENOVA~1\UNINST~1\UNWISE.EXE -c C:\PROGRA~2\ALGORI~1\RENOVA~1\UNINST~1\INSTALL.LOG
Task: {108A823F-A2A4-459F-BDB9-5909B14C0DFF} - System32\Tasks\{9A8054E8-1208-4B1E-BFBF-A3403D861401} => C:\Program Files (x86)\WIBUKEY\H2O\CXWibu.exe
Task: {168E3026-17D1-4BD7-B062-55DB3A1D89C0} - System32\Tasks\{6E4C1D87-56FE-45FF-9582-82467E71DFA3} => C:\Program Files (x86)\WIBUKEY\H2O\CXWibu.exe
Task: {1C5F8777-0701-4146-8E6E-DA9C3812871E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
Task: {27BFE4B2-410B-44BF-9EFE-AEBBCFF6FF2D} - System32\Tasks\{39677664-DF21-4EEF-82A7-268BF5FD88A6} => C:\Program Files (x86)\WIBUKEY\H2O\CXWibu.exe
Task: {29D0525E-CE61-4DDA-BB83-B8605CBC0709} - \{1CCA2959-6B0F-41DB-8335-5EEDA39D2AD8} No Task File <==== ATTENTION
Task: {2F0A6A2C-F81F-495F-A1D7-14FC9388C485} - System32\Tasks\{9B15D7EF-9D07-44EF-82E6-D8F700EEDA92} => C:\Program Files (x86)\WIBUKEY\Server\WkSvW32.exe
Task: {366FF6C4-1581-40D4-87E3-B449DCD1C446} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2008-06-27] ()
Task: {400690FD-ABC7-4678-A132-E6A062AF3BA3} - System32\Tasks\{71096E69-2744-4BCA-A740-C4E2FAC27C2E} => C:\Program Files (x86)\WIBUKEY\H2O\CXWibu.exe
Task: {57671A8E-4221-4AEB-A8D3-C78ACADCE938} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: {5A727EA1-6CCD-48BE-B3B2-142A0165E04D} - System32\Tasks\{A294ED79-2269-4E18-9FBE-F77D8636D915} => C:\Program Files (x86)\WIBUKEY\Bin\WkSvMon.exe
Task: {5AF9843E-434A-42E9-A2D6-DA9685FACF82} - System32\Tasks\{B7AFD50B-0C3E-4901-98E1-1F6220ECB17C} => C:\Program Files (x86)\WIBUKEY\Server\WkSvW32.exe
Task: {5E55A4A4-0D3D-441E-A171-99511B1889A5} - \{18E30B17-F25B-4681-8693-1EAC0599BFA6} No Task File <==== ATTENTION
Task: {659A486A-DD0E-4D78-A180-CB38AEADABA3} - System32\Tasks\{5E82FA28-656C-43D7-9A67-8C76F6520CB4} => pcalua.exe -a "C:\Downloads\Independence Pro 2.5.4 Software Suite WIN64\Independence Pro 2.5.4 Software Suite WIN64\Independence Pro 2.5.4 Software Suite 64 E-License.exe" -d "C:\Downloads\Independence Pro 2.5.4 Software Suite WIN64\Independence Pro 2.5.4 Software Suite WIN64"
Task: {66513E3B-F00E-45E8-AB47-54188D9E371F} - System32\Tasks\AdobeAAMUpdater-1.0-music-PC-music => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {6690F8F6-44B6-4233-96D2-F6E09539931A} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {7B7B0A01-E993-4300-85F9-E72478574EE0} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {8C4CC8A8-3214-40B6-B2FD-8C3652EFA32A} - System32\Tasks\EPUpdater => C:\Users\music\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ATTENTION
Task: {9CF4F08E-A4B9-4A59-A47F-8C08DFC6071E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {B3604A04-C564-431A-9DCD-215DD4C0E2AE} - System32\Tasks\{CBB18BC3-335E-4F01-AB66-BE84C133F852} => C:\Program Files (x86)\WIBUKEY\H2O\CXWibu.exe
Task: {C2AA6542-8AD3-415C-9DEF-0D2667DD64E9} - System32\Tasks\{852F0F33-2D7F-4BE5-A382-E6C52BE79343} => C:\Program Files (x86)\WIBUKEY\Server\WkSvW32.exe
Task: {CD018AF0-6600-4D45-996D-6AEFC518A32D} - System32\Tasks\{DEB2302F-AF06-45DF-A021-1D004AB41A77} => C:\Program Files (x86)\Algorithmix\reNOVAtor\AlgoEdit.exe
Task: {DFAEAFA0-6C7F-4D86-8D42-2D48F4A0BBAB} - System32\Tasks\DOTHMOI => Rundll32.exe "C:\Windows\SysWOW64\dbghelpj.dll",RZYOHI
Task: {E2CB60BD-5AF9-468E-ABD7-CC7B8904BF58} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
Task: {E5708C94-D6D1-4DC0-89AC-3E4A9C1F44F3} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-05-19] (Reimage®) <==== ATTENTION
Task: {EA70F64A-15F2-4C70-AA9F-454FEF6D1EF8} - System32\Tasks\{36A945B1-3F00-4B84-A5CA-6B7259438506} => C:\Program Files (x86)\Algorithmix\reNOVAtor\AlgoEdit.exe
Task: {FD61F38B-9F6D-4843-80C7-FDEE09E0CBB2} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DOTHMOI.job => C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\dbghelpj.dll
