|
Plagegeister aller Art und deren Bekämpfung: Benutzerprofildienst lädt ewigWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.07.2014, 09:30 | #1 |
Benutzerprofildienst lädt ewig Hi, Gestern als ich Sims 2 gespielt habe hat sich plötzlich mein Spiel aufgehangen. Wie jeder andere auch dachte ich mir es liegt nur am Spiel. Also wollte ich die Priorität vom Prozess erhöhen, doch der ganze PC hat sich aufgehangen. Ich habe den Computer neu gestartet und folgendes passiert: 1. Versuch: Keine Desktop-Symbole - PC aufgehangen 2. Versuch: Bildschirm schwarz 3. Versuch: Er bleibt bei "Warten auf Benutzerprofildienst" hängen. Ich kann mich nur noch im abgesicherten Modus anmelden. Systemwiederherstellung schlägt auch immer fehl, da steht immer möglicherweise ist ihre Festplatte beschädigt. Ich hab den Befehl der da stand (chkdsk /R) ausgeführt und der hat keine Fehler gefunden. Ich hab nur folgende Software vorher installiert: Cybersoft Top Secret 2.0 Aber hab ich dann im abgesicherten Modus deinstalliert mit Revo Uninstaller. Hier noch FRST-Log: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014 Ran by Kaskadeking (administrator) on KASKADEKING-PC on 27-07-2014 10:17:46 Running from C:\Users\Kaskadeking\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Safe Mode (with Networking) The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-01] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-06-16] (Oracle Corporation) HKU\S-1-5-21-4058871879-2829469030-3260525534-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com) HKU\S-1-5-21-4058871879-2829469030-3260525534-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-4058871879-2829469030-3260525534-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC) HKU\S-1-5-21-4058871879-2829469030-3260525534-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-4058871879-2829469030-3260525534-1000\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1 IFEO\taskmgr.exe: [Debugger] "C:\USERS\KASKADEKING\DOCUMENTS\PROCESSEXPLORER\PROCEXP.EXE" Startup: C:\Users\Kaskadeking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kaskadeking\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kaskadeking\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kaskadeking\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC6CB5525ACE2CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{6F19C187-7861-4839-A7CF-716C1C6FEECE}: [NameServer]127.0.0.1 FireFox: ======== FF ProfilePath: C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default FF Homepage: https://www.google.de FF NetworkProxy: "autoconfig_url", "hxxp://localhost:8080/proxy.pac" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.11.2 - C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.11.2 - C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nielsen/FirefoxTracker - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Kaskadeking\AppData\Local\Roblox\Versions\version-1112937d32504d8c\\NPRobloxProxy.dll ( ROBLOX Corporation) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Kaskadeking\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: HTTPS-Everywhere - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\https-everywhere@eff.org [2014-06-27] FF Extension: WOT - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-12] FF Extension: Firebug - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\firebug@software.joehewitt.com.xpi [2014-07-01] FF Extension: MEGA - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\firefox@mega.co.nz.xpi [2014-04-23] FF Extension: Magic Actions for YouTube™ - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2014-07-18] FF Extension: Stylish - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-07-18] FF Extension: NoScript - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-16] FF Extension: DownThemAll! - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-11-20] FF Extension: Adblock Edge - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-03-15] FF Extension: No Name - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\na8igrqn.MC-Manager\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-21] FF Extension: No Name - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\na8igrqn.MC-Manager\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-05-21] FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Privacy Suite 14\spmplugin3 FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-24] FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi Chrome: ======= CHR HomePage: CHR Extension: (avast! Online Security) - C:\Users\Kaskadeking\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-16] CHR Extension: (SmallringFX DarkBlue Theme) - C:\Users\Kaskadeking\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfijmgohofmpjlcgmjplbpmkpchdhpk [2014-03-05] CHR Extension: (Google Wallet) - C:\Users\Kaskadeking\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-11] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-01] (AVAST Software) S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-01] (BlueStack Systems, Inc.) S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-01] (BlueStack Systems, Inc.) S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-01] (BlueStack Systems, Inc.) S4 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed] S2 dnscrypt-proxy; C:\Users\Kaskadeking\Desktop\DNSCrypt Windows Service Manager Package\dnscrypt-proxy.exe [258062 2013-09-16] () [File not signed] S3 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [642048 2014-06-07] (FileZilla Project) [File not signed] S2 HerculesWiFi; C:\Windows\SysWOW64\\HerculesWiFiService.exe [78232 2012-07-31] (Guillemot Corporation) S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-23] () S2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.) S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC) S2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-03-05] (Microsoft Corporation) [File not signed] S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Player\vmware-hostd.exe [14407384 2014-04-14] () S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-05] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [151648 2014-06-10] (Alfa System Programming) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-01] () S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-01] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-01] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-01] () S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-01] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-01] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-01] () S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-01] (BlueStack Systems) S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-22] (Disc Soft Ltd) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [85016 2014-03-09] (Sysinternals - www.sysinternals.com) S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1065616 2012-07-11] (Realtek Semiconductor Corporation ) S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-06-20] (Duplex Secure Ltd.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-06-15] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-06-15] (Acronis International GmbH) S1 Vdsk; C:\Windows\System32\Drivers\vdsk.sys [55552 2013-09-17] (NT KERNEL RESOURCES LAB.) