Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cryptolocker Infection


  • This topic is locked This topic is locked
16 replies to this topic

#1 Martin_E

Martin_E

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 07 June 2015 - 05:27 AM

I need help!

 

A couple of days ago, I noticed, that I can´t open my files suddenly (pdf, doc, xls, jpg, psd, etc.). I saw then, that I have a red desktop background where it said, that my files are encrypted by cryptolocker.

In panic I unfortunately ran instantly antimalware programs to clean my pc (and stupid I am, I didn t make a screenshot or noted the bitcoins adress before).

 

I also have only one windows recovery backup of my files, which seems also already infected (when I recovery my files, they are also not possible to open).

 

I already read a lot of forum posts about this and tried several things on my own, but nothing worked.

 

- If I want to run this program https://easysyncbackup.com/Downloads/LockerUnlocker.exe  and click on brute btc, it crahes.

- on this site it says that my files are not infected by cryptolocker, so I m not sure if I have cryptolocker or some other locker, which just says it´s cryptolocker.

 

I have really no idea any more, what I could do, so I m begging for help. All my encrypted data is very important for my work :-(

 

THX a lot in advance!



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 PM

Posted 12 June 2015 - 05:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/578685 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:11 PM

Posted 13 June 2015 - 09:04 PM

Greetings Martin_E and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Martin_E

Martin_E
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 15 June 2015 - 03:46 PM

Hi Gary,

Thank you very much, that you will try to help me and I´m sorry of my delayed answer. I was abroad over the weekend and was not able to reply.
I definitely still need help (though I m a little bit hopeless already because of my data loss).
 
I will describe my infection as accurate as possible and try to follow your instructions.
 
- All my files have still the same names and file ending and as far I can judge also the same size like before. They just are not possible to open.
- In the attachment I put an image, how my warning on the desktop looked like (may this could lead you to the specific locker version)
- I previously already tried out some stuff, I read on blogs and forums, but nothing worked out:
   - https://easysyncbackup.com/Downloads/LockerUnlocker.exe
   - https://www.decryptcryptolocker.com/
 
I tried to do what you wrote me using this farbar scanner, but there I don t have an "Addition.txt checkbox". So I also only got one file after scanning, which is called: FSS.txt
 
I also did the msinfo32, which is in the attachment
 
I will promise to reply on your following instructions as fast as I can!
THX a lot in advance !
 
FSS Log:
Farbar Service Scanner Version: 17-01-2015
Ran by martini (administrator) on 14-06-2015 at 14:52:15
Running from "C:\Users\martini\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

Attached File  summary.zip   125.44KB   2 downloads

Attached File  crypto1.png   909.86KB   0 downloads



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:11 PM

Posted 15 June 2015 - 03:53 PM

Greetings,

No problem with the delay. It looks like you downloaded the wrong program. If you click here you should get Farbar Recovery Scan Toool (FRST.exe). You should then get 2 logs.

 

Thanks for the screen shot, it doesn't really help us much.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Martin_E

Martin_E
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 15 June 2015 - 04:39 PM

Ah, ok.

 