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-19 12:46 - 2015-05-19 12:46 - 06759912 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
2013-09-02 19:04 - 2013-09-02 19:04 - 03233806 _____ () C:\Program Files (x86)\Tor\tor.exe
2013-05-14 13:47 - 2012-06-28 10:49 - 00606528 _____ () C:\Program Files\behringer\behringer_XUF_1394_driver\X-UF 1394 Control Panel.exe
2012-09-06 19:23 - 2012-09-06 19:23 - 01457552 _____ () C:\Program Files (x86)\MOTU\Audio\MFWAKeys.exe
2011-01-04 22:54 - 2011-01-04 22:54 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00034848 _____ () C:\Users\music\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00056864 _____ () C:\Users\music\AppData\Local\Smartbar\Application\srau.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00150560 _____ () C:\Users\music\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00112672 _____ () C:\Users\music\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 01981472 _____ () C:\Users\music\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00055840 _____ () C:\Users\music\AppData\Local\Smartbar\Application\spbl.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00013344 _____ () C:\Users\music\AppData\Local\Smartbar\Application\siem.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00049184 _____ () C:\Users\music\AppData\Local\Smartbar\Application\sppsm.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00728096 _____ () C:\Users\music\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00082464 _____ () C:\Users\music\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00014368 _____ () C:\Users\music\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00017440 _____ () C:\Users\music\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00031264 _____ () C:\Users\music\AppData\Local\Smartbar\Application\srut.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00020512 _____ () C:\Users\music\AppData\Local\Smartbar\Application\srsbs.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00057888 _____ () C:\Users\music\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00014368 _____ () C:\Users\music\AppData\Local\Smartbar\Application\sgml.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00053280 _____ () C:\Users\music\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00014880 _____ () C:\Users\music\AppData\Local\Smartbar\Application\srpdm.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00048160 _____ () C:\Users\music\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00026144 _____ () C:\Users\music\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00025632 _____ () C:\Users\music\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2013-10-31 16:17 - 2013-10-31 16:17 - 00193056 _____ () C:\Users\music\AppData\Local\Smartbar\Application\sgmu.dll
2013-10-31 16:16 - 2013-10-31 16:16 - 00068640 _____ () C:\Users\music\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
2013-10-31 17:26 - 2013-10-31 17:26 - 00248864 _____ () C:\Users\music\AppData\Local\Smartbar\Application\srns.dll
2015-03-04 16:30 - 2015-07-08 19:07 - 00071680 _____ () C:\Users\music\AppData\Local\Cheba\Cheba.Utils.dll
2015-03-04 16:30 - 2015-07-08 19:07 - 00099840 _____ () C:\Users\music\AppData\Local\Cheba\Cheba.TrayIcons.dll
2015-07-17 22:52 - 2015-07-17 22:52 - 00031744 _____ () C:\Users\music\AppData\Local\hncvavd.dll
2011-09-05 19:05 - 2011-09-05 19:05 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu
2013-06-03 07:07 - 2013-06-03 07:07 - 00215040 _____ () C:\Windows\system32\UAD2DriverClient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Microsoft:2s4JgcHauHBTgzqa4HQR6Op
AlternateDataStreams: C:\ProgramData\Microsoft:nPhsi5ct2sS3D3RKsOaNI9d
AlternateDataStreams: C:\Users\music\AppData\Local\Temp:1sjuQBilkRqPxSwMYLKyoZ0y