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-06-15] (Acronis International GmbH) S2 VMparport; C:\Windows\system32\drivers\VMparport.sys [32472 2014-04-14] (VMware, Inc.) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) S2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] U3 DfSdkS; S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-27 10:09 - 2014-07-27 10:18 - 00017675 _____ () C:\Users\Kaskadeking\Desktop\FRST.txt 2014-07-27 10:09 - 2014-07-27 10:17 - 00000000 ____D () C:\FRST 2014-07-27 10:08 - 2014-07-27 04:06 - 02093568 _____ (Farbar) C:\Users\Kaskadeking\Desktop\FRST64.exe 2014-07-27 10:07 - 2014-07-27 10:07 - 00000310 _____ () C:\Windows\PFRO.log 2014-07-26 11:10 - 2014-07-26 11:10 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin 2014-07-26 11:10 - 2014-07-26 11:10 - 00000000 ____D () C:\ProgramData\Caphyon 2014-07-26 11:10 - 2014-06-10 16:58 - 00151648 _____ (Alfa System Programming) C:\Windows\system32\Drivers\AlfaFF.sys 2014-07-26 11:10 - 2013-09-17 19:40 - 00055552 _____ (NT KERNEL RESOURCES LAB.) C:\Windows\system32\Drivers\vdsk.sys 2014-07-26 11:09 - 2014-07-26 11:16 - 00000000 ____D () C:\Users\Public\Documents\cs 2014-07-26 10:55 - 2014-07-26 21:10 - 00000896 _____ () C:\Windows\setupact.log 2014-07-26 10:55 - 2014-07-26 21:10 - 00000021 _____ () C:\Windows\S.dirmngr 2014-07-26 10:55 - 2014-07-26 10:55 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-25 12:16 - 2014-07-25 16:37 - 00000000 ____D () C:\Users\Public\Documents\EA Games 2014-07-25 12:14 - 2014-07-25 16:48 - 00001690 _____ () C:\Users\Public\Desktop\The Sims 2 Ultimate Collection.lnk 2014-07-25 10:20 - 2014-07-25 10:21 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\GiliSoft 2014-07-24 10:02 - 2014-07-24 10:03 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\.kde 2014-07-24 10:02 - 2014-07-24 10:02 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\GNU 2014-07-23 21:28 - 2014-07-23 21:52 - 00000278 _____ () C:\.htaccess 2014-07-23 20:46 - 2014-07-23 20:46 - 00000016 _____ () C:\Users\Kaskadeking\Desktop\APB Premium 1 Day.txt 2014-07-23 18:13 - 2014-07-23 18:13 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Downloaded Installations 2014-07-23 18:13 - 2014-07-23 18:13 - 00000000 ____D () C:\Program Files (x86)\AMD 2014-07-23 18:12 - 2014-07-23 18:12 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA 2014-07-23 18:12 - 2014-07-23 18:12 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-07-23 18:12 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2014-07-23 18:12 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2014-07-23 18:12 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2014-07-23 18:12 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2014-07-23 18:12 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2014-07-23 18:12 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2014-07-23 13:52 - 2014-07-23 13:52 - 00001177 _____ () C:\Users\Kaskadeking\Desktop\Auslogics BoostSpeed.lnk 2014-07-23 13:52 - 2014-07-23 13:52 - 00000000 ____D () C:\Windows\System32\Tasks\Auslogics 2014-07-23 12:04 - 2014-07-23 14:19 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-07-23 10:27 - 2014-07-23 10:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-23 10:25 - 2014-07-26 20:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-07-21 20:26 - 2014-07-26 20:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-21 20:26 - 2014-07-21 20:27 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-21 20:26 - 2014-07-21 20:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-21 20:26 - 2014-07-21 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-21 20:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-21 20:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-21 20:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-21 20:20 - 2014-07-21 20:20 - 00000000 ____D () C:\Program Files (x86)\Ruiware 2014-07-21 14:06 - 2014-07-21 14:06 - 00005884 _____ () C:\Users\Kaskadeking\AppData\Local\recently-used.xbel 2014-07-18 13:21 - 2014-07-18 13:21 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\stetic 2014-07-18 13:20 - 2014-07-18 13:21 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\MonoDevelop-Unity-4.0 2014-07-18 13:20 - 2014-07-18 13:20 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\MonoDevelop-Unity-4.0 2014-07-18 12:04 - 2014-07-18 13:36 - 00000000 ____D () C:\Users\Kaskadeking\Documents\MyGame 2014-07-18 11:52 - 2014-07-18 12:06 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Unity 2014-07-18 11:47 - 2014-07-18 12:27 - 00000000 ____D () C:\ProgramData\Unity 2014-07-18 11:47 - 2014-07-18 11:47 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Apple Computer 2014-07-18 11:47 - 2014-07-18 11:47 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Apple Computer 2014-07-18 11:46 - 2014-07-18 11:47 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Unity 2014-07-18 11:45 - 2014-07-18 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2014-07-18 11:45 - 2014-07-18 11:45 - 00001128 _____ () C:\Users\Public\Desktop\Unity.lnk 2014-07-18 11:45 - 2014-07-18 11:45 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects 2014-07-18 11:37 - 2014-07-18 11:46 - 00000000 ____D () C:\Program Files (x86)\Unity 2014-07-18 11:37 - 2014-07-18 11:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-18 11:37 - 2014-07-18 11:36 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-18 11:37 - 2014-07-18 11:36 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-18 11:37 - 2014-07-18 11:36 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-18 11:36 - 2014-07-18 11:36 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-18 11:32 - 2014-07-18 11:32 - 00001861 _____ () C:\Users\Kaskadeking\Desktop\Blender.lnk 2014-07-18 11:30 - 2014-07-18 11:30 - 00000000 ____D () C:\Program Files\Blender Foundation 2014-07-16 14:31 - 2014-07-18 11:03 - 00000133 _____ () C:\Users\Kaskadeking\SciTE.session 2014-07-16 14:15 - 2014-07-16 14:15 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Lua Projects 2014-07-16 14:12 - 2014-07-16 14:12 - 00000000 ____D () C:\Program Files (x86)\Lua 2014-07-10 19:02 - 2014-07-10 19:02 - 00001368 _____ () C:\Users\Kaskadeking\Desktop\ROBLOX Player.lnk 2014-07-10 19:01 - 2014-07-12 14:18 - 00001380 _____ () C:\Users\Kaskadeking\Desktop\ROBLOX Studio 2013.lnk 2014-07-10 19:01 - 2014-07-12 14:18 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2014-07-10 19:01 - 2014-07-12 14:18 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Roblox 2014-07-09 21:36 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-09 21:36 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-09 21:36 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-09 21:36 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-09 21:36 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-09 21:36 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-09 21:36 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-09 21:36 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-09 21:36 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-09 21:36 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-09 