here are the right Logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by martini (administrator) on MARTINI-PC on 15-06-2015 23:37:10
Running from C:\Users\martini\Desktop
Loaded Profiles: martini (Available Profiles: martini)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee Inc.) C:\Program Files\McAfee\Raptor\Raptor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Dropbox, Inc.) C:\Users\martini\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Autodesk Inc.) C:\Users\martini\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
(Farbar) C:\Users\martini\Desktop\FSS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-04-15] (Power Software Ltd)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM\...\RunOnce: [Raptor] => C:\Program Files\McAfee\Raptor\Raptor.exe [1834864 2015-06-01] (McAfee Inc.)
HKU\S-1-5-21-3161130626-3097758383-3059665921-1000\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3161130626-3097758383-3059665921-1000\...\Run: [uTorrent] => C:\Users\martini\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-18] (BitTorrent Inc.)
HKU\S-1-5-21-3161130626-3097758383-3059665921-1000\...\Run: [wincl] => C:\Users\martini\AppData\Roaming\WinTds\wintds.exe
HKU\S-1-5-21-3161130626-3097758383-3059665921-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_134_Plugin.exe [962224 2015-03-16] (Adobe Systems Incorporated)
HKU\S-1-5-21-3161130626-3097758383-3059665921-1000\...\MountPoints2: F - F:\setup.exe
Startup: C:\Users\martini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-07-28]
ShortcutTarget: Dropbox.lnk -> C:\Users\martini\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\martini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j.lnk [2015-06-10]
ShortcutTarget: j.lnk -> C:\Users\martini\AppData\Roaming\obimhizaus.exe (Kareo)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3161130626-3097758383-3059665921-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-07-26] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-06] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-06] (Oracle Corporation)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\martini\AppData\Roaming\Mozilla\Firefox\Profiles\yf1j72c8.default
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-16] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-07-26] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-08-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: Sony Corporation/PMCADownloader -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\npPMCADownloader.dll [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderHelper -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderHelper.exe [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderLib -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderLib.dll [2012-10-17] (Sony Network Entertainment International LLC)
FF user.js: detected! => C:\Users\martini\AppData\Roaming\Mozilla\Firefox\Profiles\yf1j72c8.default\user.js [2013-08-11]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-03-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-03-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-03-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-03-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-03-13] (Apple Inc.)
FF SearchPlugin: C:\Users\martini\AppData\Roaming\Mozilla\Firefox\Profiles\yf1j72c8.default\searchplugins\BrowserDefender.xml [2013-08-11]
FF Extension: To Google Translate - C:\Users\martini\AppData\Roaming\Mozilla\Firefox\Profiles\yf1j72c8.default\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2013-08-10]
FF Extension: Adblock Plus - C:\Users\martini\AppData\Roaming\Mozilla\Firefox\Profiles\yf1j72c8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-10]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2013-07-08]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-14]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-07-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
R2 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] () [File not signed]
S3 mi-raysat_3dsmax2015_64; C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-15] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-15] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 23:37 - 2015-06-15 23:37 - 00018924 _____ C:\Users\martini\Desktop\FRST.txt
2015-06-15 23:35 - 2015-06-15 23:37 - 00000000 ____D C:\FRST
2015-06-15 23:35 - 2015-06-15 23:35 - 02109952 _____ (Farbar) C:\Users\martini\Downloads\FRST64.exe
2015-06-15 23:35 - 2015-06-15 23:35 - 02109952 _____ (Farbar) C:\Users\martini\Desktop\FRST64.exe
2015-06-15 22:45 - 2015-06-15 22:45 - 00128446 _____ C:\Users\martini\Desktop\summary.zip
2015-06-15 22:42 - 2015-06-15 23:05 - 1254908275 _____ C:\Users\martini\Downloads\nude_alejandra_big-3000.mp4
2015-06-14 22:49 - 2015-06-14 23:25 - 00000000 ____D C:\Users\martini\Downloads\karussell 2015
2015-06-14 18:13 - 2015-06-14 18:14 - 64816342 _____ C:\Users\martini\Downloads\auswahl.rar
2015-06-14 14:58 - 2015-06-14 14:58 - 00089519 _____ C:\Users\martini\Desktop\summary.rar
2015-06-14 14:51 - 2015-06-14 14:50 - 00415232 _____ (Farbar) C:\Users\martini\Desktop\FSS.exe
2015-06-14 14:50 - 2015-06-14 14:50 - 00415232 _____ (Farbar) C:\Users\martini\Downloads\FSS.exe
2015-06-13 10:37 - 2015-06-13 10:37 - 136520315 _____ C:\Users\martini\Downloads\burka.psd
2015-06-12 23:10 - 2015-06-12 23:10 - 01197344 _____ C:\Users\martini\Downloads\Panda Ransomware Decrypt - CHIP-Installer.exe
2015-06-12 18:47 - 2015-06-12 19:37 - 1758924732 _____ C:\Users\martini\Downloads\Alexis_Adams_hd_tngf.mp4
2015-06-11 23:49 - 2015-06-11 23:49 - 04446072 _____ C:\Users\martini\Downloads\Decryptolocker.exe
2015-06-11 23:45 - 2015-06-11 23:45 - 00201216 _____ (Cisco Systems Inc.) C:\Users\martini\Downloads\TeslaDecrypter.exe
2015-06-11 22:21 - 2015-06-11 22:57 - 1664850126 _____ C:\Users\martini\Downloads\Real.Amateurs.bleep.For.Dollars.4.XXX.DVDRip.x264-XCiTE.mp4
2015-06-11 09:49 - 2015-06-11 10:19 - 837576608 _____ C:\Users\martini\Downloads\sexy_ava_big-3000.mp4
2015-06-11 09:39 - 2015-06-11 09:54 - 224748968 _____ C:\Users\martini\Downloads\iktg_skye_west_480p_1000.mp4
2015-06-11 09:38 - 2015-06-11 10:09 - 1256619043 _____ C:\Users\martini\Downloads\napfsvictoriatyler_720.mp4
2015-06-10 23:43 - 2015-06-10 23:58 - 380826070 _____ C:\Users\martini\Downloads\loving_liza_big.mp4
2015-06-10 23:40 - 2015-06-11 00:09 - 1271838561 _____ C:\Users\martini\Downloads\mshfisabellajohnny_720.mp4
2015-06-10 12:42 - 2015-06-10 12:42 - 77664256 __RSH (Kareo) C:\Users\martini\AppData\Roaming\obimhizaus.exe
2015-06-08 22:24 - 2015-06-08 22:24 - 181838189 _____ C:\Users\martini\Downloads\outsider.psd
2015-06-08 01:24 - 2015-06-08 01:31 - 118286777 _____ C:\Users\martini\Downloads\thanatos.psd
2015-06-08 01:24 - 2015-06-08 01:31 - 109908783 _____ C:\Users\martini\Downloads\eros.psd
2015-06-07 12:32 - 2015-06-07 12:32 - 00060742 _____ C:\Users\martini\Downloads\memberdata.csv
2015-06-07 00:05 - 2015-06-07 00:14 - 494483516 _____ C:\Users\martini\Downloads\so_lovely_big.mp4
2015-06-06 23:09 - 2015-06-06 23:09 - 00000000 ____D C:\Users\martini\Documents\R-TT
2015-06-06 23:09 - 2015-06-06 23:09 - 00000000 ____D C:\Users\martini\AppData\Roaming\R-TT
2015-06-06 23:09 - 2015-06-06 23:09 - 00000000 ____D C:\Users\martini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Studio
2015-06-06 23:09 - 2015-06-06 23:09 - 00000000 ____D C:\Program Files (x86)\R-Studio
2015-06-06 23:08 - 2015-06-06 23:08 - 38481720 _____ (R-Tools Technology Inc.) C:\Users\martini\Downloads\RStudio7.exe
2015-06-06 22:58 - 2015-06-07 12:31 - 00000000 ____D C:\Program Files\Recuva
2015-06-06 22:58 - 2015-06-06 22:58 - 00001658 _____ C:\Users\Public\Desktop\Recuva.lnk
2015-06-06 22:58 - 2015-06-06 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-06-06 22:57 - 2015-06-06 22:57 - 04426120 _____ (Piriform Ltd) C:\Users\martini\Downloads\rcsetup152.exe
2015-06-06 22:48 - 2015-06-06 22:57 - 00000000 ____D C:\Users\martini\Downloads\testdisk-7.0
2015-06-06 22:40 - 2015-06-06 22:42 - 12444088 _____ C:\Users\martini\Downloads\testdisk-7.0.win.zip
2015-06-06 22:10 - 2015-06-06 22:10 - 00969845 _____ (ShadowExplorer.com ) C:\Users\martini\Downloads\ShadowExplorer-0.9-setup.exe
2015-06-06 22:03 - 2015-06-06 22:22 - 79712368 _____ (NathanScott Apps) C:\Users\martini\Downloads\LockerUnlocker_v1.0.6.0.exe
2015-06-06 21:56 - 2015-06-06 22:11 - 00001889 _____ C:\Users\martini\Desktop\ShadowExplorer.lnk
2015-06-06 21:56 - 2015-06-06 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2015-06-06 21:56 - 2015-06-06 22:11 - 00000000 ____D C:\Program Files (x86)\ShadowExplorer
2015-06-06 21:56 - 2015-06-06 21:56 - 00937024 _____ (ShadowExplorer.com ) C:\Users\martini\Downloads\ShadowExplorer-0.8-setup.exe
2015-06-06 21:56 - 2015-06-06 21:56 - 00000000 ____D C:\Users\martini\AppData\Roaming\www.shadowexplorer.com
2015-06-03 09:26 - 2015-06-03 09:28 - 79101960 _____ (NathanScott Apps) C:\Users\martini\Downloads\LockerUnlocker(1).exe
2015-06-03 09:15 - 2015-06-06 22:22 - 00000000 ____D C:\Users\martini\AppData\Local\LockerUnlocker
2015-06-03 09:13 - 2015-06-03 09:14 - 79101960 _____ (NathanScott Apps) C:\Users\martini\Downloads\LockerUnlocker.exe
2015-06-02 22:18 - 2015-06-10 01:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 09:26 - 2015-06-02 09:26 - 03437489 _____ (NathanScott Apps) C:\Users\martini\Downloads\TorrentUnlocker.exe
2015-06-02 09:26 - 2015-06-02 09:26 - 00000000 ____D C:\Users\martini\AppData\Local\TorrentUnlocker
2015-06-02 01:46 - 2015-06-02 01:46 - 01340848 _____ (Emsisoft Ltd) C:\Users\martini\Downloads\decrypt_pclock2(1).exe
2015-06-02 01:13 - 2015-06-02 01:13 - 00000000 ____D C:\Users\martini\AppData\Local\GWX
2015-06-01 22:18 - 2015-06-15 22:07 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-01 22:18 - 2015-06-01 22:18 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-01 22:18 - 2015-06-01 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-01 22:18 - 2015-06-01 22:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-01 22:18 - 2015-06-01 22:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-01 22:18 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-01 22:18 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-01 22:18 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-01 22:15 - 2015-06-01 22:15 - 00000118 ___RH C:\Users\martini\Downloads\Stinger.opt
2015-06-01 22:15 - 2015-06-01 22:15 - 00000000 ____D C:\Quarantine
2015-06-01 22:11 - 2015-06-01 22:15 - 00000000 ____D C:\Program Files (x86)\stinger
2015-06-01 22:11 - 2015-06-01 22:11 - 00000000 ____D C:\Program Files\McAfee
2015-06-01 21:39 - 2015-06-10 01:11 - 00000000 ____D C:\Users\martini\Desktop\zadnji clanak
2015-06-01 09:50 - 2015-06-01 09:50 - 01340848 _____ (Emsisoft Ltd) C:\Users\martini\Downloads\decrypt_pclock2.exe
2015-05-30 09:42 - 2015-05-30 09:42 - 15178781 _____ C:\Users\martini\enc_files.txt
2015-05-30 09:29 - 2015-06-01 00:33 - 00000000 ____D C:\Users\martini\AppData\Roaming\WinTds
2015-05-26 18:58 - 2015-05-30 11:52 - 00426213 _____ C:\Users\martini\Downloads\Rjesenje STALNI SUDSKI TUMAC(1).jpeg
2015-05-26 18:58 - 2015-05-26 18:58 - 00000084 ____H C:\Users\martini\Downloads\.picasa.ini
2015-05-26 18:57 - 2015-05-30 11:52 - 00426213 _____ C:\Users\martini\Downloads\Rjesenje STALNI SUDSKI TUMAC.jpeg
2015-05-26 16:35 - 2015-05-26 16:35 - 00000000 ____D C:\Users\martini\Desktop\09 Zadar
2015-05-26 16:15 - 2015-05-26 16:18 - 00000000 ____D C:\Users\martini\Desktop\05 Davorin pogreb
2015-05-25 12:04 - 2015-05-25 12:04 - 00000000 ____D C:\Users\martini\AppData\Roaming\AMD
2015-05-25 12:01 - 2015-05-25 12:01 - 00000000 ____D C:\ProgramData\ATI
2015-05-25 12:00 - 2015-05-25 12:00 - 00000000 ____D C:\Users\martini\AppData\Roaming\library_dir
2015-05-25 11:59 - 2015-06-06 21:57 - 00000000 ____D C:\Users\martini\AppData\Roaming\Raptr
2015-05-25 11:59 - 2015-06-01 10:10 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-05-25 11:59 - 2015-05-25 11:59 - 00053736 _____ C:\Windows\SysWOW64\CCCInstall_201505251159336760.log
2015-05-25 11:59 - 2015-05-25 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-05-25 11:59 - 2015-05-25 11:59 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2015-05-25 11:59 - 2015-05-25 11:59 - 00000000 ____D C:\Program Files (x86)\AMD
2015-05-25 11:57 - 2015-05-25 11:58 - 00000000 ____D C:\Program Files\AMD
2015-05-25 11:44 - 2015-05-25 11:44 - 00000000 ____D C:\Users\martini\AppData\Roaming\Adobe Mini Bridge CS5
2015-05-24 13:33 - 2015-05-24 13:33 - 00000000 ____D C:\Users\martini\AppData\Roaming\Steam
2015-05-24 05:12 - 2015-05-24 05:12 - 00001170 _____ C:\Users\martini\Desktop\Wolfenstein The Old Blood.lnk
2015-05-24 05:12 - 2015-05-24 05:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein The Old Blood
2015-05-24 04:47 - 2015-05-24 12:22 - 00000000 ____D C:\Program Files (x86)\Wolfenstein The Old Blood
2015-05-23 19:10 - 2015-05-23 19:10 - 00000000 ____D C:\Users\martini\Tracing
2015-05-23 00:26 - 2015-05-23 00:29 - 00000000 ____D C:\Users\martini\Documents\Project CARS
2015-05-23 00:26 - 2015-05-23 00:26 - 00000000 ____D C:\Users\martini\Documents\wmd_symbol_cache
2015-05-22 19:54 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-22 19:54 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 23:29 - 2013-07-08 22:35 - 01960760 _____ C:\Windows\WindowsUpdate.log
2015-06-15 22:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2015-06-15 22:02 - 2009-07-14 06:45 - 00020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-15 22:02 - 2009-07-14 06:45 - 00020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-12 23:13 - 2015-03-07 01:20 - 00000000 ____D C:\Users\martini\Downloads\cat
2015-06-11 09:05 - 2009-07-14 19:58 - 00699432 _____ C:\Windows\system32\perfh007.dat
2015-06-11 09:05 - 2009-07-14 19:58 - 00149572 _____ C:\Windows\system32\perfc007.dat
2015-06-11 09:05 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-10 02:17 - 2014-01-07 09:44 - 00000000 ____D C:\Users\martini\AppData\Roaming\uTorrent
2015-06-10 01:12 - 2014-05-11 18:52 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-06-10 01:12 - 2013-07-28 21:16 - 00000000 ___RD C:\Users\martini\Dropbox
2015-06-10 01:12 - 2013-07-28 21:12 - 00000000 ____D C:\Users\martini\AppData\Roaming\Dropbox
2015-06-10 01:12 - 2013-07-09 01:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-10 01:12 - 2013-07-08 23:24 - 00159442 _____ C:\Windows\PFRO.log
2015-06-10 01:12 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-10 01:12 - 2009-07-14 06:51 - 00043664 _____ C:\Windows\setupact.log
2015-06-06 23:32 - 2015-05-11 16:29 - 00000000 ____D C:\Users\martini\Desktop\04 KISTL Theater
2015-06-02 01:31 - 2014-06-12 22:22 - 00000000 ____D C:\Users\martini\AppData\Roaming\vlc
2015-06-01 16:16 - 2013-07-08 22:53 - 00000000 ____D C:\Users\martini\AppData\Roaming\Adobe
2015-05-30 11:52 - 2015-03-27 18:50 - 16867311 _____ C:\Users\martini\Downloads\skracenoom.zip
2015-05-30 11:52 - 2015-03-03 23:40 - 03496877 _____ C:\Users\martini\Downloads\the euro trap.epub
2015-05-30 11:52 - 2015-01-13 23:28 - 11126952 _____ C:\Users\martini\Downloads\traubenetikett_2014_6fach.psd
2015-05-30 11:52 - 2015-01-13 23:22 - 02380371 _____ C:\Users\martini\Downloads\traubenetikett_2014.psd
2015-05-30 11:52 - 2014-10-03 11:17 - 12731932 _____ C:\Users\martini\Downloads\quantitative analysis for management.rar
2015-05-30 11:51 - 2015-03-27 20:12 - 08322604 _____ C:\Users\martini\Downloads\eBook Economics Foundations Of Econometrics by Oxford Press.rar
2015-05-30 11:51 - 2015-03-24 21:59 - 19220727 _____ C:\Users\martini\Downloads\David_Leitner_Available.pdf.zip
2015-05-30 11:51 - 2015-02-20 19:10 - 26194797 _____ C:\Users\martini\Downloads\finanzwesen.zip
2015-05-30 11:51 - 2015-02-20 19:09 - 113294051 _____ C:\Users\martini\Downloads\buchhaltung-finanzen.zip
2015-05-30 11:51 - 2015-02-20 19:06 - 130581909 _____ C:\Users\martini\Downloads\finanzierung.zip
2015-05-30 11:51 - 2014-11-17 01:56 - 01363968 _____ C:\Users\martini\Downloads\Lebenslauf_2014.indd
2015-05-30 11:51 - 2014-11-06 17:34 - 29511762 _____ C:\Users\martini\Downloads\FULL_SIZES_15.rar
2015-05-30 11:51 - 2014-11-03 01:31 - 20579841 _____ C:\Users\martini\Downloads\GORAN-DRAFT.rar
2015-05-30 11:51 - 2014-11-02 16:43 - 01020858 _____ C:\Users\martini\Downloads\fwdnlp.zip
2015-05-30 11:51 - 2014-08-11 22:09 - 20349044 _____ C:\Users\martini\Downloads\alice_alpha.tga
2015-05-30 11:51 - 2014-08-11 22:07 - 20416364 _____ C:\Users\martini\Downloads\alice.tga
2015-05-30 11:51 - 2013-10-12 18:32 - 74244647 _____ C:\Users\martini\Downloads\Osnove ekonomije.zip
2015-05-30 10:03 - 2014-11-17 18:25 - 01347584 _____ C:\Users\martini\Documents\Bewerbung_Learnconsult.indd
2015-05-30 10:03 - 2014-11-17 04:12 - 01167360 _____ C:\Users\martini\Documents\Bewerbung_DIS AG.indd
2015-05-30 10:03 - 2014-11-17 03:18 - 01306624 _____ C:\Users\martini\Documents\Bewerbung_GMK.indd
2015-05-30 10:03 - 2014-11-17 01:56 - 01363968 _____ C:\Users\martini\Documents\Lebenslauf_2014.indd
2015-05-30 10:03 - 2014-09-10 16:20 - 01378418 _____ C:\Users\martini\Documents\gekko2.ai
2015-05-30 10:03 - 2014-09-09 18:30 - 00016946 _____ C:\Users\martini\Documents\Ana Kolega Übersicht.xlsx
2015-05-30 10:03 - 2014-09-09 15:44 - 04611284 _____ C:\Users\martini\Documents\gekko2.psd
2015-05-30 10:03 - 2014-09-09 14:14 - 07515658 _____ C:\Users\martini\Documents\gekko_mitfoto.psd
2015-05-30 10:03 - 2014-09-08 23:03 - 05292702 _____ C:\Users\martini\Documents\gekko.psd
2015-05-30 10:03 - 2014-09-08 12:39 - 01364742 _____ C:\Users\martini\Documents\gekko.ai
2015-05-30 10:03 - 2013-11-30 21:22 - 00061440 _____ C:\Users\martini\Documents\tatortkunst_schnaps.indb
2015-05-30 10:03 - 2013-10-07 23:39 - 03923968 _____ C:\Users\martini\Documents\presseaussendung_tatortkunst_schmerz.indd
2015-05-30 10:03 - 2013-08-10 13:34 - 00078494 _____ C:\Users\martini\Documents\cd_liste_tomi_special.xps
2015-05-30 09:42 - 2015-02-02 00:24 - 08319889 _____ C:\Users\martini\Desktop\Kalkulation Vernissage.xlsx
2015-05-30 09:42 - 2014-10-17 22:07 - 221390902 _____ C:\Users\martini\Desktop\flyer_fotografie.psd
2015-05-30 09:42 - 2013-07-08 22:35 - 00000000 ____D C:\Users\martini
2015-05-25 11:59 - 2013-07-16 23:40 - 00000000 ____D C:\ProgramData\AMD
2015-05-25 11:58 - 2013-07-16 23:39 - 00000000 ____D C:\Program Files\ATI Technologies
2015-05-25 11:56 - 2013-08-09 22:58 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-25 11:52 - 2013-07-16 23:38 - 00000000 ____D C:\AMD
2015-05-24 03:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-05-23 19:50 - 2013-07-26 21:08 - 00000000 ____D C:\Users\martini\AppData\Roaming\Skype
2015-05-23 19:10 - 2014-11-18 23:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-23 19:10 - 2013-07-26 21:07 - 00000000 ____D C:\ProgramData\Skype
2015-05-23 01:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-05-22 20:15 - 2015-04-09 22:39 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-22 20:15 - 2015-04-09 22:39 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-22 20:15 - 2014-12-11 04:20 - 00000000 ____D C:\Windows\system32\appraiser
2015-05-22 20:15 - 2014-04-30 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-05-22 20:15 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-22 20:15 - 2009-07-14 06:45 - 05008056 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-22 20:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-22 20:04 - 2013-07-08 23:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-22 20:03 - 2013-08-20 00:19 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-22 20:03 - 2013-08-20 00:19 - 00001912 _____ C:\Windows\epplauncher.mif
2015-05-22 20:03 - 2013-08-20 00:19 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-05-22 20:03 - 2013-08-20 00:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-05-22 20:02 - 2013-11-15 23:20 - 01594028 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-22 20:01 - 2013-08-15 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-05-22 19:55 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2015-05-18 22:14 - 2013-07-28 21:13 - 00000000 ____D C:\Users\martini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-18 22:10 - 2013-07-09 20:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======