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1233522967-52797685-3324903142-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{CF617EA5-E470-45E0-B7A5-27DEEA306D3C}C:\users\music\appdata\local\temp\rarsfx0\bie_kms.exe] => (Allow) C:\users\music\appdata\local\temp\rarsfx0\bie_kms.exe
FirewallRules: [UDP Query User{4E7EB146-0CA9-4BF4-A7C6-AB8A50A20861}C:\users\music\appdata\local\temp\rarsfx0\bie_kms.exe] => (Allow) C:\users\music\appdata\local\temp\rarsfx0\bie_kms.exe
FirewallRules: [TCP Query User{66C4FD44-7D03-4483-98EA-CD98394D9C49}C:\program files\steinberg\cubase 5\cubase5.exe] => (Allow) C:\program files\steinberg\cubase 5\cubase5.exe
FirewallRules: [UDP Query User{5BD5E1B0-9898-4DBC-B967-E937267D3E44}C:\program files\steinberg\cubase 5\cubase5.exe] => (Allow) C:\program files\steinberg\cubase 5\cubase5.exe
FirewallRules: [TCP Query User{C1A56498-E089-47A8-A1D5-D9EB8931F42A}C:\program files\steinberg\cubase 5\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase 5\components\vstbridgeapp.exe
FirewallRules: [UDP Query User{E01288FA-F87A-426C-81E5-1C61328594EC}C:\program files\steinberg\cubase 5\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase 5\components\vstbridgeapp.exe
FirewallRules: [TCP Query User{01FCCD93-BCEA-41A3-86D5-590DF04C092B}C:\program files\steinberg\cubase 5\cubase5.exe] => (Allow) C:\program files\steinberg\cubase 5\cubase5.exe
FirewallRules: [UDP Query User{6787A6F9-C345-43A0-A76A-D75941861485}C:\program files\steinberg\cubase 5\cubase5.exe] => (Allow) C:\program files\steinberg\cubase 5\cubase5.exe
FirewallRules: [TCP Query User{5A4D47FA-68CF-44FE-91C3-96E80FB6CCF4}C:\program files\steinberg\cubase 5\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase 5\components\vstbridgeapp.exe
FirewallRules: [UDP Query User{BAB0727F-3985-494F-BB10-2F163D8819AE}C:\program files\steinberg\cubase 5\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase 5\components\vstbridgeapp.exe
FirewallRules: [TCP Query User{246A6A26-E836-4662-98EA-B974EAF4D014}C:\windows 7 loader extreme edition\w7lxe.exe] => (Allow) C:\windows 7 loader extreme edition\w7lxe.exe
FirewallRules: [UDP Query User{7E74BDA0-7E18-4E46-A653-63B0F1813B3C}C:\windows 7 loader extreme edition\w7lxe.exe] => (Allow) C:\windows 7 loader extreme edition\w7lxe.exe
FirewallRules: [TCP Query User{E2EBCD30-5293-4289-A5DF-C8A2E6355066}C:\users\music\appdata\local\temp\kmsemul.exe] => (Allow) C:\users\music\appdata\local\temp\kmsemul.exe
FirewallRules: [UDP Query User{70F9172E-06B6-45DE-A7CF-5C61A1E22E63}C:\users\music\appdata\local\temp\kmsemul.exe] => (Allow) C:\users\music\appdata\local\temp\kmsemul.exe
FirewallRules: [TCP Query User{917C0789-ED96-42C7-AD39-8637D5E2E229}C:\___für reaktivierung\windows 7 loader extreme edition\w7lxe.exe] => (Allow) C:\___für reaktivierung\windows 7 loader extreme edition\w7lxe.exe
FirewallRules: [UDP Query User{0EDB655D-408D-48D6-8D97-C4C2D2B85C4A}C:\___für reaktivierung\windows 7 loader extreme edition\w7lxe.exe] => (Allow) C:\___für reaktivierung\windows 7 loader extreme edition\w7lxe.exe
FirewallRules: [{06ABE4E1-45D6-4699-8604-B29C0BED6EEE}] => (Allow) C:\Program Files (x86)\WIBUKEY\Server\WkSvW32.exe
FirewallRules: [{3FBD1228-7BCC-4147-95D0-F81515065A12}] => (Allow) C:\Program Files (x86)\WIBUKEY\Server\WkSvW32.exe