21:36 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-09 21:36 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-09 21:36 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-09 21:36 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-09 21:36 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-09 21:36 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-09 21:36 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-09 21:36 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-09 21:36 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-09 21:36 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-09 21:36 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-09 21:36 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-09 21:36 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-09 21:36 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-09 21:36 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-09 21:36 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-09 21:36 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-09 21:36 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-09 21:36 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-09 21:36 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-09 21:36 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-09 21:36 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-09 21:36 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-09 21:36 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-09 21:36 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-09 21:36 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-09 21:36 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-09 21:36 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-09 21:36 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-09 21:36 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-09 21:36 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-09 21:36 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-09 21:36 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-09 21:36 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-09 21:36 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-09 21:36 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-09 21:36 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-09 21:36 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-09 21:36 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-09 21:36 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-09 21:36 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-09 21:36 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-09 21:36 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-09 21:36 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-09 21:36 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-09 21:36 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-09 21:36 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-09 21:36 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-09 21:36 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-09 21:36 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-09 21:36 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-09 21:36 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-09 21:34 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-09 21:34 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-09 21:34 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-08 19:13 - 2014-07-08 19:13 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Xamasoft 2014-07-07 21:14 - 2014-07-18 11:22 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Audacity 2014-07-05 11:33 - 2014-07-05 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP 2014-07-05 11:29 - 2014-07-05 21:59 - 00000000 ____D () C:\xampp 2014-07-03 20:16 - 2014-07-03 20:16 - 00000222 _____ () C:\Users\Kaskadeking\Desktop\Infinity Wars - Animated Trading Card Game.url 2014-07-03 20:01 - 2014-07-18 14:36 - 00073784 _____ () C:\Users\Kaskadeking\Desktop\KsTBeats - Projekte (VLC Netzwerkstream).xspf 2014-07-02 14:28 - 2014-07-02 17:03 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\DVDVideoSoft 2014-07-01 19:11 - 2014-07-01 19:11 - 00000568 _____ () C:\Users\Kaskadeking\Documents\kaskadekingde@live.de (0x2D011EB4) rev.asc 2014-07-01 19:08 - 2014-07-01 19:08 - 00000568 _____ () C:\Users\Kaskadeking\Documents\kaskadekingde@gmail.com (0xDF5CFF9B) rev.asc 2014-07-01 19:01 - 2014-07-24 13:02 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\gnupg 2014-07-01 19:01 - 2014-07-01 19:01 - 00000000 ____D () C:\ProgramData\GNU 2014-07-01 19:01 - 2014-07-01 19:01 - 00000000 ____D () C:\Program Files (x86)\GNU 2014-07-01 16:22 - 2014-07-01 16:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-07-01 14:55 - 2014-07-23 10:32 - 00001264 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk 2014-07-01 14:55 - 2014-07-23 10:32 - 00001252 _____ () C:\Users\Public\Desktop\paint.net.lnk 2014-07-01 14:55 - 2014-07-23 10:32 - 00000000 ____D () C:\Program Files\paint.net 2014-07-01 14:54 - 2014-07-01 14:58 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\paint.net 2014-06-28 16:26 - 2014-06-28 16:26 - 00000000 ____D () C:\Program Files (x86)\NirSoft 2014-06-28 15:01 - 2014-06-28 15:01 - 00000000 ____D () C:\Users\Kaskadeking\Desktop\DNSCrypt Windows Service Manager Package 2014-06-28 10:48 - 2014-06-28 10:48 - 00001290 _____ () C:\Users\Kaskadeking\Desktop\Auslogics Disk Defrag Professional.lnk 2014-06-28 10:48 - 2014-06-28 10:48 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Auslogics 2014-06-27 13:46 - 2014-06-27 13:46 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Razer 2014-06-27 13:46 - 2014-06-27 13:46 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Razer_Inc 2014-06-27 13:45 - 2014-06-27 13:45 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Razer 2014-06-27 13:44 - 2014-06-27 13:44 - 00002133 _____ () C:\Users\Public\Desktop\Razer Game Booster.lnk 2014-06-27 13:44 - 2014-06-27 13:44 - 00000000 ____D () C:\ProgramData\Razer 2014-06-27 13:44 - 2014-06-27 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer 2014-06-27 13:44 - 2014-06-27 13:44 - 00000000 ____D () C:\Program Files (x86)\Razer ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-27 10:18 - 2014-07-27 10:09 - 00017675 _____ () C:\Users\Kaskadeking\Desktop\FRST.txt 2014-07-27 10:17 - 2014-07-27 10:09 - 00000000 ____D () C:\FRST 2014-07-27 10:16 - 2013-11-17 15:19 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Notepad++ 2014-07-27 10:07 - 2014-07-27 10:07 - 00000310 _____ () C:\Windows\PFRO.log 2014-07-27 04:06 - 2014-07-27 10:08 - 02093568 _____ (Farbar) C:\Users\Kaskadeking\Desktop\FRST64.exe 2014-07-26 21:29 - 2009-07-14 19:58 - 00715748 _____ () C:\Windows\system32\perfh007.dat 2014-07-26 21:29 - 2009-07-14 19:58 - 00157044 _____ () C:\Windows\system32\perfc007.dat 2014-07-26 21:29 - 2009-07-14 07:13 - 01669414 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-26 21:11 - 2014-01-11 14:36 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-26 21:10 - 2014-07-26 10:55 - 00000896 _____ () C:\Windows\setupact.log 2014-07-26 21:10 - 2014-07-26 10:55 - 00000021 _____ () C:\Windows\S.dirmngr 2014-07-26 21:10 - 2014-02-16 