2014-03-02 21:18 - 2014-10-12 19:17 - 0000132 _____ () C:\Users\martini\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-03-02 21:20 - 2014-08-11 22:09 - 0000132 _____ () C:\Users\martini\AppData\Roaming\Adobe Targa Format CS5 Prefs
2015-06-10 12:42 - 2015-06-10 12:42 - 77664256 __RSH (Kareo) C:\Users\martini\AppData\Roaming\obimhizaus.exe
2015-02-04 01:16 - 2015-05-11 00:54 - 0005120 _____ () C:\Users\martini\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-15 14:45 - 2013-08-15 14:45 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-07-11 21:48 - 2010-11-20 14:17 - 72826880 ___SH () C:\ProgramData\msjoxck.exe

Files to move or delete:
====================
C:\ProgramData\msjoxck.exe


Some files in TEMP:
====================
C:\Users\martini\AppData\Local\Temp\AcDeltree.exe
C:\Users\martini\AppData\Local\Temp\agbzdgyx.exe
C:\Users\martini\AppData\Local\Temp\cdo4176609750.dll
C:\Users\martini\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkrbdo8.dll
C:\Users\martini\AppData\Local\Temp\FreeStudio.exe
C:\Users\martini\AppData\Local\Temp\InstallAX.exe
C:\Users\martini\AppData\Local\Temp\InstallPlugin.exe
C:\Users\martini\AppData\Local\Temp\launcher_vs2012_sp4_vcredist_x86.exe
C:\Users\martini\AppData\Local\Temp\mljx.exe
C:\Users\martini\AppData\Local\Temp\nso896C.tmp.exe
C:\Users\martini\AppData\Local\Temp\ose00000.exe
C:\Users\martini\AppData\Local\Temp\PidGenX.dll
C:\Users\martini\AppData\Local\Temp\raptrpatch.exe
C:\Users\martini\AppData\Local\Temp\raptr_stub.exe
C:\Users\martini\AppData\Local\Temp\safeguard.exe
C:\Users\martini\AppData\Local\Temp\SkypeSetup.exe
C:\Users\martini\AppData\Local\Temp\sonarinst.exe
C:\Users\martini\AppData\Local\Temp\uninst1.exe
C:\Users\martini\AppData\Local\Temp\Update.exe
C:\Users\martini\AppData\Local\Temp\xmlUpdater.exe
C:\Users\martini\AppData\Local\Temp\~convert5376117890859769865.exe
C:\Users\martini\AppData\Local\Temp\~convert539290703745595758.exe
C:\Users\martini\AppData\Local\Temp\~convert6451164482104206547.exe
C:\Users\martini\AppData\Local\Temp\~convert6579318205344826819.exe
C:\Users\martini\AppData\Local\Temp\~convert8466170769192746535.exe
C:\Users\martini\AppData\Local\Temp\~convert8992786664121824424.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 01:04

==================== End of log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by martini at 2015-06-15 23:37:32
Running from C:\Users\martini\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3161130626-3097758383-3059665921-500 - Administrator - Disabled)
Gast (S-1-5-21-3161130626-3097758383-3059665921-501 - Limited - Disabled)
martini (S-1-5-21-3161130626-3097758383-3059665921-1000 - Administrator - Enabled) => C:\Users\martini

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3161130626-3097758383-3059665921-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{FBB02B04-C034-4382-A3F6-57416E2752C4}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}) (Version: 10.1.52.14 - Adobe Systems, Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autodesk 3ds Max 2012 64-bit - English (HKLM\...\Autodesk 3ds Max 2012 64-bit - English) (Version: 14.0 - Autodesk)
Autodesk 3ds Max 2012 64-bit - English (Version: 14.0 - Autodesk) Hidden
Autodesk 3ds Max 2015 (HKLM\...\Autodesk 3ds Max 2015) (Version: 17.0.630.0 - Autodesk)
Autodesk 3ds Max 2015 (Version: 17.0.630.0 - Autodesk) Hidden
Autodesk 3ds Max 2015 Populate Data (HKLM\...\{57E92DED-DC6C-41E5-B9E1-76D83BD2EABE}) (Version: 17.0.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.69.0 - Autodesk)
Autodesk Backburner 2012.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2012.0.0 - Autodesk, Inc.)
Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit (HKLM\...\Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit) (Version:  - Autodesk)
Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2012 (HKLM-x32\...\{B5751715-EC10-43D9-8C95-62E1368433EF}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2015 (HKLM-x32\...\{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}) (Version: 5.2.9.100 - Autodesk)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{CB1A6F34-A4A0-4FEE-8339-01FE0002BA38}) (Version: 2.4.0 - Kovid Goyal)
Composite 2012 64-bit (HKLM\...\{EA234BC3-39FE-4734-B72F-076086889F6D}) (Version: 7.0.0 - Autodesk)
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-3161130626-3097758383-3059665921-1000\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
CuteFTP 9 (HKLM-x32\...\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}) (Version: 9.0.5 - Globalscape)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3161130626-3097758383-3059665921-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Epic Games Launcher (HKLM\...\{8727C279-A122-40B8-8ACA-271E1809DAA5}) (Version: 1.1.23.0 - Epic Games, Inc.)
FastStone Image Viewer 4.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.8 - FastStone Soft)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Free Studio version 6.4.3.128 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.3.128 - DVDVideoSoft Ltd.)
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{61ADDE9C-3AE6-46FC-9127-DFFF637AED03}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Hilfe (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
iExplorer 3.4.0.1 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayMemories Camera Apps Downloader (HKLM-x32\...\{E4B95A36-0EF2-44C6-B939-5B3DBBC34502}) (Version: 1.1.1975.475 - Sony Network Entertainment International LLC)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RayFire 1.65 - 3ds Max 2015 (HKLM-x32\...\RayFire) (Version: 1.65 - 3ds Max 2015 - Mir Vadim)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
R-Studio 7.6 (HKLM-x32\...\R-Studio 7.6NSIS) (Version: 7.6.158796 - R-Tools Technology Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29327 - TeamViewer)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Wolfenstein The Old Blood (HKLM-x32\...\Wolfenstein The Old Blood_is1) (Version:  - )
Xilisoft iPad to PC Copy (HKLM-x32\...\Xilisoft iPad to PC Copy) (Version: 5.6.4.20140921 - Xilisoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\martini\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2013-07-09 00:00 - 00000922 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0337EAFB-84D0-4188-A5D4-DA85FE422F5D} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-07-10] (Microsoft Corporation)
Task: {12D4714B-5E7B-4F77-81E9-3C058958908E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {3268F9B3-37EF-4884-91AC-8BA9B5779E49} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {73AA6536-3A31-4AAA-B57A-0852B53535EC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {AA0EA0AF-6C6C-4716-9C18-09DD170D7EE4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AAB45512-A875-403C-8F55-D1C4696BF999} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {CD637EE7-0846-43E7-9E4F-DED1C3A6156A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {CE86612C-8361-4807-AC5B-D4D0692BD6C4} - System32\Tasks\{8540B0CC-DAB1-46BF-A414-F712C43C6575} => pcalua.exe -a C:\Users\martini\Downloads\Install_CopyTransControlCenter.exe -d C:\Users\martini\Downloads
Task: {F165B6B0-8D0B-40AD-A1D0-381B42F11B51} - System32\Tasks\AdobeAAMUpdater-1.0-martini-PC-martini => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {F72D9203-4189-4048-8F32-F3D7BAD92152} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

==================== Loaded Modules (Whitelisted) ==============

2011-02-22 21:52 - 2011-02-22 21:52 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-07-08 22:55 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2010-04-07 02:45 - 2010-04-07 02:45 - 00050176 _____ () C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\QuickTimeGlue.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-02-24 23:25 - 2014-12-05 04:27 - 00055688 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2015-02-24 23:25 - 2014-12-05 04:27 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-06-10 01:12 - 2015-06-10 01:12 - 00043008 _____ () c:\users\martini\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkrbdo8.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\martini\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\martini\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\martini\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\martini\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-06-10 01:12 - 2014-12-05 04:27 - 00104328 _____ () C:\Users\martini\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2015-03-16 21:53 - 2015-03-16 21:53 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2013-05-11 12:37 - 2013-05-11 12:37 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
2010-02-22 04:50 - 2010-02-22 04:50 - 00060416 _____ () C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\martini\AppData\Local\Temp:PtU8FVnM48FavMrNGX7d6vy5Uo

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3161130626-3097758383-3059665921-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\martini\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9E9288A6-4C67-488F-B7DE-30A1426F6144}] => (Allow) C:\Games\World_of_Tanks\WOTLauncher.exe
FirewallRules: [{968C2AE0-B130-4036-B4CF-5DCC38AE39BE}] => (Allow) C:\Games\World_of_Tanks\WOTLauncher.exe
FirewallRules: [{9F43AEFE-5B5E-4EE8-9DAD-96AB57500597}] => (Allow) C:\Games\World_of_Tanks\WOTLauncher.exe
FirewallRules: [{B4060A19-2106-40D5-B892-4BA13F03CE0B}] => (Allow) C:\Games\World_of_Tanks\WOTLauncher.exe
FirewallRules: [TCP Query User{8A97E7D9-C9ED-4589-8A04-A3B0D0E343C1}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{47E2F08D-23E2-47B5-907C-54A3996696F3}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{F085972F-09AD-48E1-910F-CDB31DB410E7}C:\users\martini\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martini\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{075AACF7-FF0D-423A-AF2A-15FE60041AC0}C:\users\martini\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martini\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{4339EAFA-B653-4865-979E-FCE655ADD550}C:\users\martini\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\martini\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{4A940C9D-9D20-4B1E-871D-9FD555138E53}C:\users\martini\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\martini\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{E52C60DA-5411-487B-BF47-058517DF1CA9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B439D46F-A633-4D38-BD4D-3FBB7E129049}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{3A1CBE41-7E0F-4DF6-BC1A-83EB3BD04B5B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A53272C1-005C-4A06-8E42-31A953789B8B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F579B791-F841-40AA-9280-D9A2A2E50C26}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{8F94B401-A837-492D-8A26-6068F7DC483E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{AA038CCD-0142-4A20-91E7-0040D4994C78}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{7239AF1B-57D5-4281-A553-FF02130A847A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{190CA4C6-22A9-4F0E-8DD9-727F93D89746}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{01F07E93-8ECA-419F-AE8E-39168B125736}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{917990AF-DD93-4482-8F6A-FE23F826EBF2}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{0BE78F6A-FEEF-4B08-98E9-CFA4B6CE7110}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{59F67D84-CA8D-4E70-8972-780EA4B2C5A5}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{EDB1EAF8-782C-4501-9E43-14347DA532EB}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{31E1A560-F9FC-4A22-BE90-5A07FB64B71B}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{6BD9E694-E80E-415F-9F30-76DE17FE8448}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\3dsmax.exe
FirewallRules: [{91E3727F-9AD7-4718-AB0B-137486B8CC04}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\3dsmax.exe
FirewallRules: [{8F148D60-1914-41C0-AAE7-8AED8C093B17}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
FirewallRules: [{24159E16-2C7B-46C9-800E-96716B978A2C}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
FirewallRules: [{85AD82FA-B58D-4123-9761-E616045A3D69}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe
FirewallRules: [{D20AC690-6E1B-43E4-9465-D12FEEC609CF}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe
FirewallRules: [TCP Query User{589B27ED-1D53-403E-BD63-50CEB66D9DAC}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{48DB37A1-DA97-458B-B3E8-637452F1BCAE}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [TCP Query User{B7C525BD-FF7A-4F3F-8158-D1C68E3CC5B0}C:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe] => (Block) C:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe
FirewallRules: [UDP Query User{5F56F377-B004-4EE2-B5EA-4F038D2DDD6A}C:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe] => (Block) C:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe
FirewallRules: [TCP Query User{9935DFD0-EA6A-4572-87A8-5415991DC344}C:\battlefield 4\bf4.exe] => (Block) C:\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{B21F9696-0160-4BFC-9630-3BA84C32C685}C:\battlefield 4\bf4.exe] => (Block) C:\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{972160CA-1AFD-48EF-9E2A-9CCC8675E562}C:\users\martini\desktop\far cry 3\bin\farcry3.exe] => (Block) C:\users\martini\desktop\far cry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{9FC6D03F-E80C-4ED1-8D8F-E564AB60D00A}C:\users\martini\desktop\far cry 3\bin\farcry3.exe] => (Block) C:\users\martini\desktop\far cry 3\bin\farcry3.exe
FirewallRules: [{9F865E9F-3D46-43FD-8F1B-65E0F96D18FD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{40C06292-8CE5-4443-A88B-618DEBFC88BB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F909CBA5-A32D-4F59-9A9D-08DED9F1D0A9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4C8D6C3B-95F1-4C08-BA96-3609CA5A541E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{A4C945AC-3F09-4285-8452-B7BE7E1DB36E}C:\users\martini\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martini\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{312663D4-4F19-4FAF-AAE1-2A2DF49D2C74}C:\users\martini\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martini\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{3C44ECD8-71DB-4DBD-B196-8C00B4A1B1EE}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{F94E77AE-A4CC-405E-94CF-AD29D3B62620}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{D5A60A8A-AD89-44F3-B057-AA3E11D9DB21}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{E1B3E7E0-F143-41A2-8927-ADBE360736A6}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{59714F0A-75DA-496D-8C69-3689EFBEDD3F}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{1E539715-D240-4087-B5BF-2CF7A025BB79}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{308BB2C5-4B35-4B3F-8920-1C2C0C04E67A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F5AD2C36-BA1E-4A49-9532-36CEE176EED5}C:\users\martini\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martini\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{AE2C639A-EBF7-4E21-82BA-75865A0B13BA}C:\users\martini\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martini\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{2601D80A-70A4-4BF9-9EBE-FF013BD1958B}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
FirewallRules: [{85CBB283-EFD0-4288-858E-9FAE39B2F070}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
FirewallRules: [{3404AC84-A204-437C-A378-D73AC084D548}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe
FirewallRules: [{049E7E50-FFC7-4512-ADB7-06B089F2BC3E}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe
FirewallRules: [TCP Query User{94414F2C-D2E3-4829-A435-24CCF3FA6316}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B1CD5E60-ACD3-43AE-96B3-632B7CA3A301}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{64814C53-BB62-45EF-88A2-83C51E958221}C:\program files\epic games\4.7\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\4.7\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{B59BF2C9-4052-485A-BD2E-205617CEE65B}C:\program files\epic games\4.7\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\4.7\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{2982D464-2AC1-432B-A832-26D7DB8F1BF2}C:\users\martini\documents\unreal projects\blackcat\saved\stagedbuilds\windowsnoeditor\engine\binaries\win64\ue4game.exe] => (Allow) C:\users\martini\documents\unreal projects\blackcat\saved\stagedbuilds\windowsnoeditor\engine\binaries\win64\ue4game.exe
FirewallRules: [UDP Query User{85A025B3-DAC5-4F7F-BFB6-66E72B589FB1}C:\users\martini\documents\unreal projects\blackcat\saved\stagedbuilds\windowsnoeditor\engine\binaries\win64\ue4game.exe] => (Allow) C:\users\martini\documents\unreal projects\blackcat\saved\stagedbuilds\windowsnoeditor\engine\binaries\win64\ue4game.exe
FirewallRules: [TCP Query User{66E87B92-0ACA-4614-84AC-AA117135B660}C:\program files\epic games\4.7\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\4.7\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [UDP Query User{8892F1B7-C268-493F-B120-EA8066AE6350}C:\program files\epic games\4.7\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\4.7\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [{2F4D3647-1714-440A-85AC-8597E06815C7}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{6A33C71C-666C-423D-A9F1-B5CDBACBC9D6}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [TCP Query User{5424AED8-CCF2-4595-ADF6-6FC14E9DC982}C:\windows\system32\taskhost.exe] => (Block) C:\windows\system32\taskhost.exe
FirewallRules: [UDP Query User{77F3F686-8578-4685-86A7-6C5B3B5677D8}C:\windows\system32\taskhost.exe] => (Block) C:\windows\system32\taskhost.exe
FirewallRules: [{A645B717-5BA7-424D-9C27-57295F21D4B1}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{49AADC9A-58F4-4901-BC97-88A6D055D1B4}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{69D0B763-BD0A-4372-B4C5-9BB2E53DFD49}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{B1C23616-888D-412A-AB96-1D6A97DB9A2A}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe

==================== Faulty Device Manager Devices =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2015 10:51:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13011

Error: (06/15/2015 10:51:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13011

Error: (06/15/2015 10:51:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/15/2015 10:51:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12013

Error: (06/15/2015 10:51:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12013

Error: (06/15/2015 10:51:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/15/2015 10:51:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11014

Error: (06/15/2015 10:51:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11014

Error: (06/15/2015 10:51:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/15/2015 10:51:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10000


System errors:
=============
Error: (06/15/2015 10:56:17 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (06/13/2015 08:19:30 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

    Neue Signaturversion:

    Vorherige Signaturversion: 1.199.2456.0

    Aktualisierungsquelle: %NT-AUTORITÄT51

    Aktualisierungsphase: 4.8.0204.00

    Quellpfad: 4.8.0204.01

    Signaturtyp: %NT-AUTORITÄT602

    Aktualisierungstyp: %NT-AUTORITÄT604

    Benutzer: NT-AUTORITÄT\NETZWERKDIENST

    Aktuelle Modulversion: %NT-AUTORITÄT605

    Vorherige Modulversion: %NT-AUTORITÄT606

    Fehlercode: %NT-AUTORITÄT607

    Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/13/2015 08:19:30 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

    Neue Signaturversion:

    Vorherige Signaturversion: 1.199.2456.0

    Aktualisierungsquelle: %NT-AUTORITÄT51

    Aktualisierungsphase: 4.8.0204.00

    Quellpfad: 4.8.0204.01

    Signaturtyp: %NT-AUTORITÄT602

    Aktualisierungstyp: %NT-AUTORITÄT604

    Benutzer: NT-AUTORITÄT\NETZWERKDIENST

    Aktuelle Modulversion: %NT-AUTORITÄT605

    Vorherige Modulversion: %NT-AUTORITÄT606

    Fehlercode: %NT-AUTORITÄT607

    Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/13/2015 08:19:29 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

    Neue Signaturversion:

    Vorherige Signaturversion: 1.199.2456.0

    Aktualisierungsquelle: %NT-AUTORITÄT59

    Aktualisierungsphase: 4.8.0204.00

    Quellpfad: 4.8.0204.01

    Signaturtyp: %NT-AUTORITÄT602

    Aktualisierungstyp: %NT-AUTORITÄT604

    Benutzer: NT-AUTORITÄT\SYSTEM

    Aktuelle Modulversion: %NT-AUTORITÄT605

    Vorherige Modulversion: %NT-AUTORITÄT606

    Fehlercode: %NT-AUTORITÄT607

    Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/13/2015 02:22:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.199.2528.0)

Error: (06/13/2015 02:21:12 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

    Neue Signaturversion:

    Vorherige Signaturversion: 1.199.2456.0

    Aktualisierungsquelle: %NT-AUTORITÄT51

    Aktualisierungsphase: 4.8.0204.00

    Quellpfad: 4.8.0204.01

    Signaturtyp: %NT-AUTORITÄT602

    Aktualisierungstyp: %NT-AUTORITÄT604

    Benutzer: NT-AUTORITÄT\NETZWERKDIENST

    Aktuelle Modulversion: %NT-AUTORITÄT605

    Vorherige Modulversion: %NT-AUTORITÄT606

    Fehlercode: %NT-AUTORITÄT607

    Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/13/2015 02:21:12 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

    Neue Signaturversion:

    Vorherige Signaturversion: 1.199.2456.0

    Aktualisierungsquelle: %NT-AUTORITÄT51

    Aktualisierungsphase: 4.8.0204.00

    Quellpfad: 4.8.0204.01

    Signaturtyp: %NT-AUTORITÄT602

    Aktualisierungstyp: %NT-AUTORITÄT604

    Benutzer: NT-AUTORITÄT\NETZWERKDIENST

    Aktuelle Modulversion: %NT-AUTORITÄT605

    Vorherige Modulversion: %NT-AUTORITÄT606

    Fehlercode: %NT-AUTORITÄT607

    Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/13/2015 02:21:08 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

    Neue Signaturversion:

    Vorherige Signaturversion: 1.199.2456.0

    Aktualisierungsquelle: %NT-AUTORITÄT59

    Aktualisierungsphase: 4.8.0204.00

    Quellpfad: 4.8.0204.01

    Signaturtyp: %NT-AUTORITÄT602

    Aktualisierungstyp: %NT-AUTORITÄT604

    Benutzer: NT-AUTORITÄT\SYSTEM

    Aktuelle Modulversion: %NT-AUTORITÄT605

    Vorherige Modulversion: %NT-AUTORITÄT606

    Fehlercode: %NT-AUTORITÄT607

    Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/13/2015 10:34:00 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (06/11/2015 10:13:41 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.


Microsoft Office:
=========================
Error: (06/15/2015 10:51:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13011

Error: (06/15/2015 10:51:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13011

Error: (06/15/2015 10:51:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/15/2015 10:51:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12013

Error: (06/15/2015 10:51:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12013

Error: (06/15/2015 10:51:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/15/2015 10:51:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11014

Error: (06/15/2015 10:51:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11014

Error: (06/15/2015 10:51:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/15/2015 10:51:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10000


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770T CPU @ 2.50GHz
Percentage of memory in use: 75%
Total physical RAM: 4029.6 MB
Available physical RAM: 1001.55 MB
Total Pagefile: 10779.7 MB
Available Pagefile: 2983.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:1.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 1D1139A0)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 73DB82D6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

==================== End of log ============================



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:11 PM

Posted 15 June 2015 - 06:06 PM

Greetings,

 

Unfortunately there is evidence of illegal software on your computer. Before doing anything further I am going to request you uninstall Adobe Creative Suite 5 Master Collection. If you are willing to do that please run another FRST scan with Addition.txt after removal and post the logs. If you prefer not to do that please let me know and I will have to close the topic.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Martin_E

Martin_E
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 16 June 2015 - 03:25 PM

Allright. I uninstalled it.

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by martini at 2015-06-16 22:23:24
Running from C:\Users\martini\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3161130626-3097758383-3059665921-500 - Administrator - Disabled)
Gast (S-1-5-21-3161130626-3097758383-3059665921-501 - Limited - Disabled)
martini (S-1-5-21-3161130626-3097758383-3059665921-1000 - Administrator - Enabled) => C:\Users\martini

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3161130626-3097758383-3059665921-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}) (Version: 10.1.52.14 - Adobe Systems, Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autodesk 3ds Max 2012 64-bit - English (HKLM\...\Autodesk 3ds Max 2012 64-bit - English) (Version: 14.0 - Autodesk)
Autodesk 3ds Max 2012 64-bit - English (Version: 14.0 - Autodesk) Hidden
Autodesk 3ds Max 2015 (HKLM\...\Autodesk 3ds Max 2015) (Version: 17.0.630.0 - Autodesk)
Autodesk 3ds Max 2015 (Version: 17.0.630.0 - Autodesk) Hidden
Autodesk 3ds Max 2015 Populate Data (HKLM\...\{57E92DED-DC6C-41E5-B9E1-76D83BD2EABE}) (Version: 17.0.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.69.0 - Autodesk)
Autodesk Backburner 2012.0.0 (HKLM-x32\...\{3D347E6D-5A03-4342-B5BA-6A771885F379}) (Version: 2012.0.0 - Autodesk, Inc.)
Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit (HKLM\...\Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit) (Version:  - Autodesk)
Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2012 (HKLM-x32\...\{B5751715-EC10-43D9-8C95-62E1368433EF}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2015 (HKLM-x32\...\{9F6466D9-6EFC-4A10-B931-C72D1A3F1763}) (Version: 5.2.9.100 - Autodesk)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{CB1A6F34-A4A0-4FEE-8339-01FE0002BA38}) (Version: 2.4.0 - Kovid Goyal)
Composite 2012 64-bit (HKLM\...\{EA234BC3-39FE-4734-B72F-076086889F6D}) (Version: 7.0.0 - Autodesk)
CuteFTP 9 (HKLM-x32\...\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}) (Version: 9.0.5 - Globalscape)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3161130626-3097758383-3059665921-1000\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
Epic Games Launcher (HKLM\...\{8727C279-A122-40B8-8ACA-271E1809DAA5}) (Version: 1.1.23.0 - Epic Games, Inc.)
FastStone Image Viewer 4.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 4.8 - FastStone Soft)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Free Studio version 6.4.3.128 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.3.128 - DVDVideoSoft Ltd.)
HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (HKLM\...\{61ADDE9C-3AE6-46FC-9127-DFFF637AED03}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Hilfe (HKLM-x32\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
iExplorer 3.4.0.1 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayMemories Camera Apps Downloader (HKLM-x32\...\{E4B95A36-0EF2-44C6-B939-5B3DBBC34502}) (Version: 1.1.1975.475 - Sony Network Entertainment International LLC)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29327 - TeamViewer)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Wolfenstein The Old Blood (HKLM-x32\...\Wolfenstein The Old Blood_is1) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\martini\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2013-07-09 00:00 - 00000922 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0337EAFB-84D0-4188-A5D4-DA85FE422F5D} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-07-10] (Microsoft Corporation)
Task: {0624DCE4-33F0-439C-A74E-C43EC362A26A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {12D4714B-5E7B-4F77-81E9-3C058958908E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {8662E3FE-D61F-4023-87E5-7E6D82E9B4A5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {989E280E-4C78-4CBB-9DD0-CAF578AB7B7D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3161130626-3097758383-3059665921-1000UA => C:\Users\martini\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {AA0EA0AF-6C6C-4716-9C18-09DD170D7EE4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CD20520C-A86B-4235-9AE4-1B0B984C9F92} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3161130626-3097758383-3059665921-1000Core => C:\Users\martini\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {CD637EE7-0846-43E7-9E4F-DED1C3A6156A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {CE86612C-8361-4807-AC5B-D4D0692BD6C4} - System32\Tasks\{8540B0CC-DAB1-46BF-A414-F712C43C6575} => pcalua.exe -a C:\Users\martini\Downloads\Install_CopyTransControlCenter.exe -d C:\Users\martini\Downloads
Task: {DB2510A3-18D0-45E5-8CBF-F6931F7702DC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {F165B6B0-8D0B-40AD-A1D0-381B42F11B51} - System32\Tasks\AdobeAAMUpdater-1.0-martini-PC-martini => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {F72D9203-4189-4048-8F32-F3D7BAD92152} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3161130626-3097758383-3059665921-1000Core.job => C:\Users\martini\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3161130626-3097758383-3059665921-1000UA.job => C:\Users\martini\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-02-22 21:52 - 2011-02-22 21:52 - 00086016 _____ () C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2015-02-24 23:25 - 2014-12-05 04:27 - 00055688 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2015-02-24 23:25 - 2014-12-05 04:27 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-06-16 22:18 - 2014-12-05 04:27 - 00104328 _____ () C:\Users\martini\AppData\Local\Autodesk\.AdskAppManager\R1\qjson0.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-06-16 22:21 - 2015-06-16 22:21 - 00043008 _____ () c:\users\martini\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpotcl9d.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\martini\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\martini\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\martini\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\martini\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\martini\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\martini\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\martini\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\martini\AppData\Local\Temp:PtU8FVnM48FavMrNGX7d6vy5Uo