FirewallRules: [TCP Query User{3309AEB0-864A-4C57-934E-CCDA9792D6B5}C:\users\music\jdownloader\jre\bin\javaw.exe] => (Allow) C:\users\music\jdownloader\jre\bin\javaw.exe
FirewallRules: [UDP Query User{3E88A128-E485-4AD2-9C49-CAF401E454B3}C:\users\music\jdownloader\jre\bin\javaw.exe] => (Allow) C:\users\music\jdownloader\jre\bin\javaw.exe
FirewallRules: [TCP Query User{328C6D18-1CD7-4452-9169-255C14A8AD36}C:\program files\steinberg\cubase 6\cubase6.exe] => (Allow) C:\program files\steinberg\cubase 6\cubase6.exe
FirewallRules: [UDP Query User{3FC25724-201E-464F-BAA9-FF15B12E6DFC}C:\program files\steinberg\cubase 6\cubase6.exe] => (Allow) C:\program files\steinberg\cubase 6\cubase6.exe
FirewallRules: [TCP Query User{2C3F59AD-DFE7-4C68-8706-ABA4D795BFBA}C:\program files\steinberg\cubase 6\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase 6\components\vstbridgeapp.exe
FirewallRules: [UDP Query User{13793883-378B-4625-8314-96C64EC08C41}C:\program files\steinberg\cubase 6\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase 6\components\vstbridgeapp.exe
FirewallRules: [TCP Query User{C14DEBCD-F8EB-463E-AF56-B6A1CE0FD47C}C:\program files (x86)\motu\audio\cuemix fx.exe] => (Allow) C:\program files (x86)\motu\audio\cuemix fx.exe
FirewallRules: [UDP Query User{155F03E2-1EDB-40A4-B1FE-AE0A91AA18B8}C:\program files (x86)\motu\audio\cuemix fx.exe] => (Allow) C:\program files (x86)\motu\audio\cuemix fx.exe
FirewallRules: [TCP Query User{EAA4031A-50E6-473D-9DA5-8E7233A04896}C:\program files\steinberg\cubase 7\cubase7.exe] => (Allow) C:\program files\steinberg\cubase 7\cubase7.exe
FirewallRules: [UDP Query User{2D04A5F3-9D29-4A76-B5B4-D8F8C827249B}C:\program files\steinberg\cubase 7\cubase7.exe] => (Allow) C:\program files\steinberg\cubase 7\cubase7.exe
FirewallRules: [TCP Query User{893A08D3-FA2B-4294-B600-B058308C7C43}C:\program files\steinberg\cubase 7\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase 7\components\vstbridgeapp.exe
FirewallRules: [UDP Query User{28405579-1BC3-4E90-9230-4339582B881E}C:\program files\steinberg\cubase 7\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase 7\components\vstbridgeapp.exe
FirewallRules: [{4F700BCA-F553-426B-B4B4-68CD7D8498F8}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{ADA562D9-32AC-429C-847C-5F3410DA9610}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{FB691C49-C362-4127-932F-C0CB0E2D4A08}] => (Allow) LPort=7935
FirewallRules: [TCP Query User{C2D19E1C-676C-424F-BF09-6928F9795100}C:\program files\steinberg\cubase 7\cubase7.exe] => (Allow) C:\program files\steinberg\cubase 7\cubase7.exe
FirewallRules: [UDP Query User{06F3A61E-F898-45A9-AC3B-8E51C9FF3CBA}C:\program files\steinberg\cubase 7\cubase7.exe] => (Allow) C:\program files\steinberg\cubase 7\cubase7.exe
FirewallRules: [TCP Query User{2414EA19-FB29-429C-BE9D-B02F9CC92840}C:\program files\steinberg\cubase 7\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase 7\components\vstbridgeapp.exe
FirewallRules: [UDP Query User{52E70E4F-256B-4C31-AB2E-A5FD16842A36}C:\program files\steinberg\cubase 7\components\vstbridgeapp.exe] => (Allow) C:\program files\steinberg\cubase 7\components\vstbridgeapp.exe
FirewallRules: [TCP Query User{9E52FCED-3286-4A62-833E-FF7FAC0A2713}C:\program files (x86)\motu\audio\cuemix fx.exe] => (Allow) C:\program files (x86)\motu\audio\cuemix fx.exe