12:47 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-26 21:10 - 2013-11-16 11:00 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-07-26 21:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-26 20:54 - 2014-07-23 10:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-07-26 20:54 - 2014-07-21 20:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-26 20:49 - 2014-02-06 17:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-26 11:16 - 2014-07-26 11:09 - 00000000 ____D () C:\Users\Public\Documents\cs 2014-07-26 11:15 - 2014-06-09 16:48 - 00001024 _____ () C:\.rnd 2014-07-26 11:10 - 2014-07-26 11:10 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin 2014-07-26 11:10 - 2014-07-26 11:10 - 00000000 ____D () C:\ProgramData\Caphyon 2014-07-26 11:04 - 2009-07-14 06:45 - 00022032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-26 11:04 - 2009-07-14 06:45 - 00022032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-26 11:03 - 2014-04-05 19:05 - 01586967 _____ () C:\Windows\WindowsUpdate.log 2014-07-26 10:56 - 2013-11-16 12:24 - 00000000 ____D () C:\ProgramData\VMware 2014-07-26 10:55 - 2014-07-26 10:55 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-25 16:48 - 2014-07-25 12:14 - 00001690 _____ () C:\Users\Public\Desktop\The Sims 2 Ultimate Collection.lnk 2014-07-25 16:38 - 2013-12-08 18:08 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-07-25 16:37 - 2014-07-25 12:16 - 00000000 ____D () C:\Users\Public\Documents\EA Games 2014-07-25 16:37 - 2014-04-05 13:42 - 00000000 ____D () C:\Users\Kaskadeking\Documents\EA Games 2014-07-25 12:14 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-07-25 10:26 - 2013-12-03 16:12 - 00010752 _____ () C:\Users\Kaskadeking\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-25 10:21 - 2014-07-25 10:20 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\GiliSoft 2014-07-24 17:01 - 2013-11-17 17:47 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-07-24 15:21 - 2014-04-05 17:20 - 00001948 _____ () C:\Windows\Sandboxie.ini 2014-07-24 13:02 - 2014-07-01 19:01 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\gnupg 2014-07-24 12:43 - 2013-12-08 18:17 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-07-24 12:31 - 2014-02-13 18:12 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Visual Studio 2013 2014-07-24 10:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-24 10:03 - 2014-07-24 10:02 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\.kde 2014-07-24 10:02 - 2014-07-24 10:02 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\GNU 2014-07-24 10:01 - 2013-12-24 11:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-07-24 10:00 - 2013-11-16 11:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-23 21:52 - 2014-07-23 21:28 - 00000278 _____ () C:\.htaccess 2014-07-23 20:46 - 2014-07-23 20:46 - 00000016 _____ () C:\Users\Kaskadeking\Desktop\APB Premium 1 Day.txt 2014-07-23 20:23 - 2014-03-08 10:53 - 00000000 ____D () C:\Users\Kaskadeking\Stuff 2014-07-23 18:13 - 2014-07-23 18:13 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Downloaded Installations 2014-07-23 18:13 - 2014-07-23 18:13 - 00000000 ____D () C:\Program Files (x86)\AMD 2014-07-23 18:13 - 2014-03-30 15:30 - 00000000 ____D () C:\Users\Kaskadeking\Documents\My Games 2014-07-23 18:12 - 2014-07-23 18:12 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA 2014-07-23 18:12 - 2014-07-23 18:12 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-07-23 18:12 - 2014-02-05 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-07-23 17:20 - 2014-03-16 14:45 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\.minecraft 2014-07-23 14:19 - 2014-07-23 12:04 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-07-23 14:19 - 2014-05-31 22:12 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-07-23 14:08 - 2014-05-31 20:15 - 00281288 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-07-23 13:52 - 2014-07-23 13:52 - 00001177 _____ () C:\Users\Kaskadeking\Desktop\Auslogics BoostSpeed.lnk 2014-07-23 13:52 - 2014-07-23 13:52 - 00000000 ____D () C:\Windows\System32\Tasks\Auslogics 2014-07-23 13:52 - 2014-06-08 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics 2014-07-23 13:52 - 2014-06-08 19:37 - 00000000 ____D () C:\Program Files (x86)\Auslogics 2014-07-23 12:18 - 2014-05-31 22:12 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-07-23 12:04 - 2014-05-31 21:54 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\PunkBuster 2014-07-23 11:52 - 2013-11-16 11:48 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Thunderbird 2014-07-23 10:33 - 2013-11-16 12:18 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Skype 2014-07-23 10:32 - 2014-07-01 14:55 - 00001264 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk 2014-07-23 10:32 - 2014-07-01 14:55 - 00001252 _____ () C:\Users\Public\Desktop\paint.net.lnk 2014-07-23 10:32 - 2014-07-01 14:55 - 00000000 ____D () C:\Program Files\paint.net 2014-07-23 10:29 - 2014-04-05 18:35 - 00002008 _____ () C:\Users\Kaskadeking\Desktop\FileZilla Client.lnk 2014-07-23 10:29 - 2014-01-12 11:26 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\FileZilla 2014-07-23 10:29 - 2014-01-12 11:25 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-07-23 10:27 - 2014-07-23 10:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-21 20:27 - 2014-07-21 20:26 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-21 20:27 - 2014-07-21 20:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-21 20:26 - 2014-07-21 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-21 20:22 - 2014-06-09 10:52 - 00000000 ____D () C:\ProgramData\InstallMate 2014-07-21 20:20 - 2014-07-21 20:20 - 00000000 ____D () C:\Program Files (x86)\Ruiware 2014-07-21 18:47 - 2013-11-16 12:29 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\VMware 2014-07-21 18:47 - 2013-11-16 12:29 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\VMware 2014-07-21 18:42 - 2014-05-13 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2014-07-21 18:40 - 2013-11-26 15:52 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Virtual Machines 2014-07-21 18:08 - 2013-11-17 17:27 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\EpickingDE 2014-07-21 16:11 - 2013-11-16 10:56 - 00000000 ____D () C:\Users\Kaskadeking 2014-07-21 16:08 - 2013-11-16 12:27 - 00000000 ___RD () C:\Users\Kaskadeking\Dropbox 2014-07-21 16:07 - 2013-11-16 13:48 - 00000000 ____D () C:\Users\Kaskadeking\.gimp-2.8 2014-07-21 15:43 - 2014-06-15 14:46 - 00000000 ___RD () C:\Users\Kaskadeking\Sync 2014-07-21 14:33 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-07-21 14:06 - 2014-07-21 14:06 - 00005884 _____ () C:\Users\Kaskadeking\AppData\Local\recently-used.xbel 2014-07-21 14:06 - 2013-11-16 14:05 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\gtk-2.0 2014-07-21 10:15 - 2013-11-16 12:24 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Dropbox 2014-07-21 10:14 - 2014-03-03 17:06 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\DropboxMaster 2014-07-20 09:39 - 2014-05-24 18:20 - 00001555 _____ () C:\Users\Kaskadeking\Desktop\KeePass2.lnk 2014-07-18 16:31 - 2014-06-25 21:14 - 00000000 ____D () C:\Users\Kaskadeking\Documents\FIFA World 2014-07-18 14:59 - 2014-07-18 