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3161130626-3097758383-3059665921-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\martini\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9E9288A6-4C67-488F-B7DE-30A1426F6144}] => (Allow) C:\Games\World_of_Tanks\WOTLauncher.exe
FirewallRules: [{968C2AE0-B130-4036-B4CF-5DCC38AE39BE}] => (Allow) C:\Games\World_of_Tanks\WOTLauncher.exe
FirewallRules: [{9F43AEFE-5B5E-4EE8-9DAD-96AB57500597}] => (Allow) C:\Games\World_of_Tanks\WOTLauncher.exe
FirewallRules: [{B4060A19-2106-40D5-B892-4BA13F03CE0B}] => (Allow) C:\Games\World_of_Tanks\WOTLauncher.exe
FirewallRules: [TCP Query User{8A97E7D9-C9ED-4589-8A04-A3B0D0E343C1}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{47E2F08D-23E2-47B5-907C-54A3996696F3}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{F085972F-09AD-48E1-910F-CDB31DB410E7}C:\users\martini\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martini\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{075AACF7-FF0D-423A-AF2A-15FE60041AC0}C:\users\martini\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martini\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{4339EAFA-B653-4865-979E-FCE655ADD550}C:\users\martini\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\martini\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{4A940C9D-9D20-4B1E-871D-9FD555138E53}C:\users\martini\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\martini\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{E52C60DA-5411-487B-BF47-058517DF1CA9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B439D46F-A633-4D38-BD4D-3FBB7E129049}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{3A1CBE41-7E0F-4DF6-BC1A-83EB3BD04B5B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A53272C1-005C-4A06-8E42-31A953789B8B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F579B791-F841-40AA-9280-D9A2A2E50C26}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{8F94B401-A837-492D-8A26-6068F7DC483E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{AA038CCD-0142-4A20-91E7-0040D4994C78}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{7239AF1B-57D5-4281-A553-FF02130A847A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{190CA4C6-22A9-4F0E-8DD9-727F93D89746}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{01F07E93-8ECA-419F-AE8E-39168B125736}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{917990AF-DD93-4482-8F6A-FE23F826EBF2}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\monitor.exe
FirewallRules: [{0BE78F6A-FEEF-4B08-98E9-CFA4B6CE7110}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{59F67D84-CA8D-4E70-8972-780EA4B2C5A5}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\manager.exe
FirewallRules: [{EDB1EAF8-782C-4501-9E43-14347DA532EB}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{31E1A560-F9FC-4A22-BE90-5A07FB64B71B}] => (Allow) C:\Program Files (x86)\Autodesk\Backburner\server.exe
FirewallRules: [{6BD9E694-E80E-415F-9F30-76DE17FE8448}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\3dsmax.exe
FirewallRules: [{91E3727F-9AD7-4718-AB0B-137486B8CC04}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\3dsmax.exe
FirewallRules: [{8F148D60-1914-41C0-AAE7-8AED8C093B17}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
FirewallRules: [{24159E16-2C7B-46C9-800E-96716B978A2C}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
FirewallRules: [{85AD82FA-B58D-4123-9761-E616045A3D69}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe
FirewallRules: [{D20AC690-6E1B-43E4-9465-D12FEEC609CF}] => (Allow) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe
FirewallRules: [TCP Query User{589B27ED-1D53-403E-BD63-50CEB66D9DAC}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{48DB37A1-DA97-458B-B3E8-637452F1BCAE}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [TCP Query User{B7C525BD-FF7A-4F3F-8158-D1C68E3CC5B0}C:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe] => (Block) C:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe
FirewallRules: [UDP Query User{5F56F377-B004-4EE2-B5EA-4F038D2DDD6A}C:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe] => (Block) C:\program files (x86)\wolfenstein the new order german\wolfneworder_x64.exe
FirewallRules: [TCP Query User{9935DFD0-EA6A-4572-87A8-5415991DC344}C:\battlefield 4\bf4.exe] => (Block) C:\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{B21F9696-0160-4BFC-9630-3BA84C32C685}C:\battlefield 4\bf4.exe] => (Block) C:\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{972160CA-1AFD-48EF-9E2A-9CCC8675E562}C:\users\martini\desktop\far cry 3\bin\farcry3.exe] => (Block) C:\users\martini\desktop\far cry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{9FC6D03F-E80C-4ED1-8D8F-E564AB60D00A}C:\users\martini\desktop\far cry 3\bin\farcry3.exe] => (Block) C:\users\martini\desktop\far cry 3\bin\farcry3.exe
FirewallRules: [{9F865E9F-3D46-43FD-8F1B-65E0F96D18FD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{40C06292-8CE5-4443-A88B-618DEBFC88BB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F909CBA5-A32D-4F59-9A9D-08DED9F1D0A9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4C8D6C3B-95F1-4C08-BA96-3609CA5A541E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{A4C945AC-3F09-4285-8452-B7BE7E1DB36E}C:\users\martini\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martini\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{312663D4-4F19-4FAF-AAE1-2A2DF49D2C74}C:\users\martini\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martini\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{3C44ECD8-71DB-4DBD-B196-8C00B4A1B1EE}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{F94E77AE-A4CC-405E-94CF-AD29D3B62620}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{D5A60A8A-AD89-44F3-B057-AA3E11D9DB21}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{E1B3E7E0-F143-41A2-8927-ADBE360736A6}C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [{59714F0A-75DA-496D-8C69-3689EFBEDD3F}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{1E539715-D240-4087-B5BF-2CF7A025BB79}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{308BB2C5-4B35-4B3F-8920-1C2C0C04E67A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F5AD2C36-BA1E-4A49-9532-36CEE176EED5}C:\users\martini\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martini\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{AE2C639A-EBF7-4E21-82BA-75865A0B13BA}C:\users\martini\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\martini\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{2601D80A-70A4-4BF9-9EBE-FF013BD1958B}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
FirewallRules: [{85CBB283-EFD0-4288-858E-9FAE39B2F070}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
FirewallRules: [{3404AC84-A204-437C-A378-D73AC084D548}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe
FirewallRules: [{049E7E50-FFC7-4512-ADB7-06B089F2BC3E}] => (Allow) C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe
FirewallRules: [TCP Query User{94414F2C-D2E3-4829-A435-24CCF3FA6316}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B1CD5E60-ACD3-43AE-96B3-632B7CA3A301}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{64814C53-BB62-45EF-88A2-83C51E958221}C:\program files\epic games\4.7\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\4.7\engine\binaries\win64\ue4editor.exe
FirewallRules: [UDP Query User{B59BF2C9-4052-485A-BD2E-205617CEE65B}C:\program files\epic games\4.7\engine\binaries\win64\ue4editor.exe] => (Allow) C:\program files\epic games\4.7\engine\binaries\win64\ue4editor.exe
FirewallRules: [TCP Query User{2982D464-2AC1-432B-A832-26D7DB8F1BF2}C:\users\martini\documents\unreal projects\blackcat\saved\stagedbuilds\windowsnoeditor\engine\binaries\win64\ue4game.exe] => (Allow) C:\users\martini\documents\unreal projects\blackcat\saved\stagedbuilds\windowsnoeditor\engine\binaries\win64\ue4game.exe
FirewallRules: [UDP Query User{85A025B3-DAC5-4F7F-BFB6-66E72B589FB1}C:\users\martini\documents\unreal projects\blackcat\saved\stagedbuilds\windowsnoeditor\engine\binaries\win64\ue4game.exe] => (Allow) C:\users\martini\documents\unreal projects\blackcat\saved\stagedbuilds\windowsnoeditor\engine\binaries\win64\ue4game.exe
FirewallRules: [TCP Query User{66E87B92-0ACA-4614-84AC-AA117135B660}C:\program files\epic games\4.7\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\4.7\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [UDP Query User{8892F1B7-C268-493F-B120-EA8066AE6350}C:\program files\epic games\4.7\engine\binaries\dotnet\swarmagent.exe] => (Allow) C:\program files\epic games\4.7\engine\binaries\dotnet\swarmagent.exe
FirewallRules: [{2F4D3647-1714-440A-85AC-8597E06815C7}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{6A33C71C-666C-423D-A9F1-B5CDBACBC9D6}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [TCP Query User{5424AED8-CCF2-4595-ADF6-6FC14E9DC982}C:\windows\system32\taskhost.exe] => (Block) C:\windows\system32\taskhost.exe
FirewallRules: [UDP Query User{77F3F686-8578-4685-86A7-6C5B3B5677D8}C:\windows\system32\taskhost.exe] => (Block) C:\windows\system32\taskhost.exe
FirewallRules: [{A645B717-5BA7-424D-9C27-57295F21D4B1}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{49AADC9A-58F4-4901-BC97-88A6D055D1B4}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{69D0B763-BD0A-4372-B4C5-9BB2E53DFD49}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{B1C23616-888D-412A-AB96-1D6A97DB9A2A}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe

==================== Faulty Device Manager Devices =============

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/16/2015 10:32:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13011

Error: (06/16/2015 10:32:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13011

Error: (06/16/2015 10:32:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/16/2015 10:32:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12012

Error: (06/16/2015 10:32:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12012

Error: (06/16/2015 10:32:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/16/2015 10:32:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10998

Error: (06/16/2015 10:32:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10998

Error: (06/16/2015 10:32:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/16/2015 10:32:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10000


System errors:
=============
Error: (06/16/2015 10:13:43 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (06/15/2015 10:56:17 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (06/13/2015 08:19:30 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

    Neue Signaturversion:

    Vorherige Signaturversion: 1.199.2456.0

    Aktualisierungsquelle: %NT-AUTORITÄT51

    Aktualisierungsphase: 4.8.0204.00

    Quellpfad: 4.8.0204.01

    Signaturtyp: %NT-AUTORITÄT602

    Aktualisierungstyp: %NT-AUTORITÄT604

    Benutzer: NT-AUTORITÄT\NETZWERKDIENST

    Aktuelle Modulversion: %NT-AUTORITÄT605

    Vorherige Modulversion: %NT-AUTORITÄT606

    Fehlercode: %NT-AUTORITÄT607

    Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/13/2015 08:19:30 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

    Neue Signaturversion:

    Vorherige Signaturversion: 1.199.2456.0

    Aktualisierungsquelle: %NT-AUTORITÄT51

    Aktualisierungsphase: 4.8.0204.00

    Quellpfad: 4.8.0204.01

    Signaturtyp: %NT-AUTORITÄT602

    Aktualisierungstyp: %NT-AUTORITÄT604

    Benutzer: NT-AUTORITÄT\NETZWERKDIENST

    Aktuelle Modulversion: %NT-AUTORITÄT605

    Vorherige Modulversion: %NT-AUTORITÄT606

    Fehlercode: %NT-AUTORITÄT607

    Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/13/2015 08:19:29 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

    Neue Signaturversion:

    Vorherige Signaturversion: 1.199.2456.0

    Aktualisierungsquelle: %NT-AUTORITÄT59

    Aktualisierungsphase: 4.8.0204.00

    Quellpfad: 4.8.0204.01

    Signaturtyp: %NT-AUTORITÄT602

    Aktualisierungstyp: %NT-AUTORITÄT604

    Benutzer: NT-AUTORITÄT\SYSTEM

    Aktuelle Modulversion: %NT-AUTORITÄT605

    Vorherige Modulversion: %NT-AUTORITÄT606

    Fehlercode: %NT-AUTORITÄT607

    Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/13/2015 02:22:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Microsoft Security Essentials – KB2310138 (Definition 1.199.2528.0)

Error: (06/13/2015 02:21:12 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

    Neue Signaturversion:

    Vorherige Signaturversion: 1.199.2456.0

    Aktualisierungsquelle: %NT-AUTORITÄT51

    Aktualisierungsphase: 4.8.0204.00

    Quellpfad: 4.8.0204.01

    Signaturtyp: %NT-AUTORITÄT602

    Aktualisierungstyp: %NT-AUTORITÄT604

    Benutzer: NT-AUTORITÄT\NETZWERKDIENST

    Aktuelle Modulversion: %NT-AUTORITÄT605

    Vorherige Modulversion: %NT-AUTORITÄT606

    Fehlercode: %NT-AUTORITÄT607

    Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/13/2015 02:21:12 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

    Neue Signaturversion:

    Vorherige Signaturversion: 1.199.2456.0

    Aktualisierungsquelle: %NT-AUTORITÄT51

    Aktualisierungsphase: 4.8.0204.00

    Quellpfad: 4.8.0204.01

    Signaturtyp: %NT-AUTORITÄT602

    Aktualisierungstyp: %NT-AUTORITÄT604

    Benutzer: NT-AUTORITÄT\NETZWERKDIENST

    Aktuelle Modulversion: %NT-AUTORITÄT605

    Vorherige Modulversion: %NT-AUTORITÄT606

    Fehlercode: %NT-AUTORITÄT607

    Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/13/2015 02:21:08 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

    Neue Signaturversion:

    Vorherige Signaturversion: 1.199.2456.0

    Aktualisierungsquelle: %NT-AUTORITÄT59

    Aktualisierungsphase: 4.8.0204.00

    Quellpfad: 4.8.0204.01

    Signaturtyp: %NT-AUTORITÄT602

    Aktualisierungstyp: %NT-AUTORITÄT604

    Benutzer: NT-AUTORITÄT\SYSTEM

    Aktuelle Modulversion: %NT-AUTORITÄT605

    Vorherige Modulversion: %NT-AUTORITÄT606

    Fehlercode: %NT-AUTORITÄT607

    Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (06/13/2015 10:34:00 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.