FirewallRules: [UDP Query User{7D2C0C87-C28D-4EC2-852A-3CF4045725EF}C:\program files (x86)\motu\audio\cuemix fx.exe] => (Allow) C:\program files (x86)\motu\audio\cuemix fx.exe
FirewallRules: [TCP Query User{F6F054E3-D5C4-4B38-BC75-D5889E4CA9E3}C:\users\music\jdownloader\jre\bin\javaw.exe] => (Block) C:\users\music\jdownloader\jre\bin\javaw.exe
FirewallRules: [UDP Query User{0DDC43ED-963E-4016-89AF-82F9BF0F8B94}C:\users\music\jdownloader\jre\bin\javaw.exe] => (Block) C:\users\music\jdownloader\jre\bin\javaw.exe
FirewallRules: [{58D84FB9-BDC7-40B0-BA33-3033BA7F9B8F}] => (Allow) C:\Program Files\Steinberg\Cubase 7\Cubase7.exe
FirewallRules: [{316D4609-0F23-4EDA-B462-06121FA1E218}] => (Allow) LPort=51113
FirewallRules: [{C69C2E0C-3354-4044-B467-29B7BB7F0D35}] => (Allow) LPort=51112
FirewallRules: [{0B72DBBF-5933-4878-8EA6-7C6B9C70A64D}] => (Allow) LPort=51111
FirewallRules: [TCP Query User{8E34B121-9857-4F2E-BF20-5546279FD26A}C:\users\music\appdata\local\temp\kmsemul.exe] => (Block) C:\users\music\appdata\local\temp\kmsemul.exe
FirewallRules: [UDP Query User{67A7C2DB-EF02-433D-931B-287A435AD648}C:\users\music\appdata\local\temp\kmsemul.exe] => (Block) C:\users\music\appdata\local\temp\kmsemul.exe
FirewallRules: [TCP Query User{AD59F422-D856-403F-B7BD-566135C2D447}C:\program files (x86)\totalcmd\totalcmd.exe] => (Allow) C:\program files (x86)\totalcmd\totalcmd.exe
FirewallRules: [UDP Query User{07C12D90-E6F9-4B53-9AA0-02AD9EFFF353}C:\program files (x86)\totalcmd\totalcmd.exe] => (Allow) C:\program files (x86)\totalcmd\totalcmd.exe
FirewallRules: [TCP Query User{4CF31BA2-AD17-44C1-8B8D-3FC2F8A1DBF5}C:\program files (x86)\marvell\raid\apache2\bin\httpd.exe] => (Block) C:\program files (x86)\marvell\raid\apache2\bin\httpd.exe
FirewallRules: [UDP Query User{0FEE4F60-9CEF-4D79-BB2B-B0F287CE5FDA}C:\program files (x86)\marvell\raid\apache2\bin\httpd.exe] => (Block) C:\program files (x86)\marvell\raid\apache2\bin\httpd.exe
FirewallRules: [{12F33B6D-916A-4F6D-B6C5-2550036B585C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{865BC376-CC73-4DAA-B734-5215B51CAA36}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{665D2745-992D-4CF3-9453-778ED2333520}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{42023802-CF98-4497-BFC9-CEE3B848FF5B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{726B7F9A-EAD3-47A9-B11C-622474DCE965}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7F31A5EE-F73E-488D-BE47-A355AD96C069}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C52A2F16-4CAC-48BD-9B47-97BC00904BB1}] => (Allow) LPort=2869
FirewallRules: [{EA74DF00-939E-4089-8767-120FD54108DE}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{E88768AA-4AFC-4267-8E97-6CE6C8423FF5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{A273CE50-89EA-4A91-8C60-9981541C1396}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{3B01B26E-A686-43F5-A52B-D8745D1B4020}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{F8934A14-BA54-4951-A6D4-F73D208E7359}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [TCP Query User{BCD24CE3-B7D4-4635-BBE4-29A111C09531}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{A1D28985-4874-4011-AD7B-E61A49E53007}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe