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2014-07-18 14:59 - 2013-11-16 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-18 14:37 - 2013-11-16 18:37 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\vlc 2014-07-18 14:36 - 2014-07-03 20:01 - 00073784 _____ () C:\Users\Kaskadeking\Desktop\KsTBeats - Projekte (VLC Netzwerkstream).xspf 2014-07-18 14:15 - 2013-12-26 16:57 - 00000000 ____D () C:\Users\Kaskadeking\.thumbnails 2014-07-18 13:36 - 2014-07-18 12:04 - 00000000 ____D () C:\Users\Kaskadeking\Documents\MyGame 2014-07-18 13:21 - 2014-07-18 13:21 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\stetic 2014-07-18 13:21 - 2014-07-18 13:20 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\MonoDevelop-Unity-4.0 2014-07-18 13:20 - 2014-07-18 13:20 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\MonoDevelop-Unity-4.0 2014-07-18 12:27 - 2014-07-18 11:47 - 00000000 ____D () C:\ProgramData\Unity 2014-07-18 12:06 - 2014-07-18 11:52 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Unity 2014-07-18 11:47 - 2014-07-18 11:47 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Apple Computer 2014-07-18 11:47 - 2014-07-18 11:47 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Apple Computer 2014-07-18 11:47 - 2014-07-18 11:46 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Unity 2014-07-18 11:46 - 2014-07-18 11:37 - 00000000 ____D () C:\Program Files (x86)\Unity 2014-07-18 11:45 - 2014-07-18 11:45 - 00001128 _____ () C:\Users\Public\Desktop\Unity.lnk 2014-07-18 11:45 - 2014-07-18 11:45 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects 2014-07-18 11:36 - 2014-07-18 11:37 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-18 11:36 - 2014-07-18 11:37 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-18 11:36 - 2014-07-18 11:37 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-18 11:36 - 2014-07-18 11:37 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-18 11:36 - 2014-07-18 11:36 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-18 11:32 - 2014-07-18 11:32 - 00001861 _____ () C:\Users\Kaskadeking\Desktop\Blender.lnk 2014-07-18 11:30 - 2014-07-18 11:30 - 00000000 ____D () C:\Program Files\Blender Foundation 2014-07-18 11:22 - 2014-07-07 21:14 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Audacity 2014-07-18 11:11 - 2014-04-16 15:09 - 00000000 ____D () C:\Program Files (x86)\Minecraft Manager 2014-07-18 11:03 - 2014-07-16 14:31 - 00000133 _____ () C:\Users\Kaskadeking\SciTE.session 2014-07-16 14:15 - 2014-07-16 14:15 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Lua Projects 2014-07-16 14:12 - 2014-07-16 14:12 - 00000000 ____D () C:\Program Files (x86)\Lua 2014-07-15 08:39 - 2014-06-14 18:58 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-07-15 08:39 - 2014-06-14 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-07-12 14:18 - 2014-07-10 19:01 - 00001380 _____ () C:\Users\Kaskadeking\Desktop\ROBLOX Studio 2013.lnk 2014-07-12 14:18 - 2014-07-10 19:01 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2014-07-12 14:18 - 2014-07-10 19:01 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Roblox 2014-07-12 12:31 - 2009-07-14 04:34 - 00000120 _____ () C:\Windows\system32\Drivers\etc\hosts.old 2014-07-12 11:47 - 2013-11-16 12:16 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\TS3Client 2014-07-11 21:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-07-11 18:52 - 2014-06-25 14:46 - 00000000 ____D () C:\Users\Kaskadeking\Documents\SteamCMD Games 2014-07-10 19:02 - 2014-07-10 19:02 - 00001368 _____ () C:\Users\Kaskadeking\Desktop\ROBLOX Player.lnk 2014-07-10 10:15 - 2009-07-14 06:45 - 00304952 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-09 22:31 - 2014-02-08 21:53 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-09 22:29 - 2014-02-08 21:53 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-09 17:35 - 2014-02-06 17:51 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-09 17:35 - 2013-11-16 12:41 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-09 17:35 - 2013-11-16 12:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-08 19:13 - 2014-07-08 19:13 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Xamasoft 2014-07-07 16:16 - 2014-04-20 11:49 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-07-07 16:16 - 2014-04-20 11:49 - 00001094 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-07-07 11:57 - 2013-12-08 18:09 - 00000000 ____D () C:\ProgramData\Origin 2014-07-05 21:59 - 2014-07-05 11:29 - 00000000 ____D () C:\xampp 2014-07-05 11:33 - 2014-07-05 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP 2014-07-04 12:44 - 2013-12-24 11:37 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-07-03 20:16 - 2014-07-03 20:16 - 00000222 _____ () C:\Users\Kaskadeking\Desktop\Infinity Wars - Animated Trading Card Game.url 2014-07-02 17:03 - 2014-07-02 14:28 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\DVDVideoSoft 2014-07-01 19:50 - 2014-01-11 12:45 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\DAEMON Tools Lite 2014-07-01 19:11 - 2014-07-01 19:11 - 00000568 _____ () C:\Users\Kaskadeking\Documents\kaskadekingde@live.de (0x2D011EB4) rev.asc 2014-07-01 19:08 - 2014-07-01 19:08 - 00000568 _____ () C:\Users\Kaskadeking\Documents\kaskadekingde@gmail.com (0xDF5CFF9B) rev.asc 2014-07-01 19:01 - 2014-07-01 19:01 - 00000000 ____D () C:\ProgramData\GNU 2014-07-01 19:01 - 2014-07-01 19:01 - 00000000 ____D () C:\Program Files (x86)\GNU 2014-07-01 17:16 - 2013-12-09 17:43 - 00000000 ____D () C:\Windows\Minidump 2014-07-01 16:23 - 2014-04-03 20:16 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-07-01 16:22 - 2014-07-01 16:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-07-01 16:22 - 2014-04-19 12:34 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-07-01 16:22 - 2013-12-24 11:37 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-07-01 16:22 - 2013-12-24 11:37 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-07-01 16:22 - 2013-12-24 11:37 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-07-01 16:22 - 2013-12-24 11:37 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-07-01 16:22 - 2013-12-24 11:37 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-07-01 16:22 - 2013-12-24 11:37 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-07-01 16:22 - 2013-12-24 11:37 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-07-01 14:58 - 2014-07-01 14:54 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\paint.net 2014-06-30 15:13 - 2014-05-31 16:01 - 00000923 _____ () C:\Users\Kaskadeking\Desktop\TrueCrypt.lnk 2014-06-29 12:45 - 2014-06-22 16:24 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images 2014-06-28 16:26 - 2014-06-28 16:26 - 00000000 ____D () C:\Program Files (x86)\NirSoft 2014-06-28 15:01 - 2014-06-28 15:01 - 00000000 ____D () C:\Users\Kaskadeking\Desktop\DNSCrypt Windows Service Manager Package 2014-06-28 11:14 - 2014-06-20 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inno Key Generator 2014-06-28 11:14 - 2014-06-20 16:23 - 00000000 ____D () C:\Program Files (x86)\MJ Freelancing 2014-06-28 10:48 - 2014-06-28 10:48 - 00001290 _____ () C:\Users\Kaskadeking\Desktop\Auslogics Disk Defrag Professional.lnk 2014-06-28 10:48 - 2014-06-28 10:48 