Microsoft Office:
=========================
Error: (06/16/2015 10:32:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13011

Error: (06/16/2015 10:32:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13011

Error: (06/16/2015 10:32:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/16/2015 10:32:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12012

Error: (06/16/2015 10:32:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12012

Error: (06/16/2015 10:32:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/16/2015 10:32:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10998

Error: (06/16/2015 10:32:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10998

Error: (06/16/2015 10:32:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/16/2015 10:32:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10000


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770T CPU @ 2.50GHz
Percentage of memory in use: 73%
Total physical RAM: 4029.6 MB
Available physical RAM: 1054.89 MB
Total Pagefile: 8057.39 MB
Available Pagefile: 5186.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:21.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 1D1139A0)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 73DB82D6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

==================== End of log ============================

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by martini (administrator) on MARTINI-PC on 16-06-2015 22:22:54
Running from C:\Users\martini\Desktop
Loaded Profiles: martini (Available Profiles: martini)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(McAfee Inc.) C:\Program Files\McAfee\Raptor\Raptor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Autodesk Inc.) C:\Users\martini\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Dropbox, Inc.) C:\Users\martini\AppData\Roaming\Dropbox\bin\Dropbox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-04-15] (Power Software Ltd)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM\...\RunOnce: [Raptor] => C:\Program Files\McAfee\Raptor\Raptor.exe [1834864 2015-06-01] (McAfee Inc.)
HKU\S-1-5-21-3161130626-3097758383-3059665921-1000\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3161130626-3097758383-3059665921-1000\...\Run: [uTorrent] => C:\Users\martini\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-18] (BitTorrent Inc.)
HKU\S-1-5-21-3161130626-3097758383-3059665921-1000\...\Run: [wincl] => C:\Users\martini\AppData\Roaming\WinTds\wintds.exe
HKU\S-1-5-21-3161130626-3097758383-3059665921-1000\...\Run: [Dropbox Update] => C:\Users\martini\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-3161130626-3097758383-3059665921-1000\...\MountPoints2: F - F:\setup.exe
Startup: C:\Users\martini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-07-28]
ShortcutTarget: Dropbox.lnk -> C:\Users\martini\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\martini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j.lnk [2015-06-10]
ShortcutTarget: j.lnk -> C:\Users\martini\AppData\Roaming\obimhizaus.exe (Kareo)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\martini\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3161130626-3097758383-3059665921-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-07-26] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-06] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-06] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\martini\AppData\Roaming\Mozilla\Firefox\Profiles\yf1j72c8.default
FF Homepage: www.google.at
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-16] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-07-26] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-08-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: Sony Corporation/PMCADownloader -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\npPMCADownloader.dll [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderHelper -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderHelper.exe [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderLib -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderLib.dll [2012-10-17] (Sony Network Entertainment International LLC)
FF user.js: detected! => C:\Users\martini\AppData\Roaming\Mozilla\Firefox\Profiles\yf1j72c8.default\user.js [2013-08-11]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-03-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-03-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-03-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-03-13] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-03-13] (Apple Inc.)
FF SearchPlugin: C:\Users\martini\AppData\Roaming\Mozilla\Firefox\Profiles\yf1j72c8.default\searchplugins\BrowserDefender.xml [2013-08-11]
FF Extension: To Google Translate - C:\Users\martini\AppData\Roaming\Mozilla\Firefox\Profiles\yf1j72c8.default\Extensions\jid1-93WyvpgvxzGATw@jetpack.xpi [2013-08-10]
FF Extension: Adblock Plus - C:\Users\martini\AppData\Roaming\Mozilla\Firefox\Profiles\yf1j72c8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-10]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-14]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-07-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
R2 mi-raysat_3dsmax2012_64; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [86016 2011-02-22] () [File not signed]
S3 mi-raysat_3dsmax2015_64; C:\Program Files\Autodesk\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [86016 2011-09-15] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-15] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 22:22 - 2015-06-16 22:23 - 00016699 _____ C:\Users\martini\Desktop\FRST.txt
2015-06-16 22:21 - 2015-06-16 22:21 - 00000000 ____D C:\Users\martini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-16 22:20 - 2015-06-16 22:20 - 00004206 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3161130626-3097758383-3059665921-1000UA
2015-06-16 22:20 - 2015-06-16 22:20 - 00003810 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3161130626-3097758383-3059665921-1000Core
2015-06-16 22:20 - 2015-06-16 22:20 - 00001232 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3161130626-3097758383-3059665921-1000UA.job
2015-06-16 22:20 - 2015-06-16 22:20 - 00001180 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3161130626-3097758383-3059665921-1000Core.job
2015-06-16 22:20 - 2015-06-16 22:20 - 00000000 ____D C:\Users\martini\AppData\Local\Dropbox
2015-06-16 22:20 - 2015-06-16 22:20 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-16 22:13 - 2015-06-16 22:13 - 00000000 ____D C:\adobeTemp
2015-06-16 09:55 - 2015-06-16 09:56 - 107875067 _____ C:\Users\martini\Downloads\burka1.psd
2015-06-16 08:23 - 2015-06-16 22:19 - 00000000 ____D C:\Program Files (x86)\PowerDataRecovery
2015-06-16 08:22 - 2015-06-16 08:22 - 09822152 _____ (MiniTool Solution Ltd. ) C:\Users\martini\Downloads\pdr6free.exe
2015-06-15 23:35 - 2015-06-16 22:22 - 00000000 ____D C:\FRST
2015-06-15 23:35 - 2015-06-15 23:35 - 02109952 _____ (Farbar) C:\Users\martini\Downloads\FRST64.exe
2015-06-15 23:35 - 2015-06-15 23:35 - 02109952 _____ (Farbar) C:\Users\martini\Desktop\FRST64.exe
2015-06-15 22:45 - 2015-06-15 22:45 - 00128446 _____ C:\Users\martini\Desktop\summary.zip
2015-06-14 22:49 - 2015-06-14 23:25 - 00000000 ____D C:\Users\martini\Downloads\karussell 2015
2015-06-14 18:13 - 2015-06-14 18:14 - 64816342 _____ C:\Users\martini\Downloads\auswahl.rar
2015-06-14 14:58 - 2015-06-14 14:58 - 00089519 _____ C:\Users\martini\Desktop\summary.rar
2015-06-14 14:51 - 2015-06-14 14:50 - 00415232 _____ (Farbar) C:\Users\martini\Desktop\FSS.exe
2015-06-14 14:50 - 2015-06-14 14:50 - 00415232 _____ (Farbar) C:\Users\martini\Downloads\FSS.exe
2015-06-13 10:37 - 2015-06-13 10:37 - 136520315 _____ C:\Users\martini\Downloads\burka.psd
2015-06-12 23:10 - 2015-06-12 23:10 - 01197344 _____ C:\Users\martini\Downloads\Panda Ransomware Decrypt - CHIP-Installer.exe
2015-06-12 18:47 - 2015-06-12 19:37 - 1758924732 _____ C:\Users\martini\Downloads\Alexis_Adams_hd_tngf.mp4
2015-06-11 23:49 - 2015-06-11 23:49 - 04446072 _____ C:\Users\martini\Downloads\Decryptolocker.exe
2015-06-11 23:45 - 2015-06-11 23:45 - 00201216 _____ (Cisco Systems Inc.) C:\Users\martini\Downloads\TeslaDecrypter.exe
2015-06-11 22:21 - 2015-06-11 22:57 - 1664850126 _____ C:\Users\martini\Downloads\Real.Amateurs.bleep.For.Dollars.4.XXX.DVDRip.x264-XCiTE.mp4
2015-06-11 09:49 - 2015-06-11 10:19 - 837576608 _____ C:\Users\martini\Downloads\sexy_ava_big-3000.mp4
2015-06-11 09:39 - 2015-06-11 09:54 - 224748968 _____ C:\Users\martini\Downloads\iktg_skye_west_480p_1000.mp4
2015-06-11 09:38 - 2015-06-11 10:09 - 1256619043 _____ C:\Users\martini\Downloads\napfsvictoriatyler_720.mp4
2015-06-10 23:43 - 2015-06-10 23:58 - 380826070 _____ C:\Users\martini\Downloads\loving_liza_big.mp4
2015-06-10 23:40 - 2015-06-11 00:09 - 1271838561 _____ C:\Users\martini\Downloads\mshfisabellajohnny_720.mp4
2015-06-10 12:42 - 2015-06-10 12:42 - 77664256 __RSH (Kareo) C:\Users\martini\AppData\Roaming\obimhizaus.exe
2015-06-08 22:24 - 2015-06-08 22:24 - 181838189 _____ C:\Users\martini\Downloads\outsider.psd
2015-06-08 01:24 - 2015-06-08 01:31 - 118286777 _____ C:\Users\martini\Downloads\thanatos.psd
2015-06-08 01:24 - 2015-06-08 01:31 - 109908783 _____ C:\Users\martini\Downloads\eros.psd
2015-06-07 12:32 - 2015-06-07 12:32 - 00060742 _____ C:\Users\martini\Downloads\memberdata.csv
2015-06-07 00:05 - 2015-06-07 00:14 - 494483516 _____ C:\Users\martini\Downloads\so_lovely_big.mp4
2015-06-06 23:09 - 2015-06-16 22:19 - 00000000 ____D C:\Program Files (x86)\R-Studio
2015-06-06 23:09 - 2015-06-06 23:09 - 00000000 ____D C:\Users\martini\Documents\R-TT
2015-06-06 23:09 - 2015-06-06 23:09 - 00000000 ____D C:\Users\martini\AppData\Roaming\R-TT
2015-06-06 23:08 - 2015-06-06 23:08 - 38481720 _____ (R-Tools Technology Inc.) C:\Users\martini\Downloads\RStudio7.exe
2015-06-06 22:58 - 2015-06-16 22:18 - 00000000 ____D C:\Program Files\Recuva
2015-06-06 22:57 - 2015-06-06 22:57 - 04426120 _____ (Piriform Ltd) C:\Users\martini\Downloads\rcsetup152.exe
2015-06-06 22:48 - 2015-06-06 22:57 - 00000000 ____D C:\Users\martini\Downloads\testdisk-7.0
2015-06-06 22:40 - 2015-06-06 22:42 - 12444088 _____ C:\Users\martini\Downloads\testdisk-7.0.win.zip
2015-06-06 22:10 - 2015-06-06 22:10 - 00969845 _____ (ShadowExplorer.com ) C:\Users\martini\Downloads\ShadowExplorer-0.9-setup.exe
2015-06-06 22:03 - 2015-06-06 22:22 - 79712368 _____ (NathanScott Apps) C:\Users\martini\Downloads\LockerUnlocker_v1.0.6.0.exe
2015-06-06 21:56 - 2015-06-06 22:11 - 00001889 _____ C:\Users\martini\Desktop\ShadowExplorer.lnk
2015-06-06 21:56 - 2015-06-06 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2015-06-06 21:56 - 2015-06-06 22:11 - 00000000 ____D C:\Program Files (x86)\ShadowExplorer
2015-06-06 21:56 - 2015-06-06 21:56 - 00937024 _____ (ShadowExplorer.com ) C:\Users\martini\Downloads\ShadowExplorer-0.8-setup.exe
2015-06-06 21:56 - 2015-06-06 21:56 - 00000000 ____D C:\Users\martini\AppData\Roaming\www.shadowexplorer.com
2015-06-03 09:26 - 2015-06-03 09:28 - 79101960 _____ (NathanScott Apps) C:\Users\martini\Downloads\LockerUnlocker(1).exe
2015-06-03 09:15 - 2015-06-06 22:22 - 00000000 ____D C:\Users\martini\AppData\Local\LockerUnlocker
2015-06-03 09:13 - 2015-06-03 09:14 - 79101960 _____ (NathanScott Apps) C:\Users\martini\Downloads\LockerUnlocker.exe