==================== Faulty Device Manager Devices =============

Name: High Definition Audio-Controller
Description: High Definition Audio-Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Intel(R) Core(TM) i7 CPU         950  @ 3.07GHz
Description: Intel-Prozessor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Intel(R) Core(TM) i7 CPU         950  @ 3.07GHz
Description: Intel-Prozessor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Intel(R) Core(TM) i7 CPU         950  @ 3.07GHz
Description: Intel-Prozessor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: High Definition Audio-Controller
Description: High Definition Audio-Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Intel(R) Core(TM) i7 CPU         950  @ 3.07GHz
Description: Intel-Prozessor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Intel(R) Core(TM) i7 CPU         950  @ 3.07GHz
Description: Intel-Prozessor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Intel(R) Core(TM) i7 CPU         950  @ 3.07GHz
Description: Intel-Prozessor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Intel(R) Core(TM) i7 CPU         950  @ 3.07GHz
Description: Intel-Prozessor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.

Name: Intel(R) Core(TM) i7 CPU         950  @ 3.07GHz
Description: Intel-Prozessor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2015 01:56:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/19/2015 02:56:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/19/2015 02:51:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/19/2015 12:50:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/19/2015 12:37:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/18/2015 01:58:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/18/2015 01:49:29 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/18/2015 10:47:34 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/18/2015 10:45:02 AM) (Source: Winlogon) (EventID: 4004) (User: )
Description: Fehler beim Beenden der Prozesse des aktuell angemeldeten Benutzers durch den Windows-Anmeldeprozess.

Error: (07/18/2015 10:06:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (07/18/2015 02:00:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: 
%%-2147467243

Error: (07/18/2015 01:43:59 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/18/2015 01:31:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/18/2015 01:28:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/18/2015 01:28:29 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (07/18/2015 01:28:29 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (07/18/2015 01:26:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/18/2015 01:26:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/18/2015 01:26:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (07/18/2015 01:26:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office:
=========================
Error: (06/11/2013 01:24:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3785 seconds with 1380 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2012-10-02 23:27:52.059
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\WIBUKEY\H2O\cxwibu.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-02 23:27:52.043
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\WIBUKEY\H2O\cxwibu.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-02 23:27:24.728
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\WIBUKEY\H2O\cxwibu.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-02 23:27:24.712
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\WIBUKEY\H2O\cxwibu.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-02 23:27:00.111
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\WIBUKEY\H2O\cxwibu.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-02 23:27:00.111
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\WIBUKEY\H2O\cxwibu.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-02 23:26:50.376
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\WIBUKEY\H2O\cxwibu.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-02 23:26:50.376
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\WIBUKEY\H2O\cxwibu.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-02 23:26:06.586
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\WIBUKEY\H2O\cxwibu.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-10-02 23:26:06.586
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\WIBUKEY\H2O\cxwibu.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 9%
Total physical RAM: 24567.11 MB
Available physical RAM: 22162.35 MB
Total Virtual: 49132.37 MB
Available Virtual: 46280.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:19.85 GB) NTFS
Drive e: (77_500GB) (Fixed) (Total:465.76 GB) (Free:271.76 GB) NTFS
Drive f: (81_500GB_Mi) (Fixed) (Total:465.76 GB) (Free:226.1 GB) NTFS
Drive g: (79_500GB_Wa) (Fixed) (Total:465.76 GB) (Free:102.38 GB) NTFS
Drive h: (Raid) (Fixed) (Total:2047.97 GB) (Free:463.05 GB) NTFS
Drive j: () (Removable) (Total:3.97 GB) (Free:3.95 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 205B238A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: B9CB4EE9)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 3E944F45)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 14D98229)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 2048 GB) (Disk ID: 998C85B2)
Partition 1: (Not Active) - (Size=2048 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 4 GB) (Disk ID: D75033F5)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End of log ============================
         