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Auslogics 2014-06-28 10:48 - 2014-06-08 19:37 - 00000000 ____D () C:\ProgramData\Auslogics 2014-06-27 18:01 - 2013-12-25 21:15 - 00000000 __SHD () C:\Users\Kaskadeking\Desktop\RAMMap 2014-06-27 13:46 - 2014-06-27 13:46 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Razer 2014-06-27 13:46 - 2014-06-27 13:46 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Razer_Inc 2014-06-27 13:45 - 2014-06-27 13:45 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Razer 2014-06-27 13:44 - 2014-06-27 13:44 - 00002133 _____ () C:\Users\Public\Desktop\Razer Game Booster.lnk 2014-06-27 13:44 - 2014-06-27 13:44 - 00000000 ____D () C:\ProgramData\Razer 2014-06-27 13:44 - 2014-06-27 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer 2014-06-27 13:44 - 2014-06-27 13:44 - 00000000 ____D () C:\Program Files (x86)\Razer ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-19 20:27 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014 Ran by Kaskadeking at 2014-07-27 10:18:17 Running from C:\Users\Kaskadeking\Desktop Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acronis True Image 2014 (HKLM-x32\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis) Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) APB Reloaded (HKLM-x32\...\Steam App 113400) (Version: - Reloaded Productions) Ashampoo Burning Studio 2014 v.12.0.5 (HKLM-x32\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG) Ashampoo Snap 6 v.6.0.10 (HKLM-x32\...\{C92AB6F1-770F-EA32-6CF7-8A0792FA1A4B}_is1) (Version: 6.0.10 - Ashampoo GmbH & Co. KG) Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 6.5.6.0 - Auslogics Labs Pty Ltd) Auslogics Disk Defrag Professional (HKLM-x32\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.3.9.0 - Auslogics Software Pty Ltd) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) AxCrypt 1.7.3156.0 (HKLM\...\{8B49CDB9-824C-44D6-A5D3-D0235D3030B8}) (Version: 1.7.3156.0 - Axantum Software AB) Blender (HKLM\...\Blender) (Version: 2.71 - Blender Foundation) BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.9.3088 - BlueStack Systems, Inc.) BlueStacks Notification Center (HKLM-x32\...\{4C02AFA8-074D-44FE-B0E1-A73D4AA65390}) (Version: 0.8.9.3088 - BlueStack Systems, Inc.) Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Buildtools-Sprachressourcen - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Buildtools-Sprachressourcen - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 6.12.2.633 - Microsoft Corporation) Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) EA Sports FIFA World (HKLM-x32\...\{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}) (Version: 7.0.0.45489 - Electronic Arts, Inc.) EaseUS Data Recovery Wizard 7.0 (HKLM-x32\...\EaseUS Data Recovery Wizard 7.0_is1) (Version: - EaseUS) EaseUS Partition Master 9.3.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS) Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation) Erforderliche Komponenten für SSDT (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft Corporation) Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software) FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - ) FileZilla Client 3.9.0.1 (HKCU\...\FileZilla Client) (Version: 3.9.0.1 - Tim Kosse) FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.45 - FileZilla Project) Fireflies Screensaver (remove only) (HKLM-x32\...\Fireflies) (Version: - ) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project) Gun Monkeys (HKLM-x32\...\Steam App 239450) (Version: - Size Five Games) Hercules WiFi Station N (HKLM-x32\...\{120E5B08-DC3C-4DCD-AAB0-0BB5EB225929}) (Version: 7.0.0.0 - Hercules) Infinity Wars - Animated Trading Card Game (HKLM-x32\...\Steam App 257730) (Version: - Lightmare Studios) Inno Setup Version 5.5.4 (HKLM-x32\...\Inno Setup 5_is1) (Version: 5.5.4 - jrsoftware.org) Java 8 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218011FF}) (Version: 8.0.110 - Oracle Corporation) Java Auto Updater (x32 Version: 2.8.11.12 - Oracle, Inc.) Hidden Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation) Logon Screen (HKLM\...\{1730D13B-7517-4321-A88B-64627CF67CDC}_is1) (Version: - Daniel Rebelo) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft C++ REST SDK for Visual Studio 2013 (x32 Version: 1.0 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Help Viewer 2.1 (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Help Viewer 2.1 Sprachpaket - DEU (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden Microsoft NuGet - Visual Studio Express 2013 for Windows Desktop (x32 Version: 2.7.40911.287 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{EC75BD20-F9CA-4E77-825F-ABD77E95BE91}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{0BF65908-D137-4A9E-B7C9-78F32F74F6FD}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL-Sprachdienst (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - DEU (12.0.30919.1) (HKLM-x32\...\{7CC03C58-3471-43D2-A251-EC9AE225E772}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft Team Foundation Server 2013 Object Model (x64) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Team Foundation Server 2013-Objektmodell Sprachpaket (x64) - DEU (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ x64 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ x86 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 32bit Compilers - DEU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Core Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86-x64 Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2013 Express Prerequisites x64 - DEU (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Shell (Minimum) (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Shell-(Mindest)-Ressourcen (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Team Explorer Sprachpaket - DEU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013-Vorbereitung (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Express 2013 for Windows Desktop (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Express 2013 für Windows Desktop - DEU (HKLM-x32\...\{42da2807-2142-4f67-816d-684a640cd6ff}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio Express 2013 für Windows Desktop - DEU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Ultimate 2013 XAML UI Designer Core (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Ultimate 2013 XAML UI Designer deu Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Windows SDK .NET Framework Tools (30514) (Version: 7.1.30514 - Microsoft) Hidden Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation) Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK Intellisense and Reference Assemblies (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 - Microsoft Corporation) Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version: - Virtual Heroes) Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) Mozilla Thunderbird 31.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.0 (x86 de)) (Version: 31.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MultiCommander (HKCU\...