2015-06-02 22:18 - 2015-06-10 01:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 09:26 - 2015-06-02 09:26 - 03437489 _____ (NathanScott Apps) C:\Users\martini\Downloads\TorrentUnlocker.exe
2015-06-02 09:26 - 2015-06-02 09:26 - 00000000 ____D C:\Users\martini\AppData\Local\TorrentUnlocker
2015-06-02 01:46 - 2015-06-02 01:46 - 01340848 _____ (Emsisoft Ltd) C:\Users\martini\Downloads\decrypt_pclock2(1).exe
2015-06-02 01:13 - 2015-06-02 01:13 - 00000000 ____D C:\Users\martini\AppData\Local\GWX
2015-06-01 22:18 - 2015-06-15 22:07 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-01 22:18 - 2015-06-01 22:18 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-01 22:18 - 2015-06-01 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-01 22:18 - 2015-06-01 22:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-01 22:18 - 2015-06-01 22:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-01 22:18 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-01 22:18 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-01 22:18 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-01 22:15 - 2015-06-01 22:15 - 00000118 ___RH C:\Users\martini\Downloads\Stinger.opt
2015-06-01 22:15 - 2015-06-01 22:15 - 00000000 ____D C:\Quarantine
2015-06-01 22:11 - 2015-06-01 22:15 - 00000000 ____D C:\Program Files (x86)\stinger
2015-06-01 22:11 - 2015-06-01 22:11 - 00000000 ____D C:\Program Files\McAfee
2015-06-01 21:39 - 2015-06-10 01:11 - 00000000 ____D C:\Users\martini\Desktop\zadnji clanak
2015-06-01 09:50 - 2015-06-01 09:50 - 01340848 _____ (Emsisoft Ltd) C:\Users\martini\Downloads\decrypt_pclock2.exe
2015-05-30 09:42 - 2015-05-30 09:42 - 15178781 _____ C:\Users\martini\enc_files.txt
2015-05-30 09:29 - 2015-06-01 00:33 - 00000000 ____D C:\Users\martini\AppData\Roaming\WinTds
2015-05-26 18:58 - 2015-05-30 11:52 - 00426213 _____ C:\Users\martini\Downloads\Rjesenje STALNI SUDSKI TUMAC(1).jpeg
2015-05-26 18:58 - 2015-05-26 18:58 - 00000084 ____H C:\Users\martini\Downloads\.picasa.ini
2015-05-26 18:57 - 2015-05-30 11:52 - 00426213 _____ C:\Users\martini\Downloads\Rjesenje STALNI SUDSKI TUMAC.jpeg
2015-05-26 16:35 - 2015-05-26 16:35 - 00000000 ____D C:\Users\martini\Desktop\09 Zadar
2015-05-26 16:15 - 2015-05-26 16:18 - 00000000 ____D C:\Users\martini\Desktop\05 Davorin pogreb
2015-05-25 12:04 - 2015-05-25 12:04 - 00000000 ____D C:\Users\martini\AppData\Roaming\AMD
2015-05-25 12:01 - 2015-05-25 12:01 - 00000000 ____D C:\ProgramData\ATI
2015-05-25 12:00 - 2015-05-25 12:00 - 00000000 ____D C:\Users\martini\AppData\Roaming\library_dir
2015-05-25 11:59 - 2015-06-06 21:57 - 00000000 ____D C:\Users\martini\AppData\Roaming\Raptr
2015-05-25 11:59 - 2015-06-01 10:10 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-05-25 11:59 - 2015-05-25 11:59 - 00053736 _____ C:\Windows\SysWOW64\CCCInstall_201505251159336760.log
2015-05-25 11:59 - 2015-05-25 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-05-25 11:59 - 2015-05-25 11:59 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2015-05-25 11:59 - 2015-05-25 11:59 - 00000000 ____D C:\Program Files (x86)\AMD
2015-05-25 11:57 - 2015-05-25 11:58 - 00000000 ____D C:\Program Files\AMD
2015-05-25 11:44 - 2015-05-25 11:44 - 00000000 ____D C:\Users\martini\AppData\Roaming\Adobe Mini Bridge CS5
2015-05-24 13:33 - 2015-05-24 13:33 - 00000000 ____D C:\Users\martini\AppData\Roaming\Steam
2015-05-24 05:12 - 2015-05-24 05:12 - 00001170 _____ C:\Users\martini\Desktop\Wolfenstein The Old Blood.lnk
2015-05-24 05:12 - 2015-05-24 05:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein The Old Blood
2015-05-24 04:47 - 2015-05-24 12:22 - 00000000 ____D C:\Program Files (x86)\Wolfenstein The Old Blood
2015-05-23 19:10 - 2015-05-23 19:10 - 00000000 ____D C:\Users\martini\Tracing
2015-05-23 00:26 - 2015-05-23 00:29 - 00000000 ____D C:\Users\martini\Documents\Project CARS
2015-05-23 00:26 - 2015-05-23 00:26 - 00000000 ____D C:\Users\martini\Documents\wmd_symbol_cache
2015-05-22 19:54 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-22 19:54 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-16 22:23 - 2013-07-08 22:35 - 02063020 _____ C:\Windows\WindowsUpdate.log
2015-06-16 22:22 - 2009-07-14 19:58 - 00699432 _____ C:\Windows\system32\perfh007.dat
2015-06-16 22:22 - 2009-07-14 19:58 - 00149572 _____ C:\Windows\system32\perfc007.dat
2015-06-16 22:22 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-16 22:21 - 2013-07-28 21:16 - 00000000 ___RD C:\Users\martini\Dropbox
2015-06-16 22:21 - 2013-07-28 21:12 - 00000000 ____D C:\Users\martini\AppData\Roaming\Dropbox
2015-06-16 22:18 - 2014-05-11 18:52 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-06-16 22:18 - 2014-01-07 09:44 - 00000000 ____D C:\Users\martini\AppData\Roaming\uTorrent
2015-06-16 22:18 - 2013-07-08 23:24 - 00160444 _____ C:\Windows\PFRO.log
2015-06-16 22:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-16 22:18 - 2009-07-14 06:51 - 00043720 _____ C:\Windows\setupact.log
2015-06-16 22:17 - 2013-08-11 00:56 - 00000000 ____D C:\Program Files (x86)\JDownloader
2015-06-16 22:15 - 2013-07-08 23:27 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-06-16 22:15 - 2013-07-08 23:27 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-16 22:15 - 2013-07-08 23:22 - 00000000 ____D C:\ProgramData\Adobe
2015-06-16 22:15 - 2013-07-08 22:53 - 00000000 ____D C:\Users\martini\AppData\Roaming\Adobe
2015-06-16 22:12 - 2013-07-08 23:24 - 00000000 ____D C:\Users\martini\AppData\Local\Adobe
2015-06-16 22:12 - 2013-07-08 22:35 - 00000000 ____D C:\Users\martini
2015-06-16 22:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2015-06-15 22:02 - 2009-07-14 06:45 - 00020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-15 22:02 - 2009-07-14 06:45 - 00020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-12 23:13 - 2015-03-07 01:20 - 00000000 ____D C:\Users\martini\Downloads\cat
2015-06-10 01:12 - 2013-07-09 01:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-06 23:32 - 2015-05-11 16:29 - 00000000 ____D C:\Users\martini\Desktop\04 KISTL Theater
2015-06-02 01:31 - 2014-06-12 22:22 - 00000000 ____D C:\Users\martini\AppData\Roaming\vlc
2015-05-30 11:52 - 2015-03-27 18:50 - 16867311 _____ C:\Users\martini\Downloads\skracenoom.zip
2015-05-30 11:52 - 2015-03-03 23:40 - 03496877 _____ C:\Users\martini\Downloads\the euro trap.epub
2015-05-30 11:52 - 2015-01-13 23:28 - 11126952 _____ C:\Users\martini\Downloads\traubenetikett_2014_6fach.psd
2015-05-30 11:52 - 2015-01-13 23:22 - 02380371 _____ C:\Users\martini\Downloads\traubenetikett_2014.psd
2015-05-30 11:52 - 2014-10-03 11:17 - 12731932 _____ C:\Users\martini\Downloads\quantitative analysis for management.rar
2015-05-30 11:51 - 2015-03-27 20:12 - 08322604 _____ C:\Users\martini\Downloads\eBook Economics Foundations Of Econometrics by Oxford Press.rar
2015-05-30 11:51 - 2015-03-24 21:59 - 19220727 _____ C:\Users\martini\Downloads\David_Leitner_Available.pdf.zip
2015-05-30 11:51 - 2015-02-20 19:10 - 26194797 _____ C:\Users\martini\Downloads\finanzwesen.zip
2015-05-30 11:51 - 2015-02-20 19:09 - 113294051 _____ C:\Users\martini\Downloads\buchhaltung-finanzen.zip
2015-05-30 11:51 - 2015-02-20 19:06 - 130581909 _____ C:\Users\martini\Downloads\finanzierung.zip
2015-05-30 11:51 - 2014-11-17 01:56 - 01363968 _____ C:\Users\martini\Downloads\Lebenslauf_2014.indd
2015-05-30 11:51 - 2014-11-06 17:34 - 29511762 _____ C:\Users\martini\Downloads\FULL_SIZES_15.rar
2015-05-30 11:51 - 2014-11-03 01:31 - 20579841 _____ C:\Users\martini\Downloads\GORAN-DRAFT.rar
2015-05-30 11:51 - 2014-11-02 16:43 - 01020858 _____ C:\Users\martini\Downloads\fwdnlp.zip
2015-05-30 11:51 - 2014-08-11 22:09 - 20349044 _____ C:\Users\martini\Downloads\alice_alpha.tga
2015-05-30 11:51 - 2014-08-11 22:07 - 20416364 _____ C:\Users\martini\Downloads\alice.tga
2015-05-30 11:51 - 2013-10-12 18:32 - 74244647 _____ C:\Users\martini\Downloads\Osnove ekonomije.zip
2015-05-30 10:03 - 2014-11-17 18:25 - 01347584 _____ C:\Users\martini\Documents\Bewerbung_Learnconsult.indd
2015-05-30 10:03 - 2014-11-17 04:12 - 01167360 _____ C:\Users\martini\Documents\Bewerbung_DIS AG.indd
2015-05-30 10:03 - 2014-11-17 03:18 - 01306624 _____ C:\Users\martini\Documents\Bewerbung_GMK.indd
2015-05-30 10:03 - 2014-11-17 01:56 - 01363968 _____ C:\Users\martini\Documents\Lebenslauf_2014.indd
2015-05-30 10:03 - 2014-09-10 16:20 - 01378418 _____ C:\Users\martini\Documents\gekko2.ai
2015-05-30 10:03 - 2014-09-09 18:30 - 00016946 _____ C:\Users\martini\Documents\Ana Kolega Übersicht.xlsx
2015-05-30 10:03 - 2014-09-09 15:44 - 04611284 _____ C:\Users\martini\Documents\gekko2.psd
2015-05-30 10:03 - 2014-09-09 14:14 - 07515658 _____ C:\Users\martini\Documents\gekko_mitfoto.psd
2015-05-30 10:03 - 2014-09-08 23:03 - 05292702 _____ C:\Users\martini\Documents\gekko.psd
2015-05-30 10:03 - 2014-09-08 12:39 - 01364742 _____ C:\Users\martini\Documents\gekko.ai
2015-05-30 10:03 - 2013-11-30 21:22 - 00061440 _____ C:\Users\martini\Documents\tatortkunst_schnaps.indb
2015-05-30 10:03 - 2013-10-07 23:39 - 03923968 _____ C:\Users\martini\Documents\presseaussendung_tatortkunst_schmerz.indd
2015-05-30 10:03 - 2013-08-10 13:34 - 00078494 _____ C:\Users\martini\Documents\cd_liste_tomi_special.xps
2015-05-30 09:42 - 2015-02-02 00:24 - 08319889 _____ C:\Users\martini\Desktop\Kalkulation Vernissage.xlsx
2015-05-30 09:42 - 2014-10-17 22:07 - 221390902 _____ C:\Users\martini\Desktop\flyer_fotografie.psd
2015-05-25 11:59 - 2013-07-16 23:40 - 00000000 ____D C:\ProgramData\AMD
2015-05-25 11:58 - 2013-07-16 23:39 - 00000000 ____D C:\Program Files\ATI Technologies
2015-05-25 11:56 - 2013-08-09 22:58 - 00000000 ____D C:\ProgramData\Package Cache
2015-05-25 11:52 - 2013-07-16 23:38 - 00000000 ____D C:\AMD
2015-05-24 03:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2015-05-23 19:50 - 2013-07-26 21:08 - 00000000 ____D C:\Users\martini\AppData\Roaming\Skype
2015-05-23 19:10 - 2014-11-18 23:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-05-23 19:10 - 2013-07-26 21:07 - 00000000 ____D C:\ProgramData\Skype
2015-05-23 01:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-05-22 20:15 - 2015-04-09 22:39 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-22 20:15 - 2015-04-09 22:39 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-22 20:15 - 2014-12-11 04:20 - 00000000 ____D C:\Windows\system32\appraiser
2015-05-22 20:15 - 2014-04-30 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-05-22 20:15 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-22 20:15 - 2009-07-14 06:45 - 05008056 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-22 20:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-22 20:04 - 2013-07-08 23:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-22 20:03 - 2013-08-20 00:19 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-22 20:03 - 2013-08-20 00:19 - 00001912 _____ C:\Windows\epplauncher.mif
2015-05-22 20:03 - 2013-08-20 00:19 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-05-22 20:03 - 2013-08-20 00:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-05-22 20:02 - 2013-11-15 23:20 - 01594028 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-22 20:01 - 2013-08-15 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-05-22 19:55 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2015-05-18 22:10 - 2013-07-09 20:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Files in the root of some directories =======