 --- --- ---

--- --- ---

schrauber · 21.07.2015, 06:54

Der Rechner ist immer noch total verseucht. Fraglich ob sich die Dateien entschlüsseln lassen.
Ich hab das mal weitergeleitet, ich melde mich wieder.

music-lover · 21.07.2015, 10:07

Danke nochmals für Deine Mühe.
Wir kennen uns nicht und trotzdem nimmst Du Dir die Zeit -> DANKESCHÖN!

Wie schon erwähnt, habe ich die FP C: u. D: gewechselt und danach die Sicherungen eingespielt. Damit habe ich noch die beiden verseuchten Platten zur Analyse und hoffentlich zum Wiederherstellen zur Verfügung.
Vor allem die nicht mehr lesbaren Dateien auf D: (jpg, xls, docx) bereiten mir Kopfschmerzen. C: ist mir eigentlich nicht so wichtig.
Leider konnte ich mit FRST meine D: Platte nicht scannen.
Ich glaube das Tool funktioniert nur immer auf der Systemplatte.

Viele liebe Grüße,
Oliver

schrauber · 22.07.2015, 06:38

Ja das scannt nur Systemplatte. Also ist der Scan jetzt von der alten Platte? Rechner ansich hat frische Platten und frische Daten, also kein Handlungsbedarf in Sachen Malwareentfernung?

music-lover · 22.07.2015, 09:22

Hallo!
JA der Scan ist natürlich von der alten Platte!
Kein Handlungsbedarf in Sachen Malwareentfernung.
Aber sehr großer Handlungsbedarf in unprodected meiner Files von der D: Platte.
wo ich auch zwei protected Files als Bsp. 'upgeloaded' habe.
Wäre sehr schlimm, wenn es dazu keine Lösung geben würde.
DANKESCHÖN!
Oliver

schrauber · 22.07.2015, 10:10

Sieht schlecht aus, aber ist in Arbeit. Das ist übringens kein Cryptowall, sondern die neueste Version von Teslacrypt. Du kannst auf eigene Gefahr den alten Decoder, für die alten Versionen, versuchen. Aber im schlimmsten Fall kann der das nicht und löscht gleichzeitig noch die Key-Dateien auf dem Rechner, dann geht gar nix mehr.

music-lover · 23.07.2015, 08:58

Na toll!
Gleich den 'Schlimmsten' erwischt....!

Ich glaube die Key Dateien sind schon weg.
ICh habe schon versucht mit verschiedenen Recover Tools diese Datein zu finden.
Keine Chance. Ich weiß nicht wohin die verschwunden sind.
Ich habe nie auf die FP geschrieben sondern nur gelesen.
Aber die Key Daten, die für jede Datei angelegt wurden, habe ich in meiner Not mit shift Del gelöscht. Schon einen Tag später wollte ich die gelöschten Daten wieder recovern. Bisher keinen Erfolg, obwohl ich nie, wie schon erwähnt, auf die FP geschrieben habe.

Jedenfalls DANKE für Deine Hilfe!

schrauber · 23.07.2015, 12:15

TeslaDecoder released to decrypt .EXX, .EZZ, .ECC files encrypted by TeslaCrypt - Page 8 - News

Lies mal dieses Thema, den dortigen Decoder kannste versuchen, ist aber für die alte Version.

All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 3.0. -> *.xxx

Log-Analyse und Auswertung: All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 3.0. -> *.xxx