\MultiCommander) (Version: - ) NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - ) No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.2 - Vitalwerks Internet Solutions LLC) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.) paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC) Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation) Pokemon Online 2.4.1 (HKLM-x32\...\{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1) (Version: - Dreambelievers) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - ) Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) ROBLOX Player for Kaskadeking (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Studio 2013 for Kaskadeking (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation) RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software) RT 7 Lite (64-Bit) (HKCU\...\RT 7 Lite x64) (Version: 2.6.0 - Rockers Team) RT 7 Lite x64 (Version: 2.6.0 - Rockers Team) Hidden S4 League_EU (HKLM-x32\...\{6DCD0B4D-EC6E-46C4-921B-F108450467C2}) (Version: 1.00.0000 - ) Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC) SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Sonic Adventure DX (HKLM-x32\...\Steam App 71250) (Version: - SEGA) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC) Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer) The Movies(TM) (HKLM-x32\...\InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}) (Version: 1.0 - Activision) The Movies(TM) (x32 Version: 1.0 - Activision) Hidden The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts) tools-freebsd (x32 Version: 9.6.2.1744117 - VMware, Inc.) Hidden tools-linux (x32 Version: 9.6.2.1744117 - VMware, Inc.) Hidden tools-netware (x32 Version: 9.6.2.1744117 - VMware, Inc.) Hidden tools-solaris (x32 Version: 9.6.2.1744117 - VMware, Inc.) Hidden tools-windows (x32 Version: 9.6.2.1744117 - VMware, Inc.) Hidden tools-winPre2k (x32 Version: 9.6.2.1744117 - VMware, Inc.) Hidden TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) Unity (HKLM-x32\...\Unity) (Version: 4.5.2f1 - Unity Technologies ApS) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS) Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton) updateSystem.NET (HKLM\...\8d7ea403-65fb-4276-8ada-3b39f0fe2461) (Version: 1.5.2.515 - Maximilian Krauss) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.2 - VMware, Inc) VMware Workstation (Version: 10.0.2 - VMware, Inc.) Hidden Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Software Development Kit (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden Windows Software Development Kit (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden Windows Software Development Kit DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden Windows Software Development Kit DirectX x64 Remote (Version: 8.59.29989 - Microsoft Corporation) Hidden Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden Windows Software Development Kit for Windows Store Apps (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation) Windows XP Targeting with C++ (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware) WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version: - Team17 Software Ltd.) XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-4 - Bitnami) Zombie Panic Source (HKLM-x32\...\Steam App 17500) (Version: - Zombie Panic Team) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kaskadeking\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll () CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kaskadeking\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kaskadeking\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kaskadeking\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kaskadeking\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 23-07-2014 16:09:02 DirectX wurde installiert 26-07-2014 09:02:31 Revo Uninstaller's restore point - GiliSoft Video Editor 6.5.0 26-07-2014 09:09:30 Установлено CyberSafe Top Secret 2 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2014-07-27 10:17 - 00512567 ____A C:\Windows\system32\Drivers\etc\hosts 0.0.0.0 fr.a2dfp.net 0.0.0.0 m.fr.a2dfp.net 0.0.0.0 mfr.a2dfp.net 0.0.0.0 ad.a8.net 0.0.0.0 asy.a8ww.net 0.0.0.0 static.a-ads.com 0.0.0.0 abcstats.com 0.0.0.0 ad4.abradio.cz 0.0.0.0 a.abv.bg 0.0.0.0 adserver.abv.bg 0.0.0.0 adv.abv.bg 0.0.0.0 bimg.abv.bg 0.0.0.0 ca.abv.bg 0.0.0.0 www2.a-counter.kiev.ua 0.0.0.0 track.acclaimnetwork.com 0.0.0.0 accuserveadsystem.com 0.0.0.0 www.accuserveadsystem.com 0.0.0.0 achmedia.com 0.0.0.0 csh.actiondesk.com 0.0.0.0 ads.activepower.net 0.0.0.0 app.activetrail.com 0.0.0.0 stat.active24stats.nl #[Tracking.Cookie] 0.0.0.0 traffic.acwebconnecting.com 0.0.0.0 office.ad1.ru 0.0.0.0 cms.ad2click.nl There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {26715208-6CDA-44E1-88A9-826487D14CAF} - System32\Tasks\Auslogics\BoostSpeed\Scan and Repair => Rundll32.exe TaskSchedulerHelper.dll,RunTask "BoostSpeed.exe" "-UseTray -Schedule" Task: {43D22127-E6CC-4924-A0A0-9B03986D8BA5} - System32\Tasks\{222D721A-5FAE-44BF-9CC9-3287A5198C86} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1618 Task: {4C75E13B-8905-4A9E-AEB1-0FEAA20302D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated) Task: {528F1604-2E56-41E0-A41F-FB1BA70D7251} - System32\Tasks\Auslogics\BoostSpeed\Start BoostSpeed оn Kaskadeking logon => C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe [2014-07-16] (Auslogics) Task: {57D5AB86-97A2-4586-B345-495EDCD051E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-11] (Google Inc.) Task: {5DF92A72-03FC-4802-BBB0-767A91F1491D} - System32\Tasks\Eingabeaufforderung mit Systemrechten => cmd.exe Task: {76CBC28E-FF43-41A5-9856-C5069199BC7E} - System32\Tasks\{C38F636B-85FD-4911-BBE0-98CB89257A69} => C:\Users\Kaskadeking\Desktop\TheMovies-Recovery.exe Task: {888379CF-FDFF-41ED-8326-58973DC3894D} - System32\Tasks\{C7C57895-A707-4234-9D05-BEB662BF1504} => C:\Users\Kaskadeking\Desktop\TheMovies-Recovery.exe Task: {A5B29B19-E273-4004-862C-2C92057AA5C6} - System32\Tasks\WiFiN => C:\Program Files (x86)\Hercules\WiFi Station N\WiFiN.exe [2012-07-31] () Task: {B2927C61-F596-49D2-A2ED-C07AE20DE8C3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-01] (AVAST Software) Task: {B50E5808-AA27-465A-AB0A-2F47942BE1B2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-11] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-01 10:32 - 2013-10-01 10:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll 2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2013-10-01 11:00 - 2013-10-01 11:00 - 00022336 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows:09CB0963D684C924 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: DirMngr => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\startupfolder: C:^Users^Kaskadeking^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe MSCONFIG\startupreg: NoIPDUCv4 => "C:\Program Files (x86)\No-IP\DUC40.exe" /minimize MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe" ==================== Faulty Device Manager Devices ============= Name: avast! Revert Description: avast! Revert Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswRvrt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: VMware Virtual Ethernet Adapter for VMnet1 Description: VMware Virtual Ethernet Adapter for VMnet1 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet8 Description: VMware Virtual Ethernet Adapter for