2014-03-02 21:18 - 2014-10-12 19:17 - 0000132 _____ () C:\Users\martini\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-03-02 21:20 - 2014-08-11 22:09 - 0000132 _____ () C:\Users\martini\AppData\Roaming\Adobe Targa Format CS5 Prefs
2015-06-10 12:42 - 2015-06-10 12:42 - 77664256 __RSH (Kareo) C:\Users\martini\AppData\Roaming\obimhizaus.exe
2015-02-04 01:16 - 2015-05-11 00:54 - 0005120 _____ () C:\Users\martini\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-15 14:45 - 2013-08-15 14:45 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-07-11 21:48 - 2010-11-20 14:17 - 72826880 ___SH () C:\ProgramData\msjoxck.exe

Files to move or delete:
====================
C:\ProgramData\msjoxck.exe


Some files in TEMP:
====================
C:\Users\martini\AppData\Local\Temp\AcDeltree.exe
C:\Users\martini\AppData\Local\Temp\agbzdgyx.exe
C:\Users\martini\AppData\Local\Temp\cdo4176609750.dll
C:\Users\martini\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpotcl9d.dll
C:\Users\martini\AppData\Local\Temp\FreeStudio.exe
C:\Users\martini\AppData\Local\Temp\InstallAX.exe
C:\Users\martini\AppData\Local\Temp\InstallPlugin.exe
C:\Users\martini\AppData\Local\Temp\launcher_vs2012_sp4_vcredist_x86.exe
C:\Users\martini\AppData\Local\Temp\mljx.exe
C:\Users\martini\AppData\Local\Temp\nso896C.tmp.exe
C:\Users\martini\AppData\Local\Temp\ose00000.exe
C:\Users\martini\AppData\Local\Temp\PidGenX.dll
C:\Users\martini\AppData\Local\Temp\raptrpatch.exe
C:\Users\martini\AppData\Local\Temp\raptr_stub.exe
C:\Users\martini\AppData\Local\Temp\safeguard.exe
C:\Users\martini\AppData\Local\Temp\SkypeSetup.exe
C:\Users\martini\AppData\Local\Temp\sonarinst.exe
C:\Users\martini\AppData\Local\Temp\uninst1.exe
C:\Users\martini\AppData\Local\Temp\Update.exe
C:\Users\martini\AppData\Local\Temp\xmlUpdater.exe
C:\Users\martini\AppData\Local\Temp\~convert5376117890859769865.exe
C:\Users\martini\AppData\Local\Temp\~convert539290703745595758.exe
C:\Users\martini\AppData\Local\Temp\~convert6451164482104206547.exe
C:\Users\martini\AppData\Local\Temp\~convert6579318205344826819.exe
C:\Users\martini\AppData\Local\Temp\~convert8466170769192746535.exe
C:\Users\martini\AppData\Local\Temp\~convert8992786664121824424.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 01:04

==================== End of log ============================



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:11 PM

Posted 16 June 2015 - 03:52 PM

Thank you for understanding. Unfortunately at this point you should assume we will be unable to decrypt your files.

Do you recognize this?
 
C:\Users\martini\Desktop\zadnji clanak


Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Startup: C:\Users\martini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j.lnk [2015-06-10]
ShortcutTarget: j.lnk -> C:\Users\martini\AppData\Roaming\obimhizaus.exe (Kareo)
SearchScopes: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
FF user.js: detected! => C:\Users\martini\AppData\Roaming\Mozilla\Firefox\Profiles\yf1j72c8.default\user.js [2013-08-11]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2013-07-11 21:48 - 2010-11-20 14:17 - 72826880 ___SH () C:\ProgramData\msjoxck.exe
C:\Users\martini\AppData\Local\Temp\AcDeltree.exe
C:\Users\martini\AppData\Local\Temp\agbzdgyx.exe
C:\Users\martini\AppData\Local\Temp\cdo4176609750.dll
C:\Users\martini\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkrbdo8.dll
C:\Users\martini\AppData\Local\Temp\FreeStudio.exe
C:\Users\martini\AppData\Local\Temp\InstallAX.exe
C:\Users\martini\AppData\Local\Temp\InstallPlugin.exe
C:\Users\martini\AppData\Local\Temp\launcher_vs2012_sp4_vcredist_x86.exe
C:\Users\martini\AppData\Local\Temp\mljx.exe
C:\Users\martini\AppData\Local\Temp\nso896C.tmp.exe
C:\Users\martini\AppData\Local\Temp\ose00000.exe
C:\Users\martini\AppData\Local\Temp\PidGenX.dll
C:\Users\martini\AppData\Local\Temp\raptrpatch.exe
C:\Users\martini\AppData\Local\Temp\raptr_stub.exe
C:\Users\martini\AppData\Local\Temp\safeguard.exe
C:\Users\martini\AppData\Local\Temp\SkypeSetup.exe
C:\Users\martini\AppData\Local\Temp\sonarinst.exe
C:\Users\martini\AppData\Local\Temp\uninst1.exe
C:\Users\martini\AppData\Local\Temp\Update.exe
C:\Users\martini\AppData\Local\Temp\xmlUpdater.exe
C:\Users\martini\AppData\Local\Temp\~convert5376117890859769865.exe
C:\Users\martini\AppData\Local\Temp\~convert539290703745595758.exe
C:\Users\martini\AppData\Local\Temp\~convert6451164482104206547.exe
C:\Users\martini\AppData\Local\Temp\~convert6579318205344826819.exe
C:\Users\martini\AppData\Local\Temp\~convert8466170769192746535.exe
C:\Users\martini\AppData\Local\Temp\~convert8992786664121824424.exe
AlternateDataStreams: C:\Users\martini\AppData\Local\Temp:PtU8FVnM48FavMrNGX7d6vy5Uo
Hosts:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recoginze the folder?
  • Fixlog
  • Are you experiencing any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Martin_E

Martin_E
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 16 June 2015 - 04:27 PM

Thx for your advice. I just deinstalled ytorrent, though I didn t use it for ages anyway. I am aware of the risk.

 

What do you mean with: "Unfortunately at this point you should assume we will be unable to decrypt your files." ?  Is there no chance at all to decrypt my files?

 

- Yes, I know this folder. Its study documents.

- No issues in generall

- Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by martini at 2015-06-16 23:20:29 Run:1
Running from C:\Users\martini\Desktop
Loaded Profiles: martini (Available Profiles: martini)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Startup: C:\Users\martini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j.lnk [2015-06-10]
ShortcutTarget: j.lnk -> C:\Users\martini\AppData\Roaming\obimhizaus.exe (Kareo)
SearchScopes: HKU\S-1-5-21-3161130626-3097758383-3059665921-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
FF user.js: detected! => C:\Users\martini\AppData\Roaming\Mozilla\Firefox\Profiles\yf1j72c8.default\user.js [2013-08-11]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2013-07-11 21:48 - 2010-11-20 14:17 - 72826880 ___SH () C:\ProgramData\msjoxck.exe
C:\Users\martini\AppData\Local\Temp\AcDeltree.exe
C:\Users\martini\AppData\Local\Temp\agbzdgyx.exe
C:\Users\martini\AppData\Local\Temp\cdo4176609750.dll
C:\Users\martini\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkrbdo8.dll
C:\Users\martini\AppData\Local\Temp\FreeStudio.exe
C:\Users\martini\AppData\Local\Temp\InstallAX.exe
C:\Users\martini\AppData\Local\Temp\InstallPlugin.exe
C:\Users\martini\AppData\Local\Temp\launcher_vs2012_sp4_vcredist_x86.exe
C:\Users\martini\AppData\Local\Temp\mljx.exe
C:\Users\martini\AppData\Local\Temp\nso896C.tmp.exe
C:\Users\martini\AppData\Local\Temp\ose00000.exe
C:\Users\martini\AppData\Local\Temp\PidGenX.dll
C:\Users\martini\AppData\Local\Temp\raptrpatch.exe
C:\Users\martini\AppData\Local\Temp\raptr_stub.exe
C:\Users\martini\AppData\Local\Temp\safeguard.exe
C:\Users\martini\AppData\Local\Temp\SkypeSetup.exe
C:\Users\martini\AppData\Local\Temp\sonarinst.exe
C:\Users\martini\AppData\Local\Temp\uninst1.exe
C:\Users\martini\AppData\Local\Temp\Update.exe
C:\Users\martini\AppData\Local\Temp\xmlUpdater.exe
C:\Users\martini\AppData\Local\Temp\~convert5376117890859769865.exe
C:\Users\martini\AppData\Local\Temp\~convert539290703745595758.exe
C:\Users\martini\AppData\Local\Temp\~convert6451164482104206547.exe
C:\Users\martini\AppData\Local\Temp\~convert6579318205344826819.exe
C:\Users\martini\AppData\Local\Temp\~convert8466170769192746535.exe
C:\Users\martini\AppData\Local\Temp\~convert8992786664121824424.exe
AlternateDataStreams: C:\Users\martini\AppData\Local\Temp:PtU8FVnM48FavMrNGX7d6vy5Uo
Hosts:
*****************

C:\Users\martini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j.lnk => moved successfully.
C:\Users\martini\AppData\Roaming\obimhizaus.exe => moved successfully.
HKU\S-1-5-21-3161130626-3097758383-3059665921-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Users\martini\AppData\Roaming\Mozilla\Firefox\Profiles\yf1j72c8.default\user.js => moved successfully.
Synth3dVsc => Service removed successfully
tsusbhub => Service removed successfully
VGPU => Service removed successfully
C:\ProgramData\msjoxck.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\AcDeltree.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\agbzdgyx.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\cdo4176609750.dll => moved successfully.
"C:\Users\martini\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkrbdo8.dll" => File/Folder not found.
C:\Users\martini\AppData\Local\Temp\FreeStudio.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\InstallAX.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\InstallPlugin.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\launcher_vs2012_sp4_vcredist_x86.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\mljx.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\nso896C.tmp.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\ose00000.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\PidGenX.dll => moved successfully.
C:\Users\martini\AppData\Local\Temp\raptrpatch.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\raptr_stub.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\safeguard.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\SkypeSetup.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\sonarinst.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\uninst1.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\Update.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\xmlUpdater.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\~convert5376117890859769865.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\~convert539290703745595758.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\~convert6451164482104206547.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\~convert6579318205344826819.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\~convert8466170769192746535.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp\~convert8992786664121824424.exe => moved successfully.
C:\Users\martini\AppData\Local\Temp => ":PtU8FVnM48FavMrNGX7d6vy5Uo" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.

==== End of Fixlog 23:20:30 ====



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:11 PM

Posted 16 June 2015 - 04:36 PM

Greetings,
 

Is there no chance at all to decrypt my files?

Unfortunately that is correct. The encryption is sophisticated not only in making your files inaccessible but also in covering its tracks. The encryption key information needed to unlock the files is neither present on your computer or contained within the files themselves.

The only thing I can offer is to do our best to make sure your computer is clean. If you would like to take the final few steps to accomplish that please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Martin_E

Martin_E
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 16 June 2015 - 04:45 PM

 

Unfortunately that is correct. The encryption is sophisticated not only in making your files inaccessible but also in covering its tracks. The encryption key information needed to unlock the files is neither present on your computer or contained within the files themselves.

 

Damn! This was not the anwer I wanted to hear... :-(

But I ll do the scan over night and post the log.

 

Thx for your help and time anyway!



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:11 PM

Posted 18 June 2015 - 08:50 AM

Greetings,

 

Would you like to do the last couple of scans or would you prefer I close the Topic?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,531 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:11 PM

Posted 21 June 2015 - 09:09 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Martin_E

Martin_E
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 21 June 2015 - 03:20 PM

Sorry, I was very busy the last days.

 

Thanks, but I decided to format and reinstall my my harddrive completely. Didn t really trust my PC anymore as long I need it for work.

 

You can close the post.

 

Sincerly, Martin






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users