VMnet8 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: avast! VM Monitor Description: avast! VM Monitor Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswVmm Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: VMware VMCI Host Device Description: VMware VMCI Host Device Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: vmci Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: NVIDIA nForce 10/100 Mbps Ethernet Description: NVIDIA nForce Networking Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: NVIDIA Service: NVNET Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (07/26/2014 08:53:01 PM) (Source: MsiInstaller) (EventID: 11719) (User: Kaskadeking-PC) Description: Продукт: CyberSafe Top Secret 2 -- Ошибка 1719. Не удается получить доступ к службе установщика Windows. Возможно, Windows работает в защищенном режиме или неправильно установлен установщик Windows. Обратитесь в службу поддержки. Error: (07/26/2014 08:52:57 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" ; Beschreibung = Revo Uninstaller's restore point - CyberSafe Top Secret 2; Fehler = 0x8007043c). Error: (07/26/2014 08:52:13 PM) (Source: MsiInstaller) (EventID: 11719) (User: Kaskadeking-PC) Description: Продукт: CyberSafe Top Secret 2 -- Ошибка 1719. Не удается получить доступ к службе установщика Windows. Возможно, Windows работает в защищенном режиме или неправильно установлен установщик Windows. Обратитесь в службу поддержки. Error: (07/26/2014 08:51:07 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: Unbekannter Fehler bei der Systemwiederherstellung: (Установлено CyberSafe Top Secret 2). Zusätzliche Informationen: 0x80070057. Error: (07/26/2014 08:47:59 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80010108, Das aufgerufene Objekt wurde von den Clients getrennt. . Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {fa47527c-a211-4326-ab6b-f237812ca0c9} Error: (07/26/2014 08:46:34 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x80010108, Das aufgerufene Objekt wurde von den Clients getrennt. ] Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {fa47527c-a211-4326-ab6b-f237812ca0c9} Error: (07/26/2014 10:56:28 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) System errors: ============= Error: (07/27/2014 10:08:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/27/2014 10:08:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/27/2014 10:08:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/27/2014 10:08:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/27/2014 10:08:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/27/2014 10:08:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/27/2014 10:08:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/27/2014 10:08:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/27/2014 10:08:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/27/2014 10:08:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Microsoft Office Sessions: ========================= Error: (07/26/2014 08:53:01 PM) (Source: MsiInstaller) (EventID: 11719) (User: Kaskadeking-PC) Description: Продукт: CyberSafe Top Secret 2 -- Ошибка 1719. Не удается получить доступ к службе установщика Windows. Возможно, Windows работает в защищенном режиме или неправильно установлен установщик Windows. Обратитесь в службу поддержки.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/26/2014 08:52:57 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" Revo Uninstaller's restore point - CyberSafe Top Secret 20x8007043c Error: (07/26/2014 08:52:13 PM) (Source: MsiInstaller) (EventID: 11719) (User: Kaskadeking-PC) Description: Продукт: CyberSafe Top Secret 2 -- Ошибка 1719. Не удается получить доступ к службе установщика Windows. Возможно, Windows работает в защищенном режиме или неправильно установлен установщик Windows. Обратитесь в службу поддержки.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/26/2014 08:51:07 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: Установлено CyberSafe Top Secret 20x80070057 Error: (07/26/2014 08:47:59 PM) (Source: VSS) (EventID: 8193) (User: ) Description: CoCreateInstance0x80010108, Das aufgerufene Objekt wurde von den Clients getrennt. Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {fa47527c-a211-4326-ab6b-f237812ca0c9} Error: (07/26/2014 08:46:34 PM) (Source: VSS) (EventID: 13) (User: ) Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x80010108, Das aufgerufene Objekt wurde von den Clients getrennt. Vorgang: Generator wird abonniert Kontext: Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0} Generatorname: WMI Writer Generatorinstanz-ID: {fa47527c-a211-4326-ab6b-f237812ca0c9} Error: (07/26/2014 10:56:28 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: ) Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run. bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state) CodeIntegrity Errors: =================================== Date: 2014-04-05 16:57:48.834 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-05 16:57:48.663 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 6143.3 MB Available physical RAM: 5418.36 MB Total Pagefile: 12284.79 MB Available Pagefile: 11576.67 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:228.79 GB) (Free:54.09 GB) NTFS Drive f: () (Removable) (Total:7.46 GB) (Free:7.11 GB) FAT32 Drive w: (Windows 7 x64 Universal) (Fixed) (Total:4 GB) (Free:0.89 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 9CF2274C) Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=229 GB) - (Type=OF Extended) Partition 3: (Active) - (Size=4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 7 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ |
27.07.2014, 10:02 | #2 | |
/// the machine /// TB-Ausbilder | Benutzerprofildienst lädt ewig hi,
__________________Zitat:
Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
27.07.2014, 12:33 | #3 |
Benutzerprofildienst lädt ewigMein PC hat mich ja eh davor abgehalten MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 27.07.2014 Suchlauf-Zeit: 11:19:09 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.27.04 Rootkit Datenbank: v2014.07.17.01 Lizenz: Premium Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Kaskadeking Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 329257 Verstrichene Zeit: 15 Min, 5 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.216 - Bericht erstellt am 27/07/2014 um 11:36:57 # Aktualisiert 17/07/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Kaskadeking - KASKADEKING-PC # Gestartet von : C:\Users\Kaskadeking\Desktop\adwcleaner_3.216.exe # Option : Suchen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17207 -\\ Mozilla Firefox v31.0 (x86 de) [ Datei : C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\prefs.js ] [ Datei : C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\na8igrqn.MC-Manager\prefs.js ] -\\ Google Chrome v36.0.1985.125 [ Datei : C:\Users\Kaskadeking\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [939 octets] - [27/07/2014 11:36:57] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [998 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Kaskadeking on 27.07.2014 at 11:42:31,40 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ FireFox Emptied folder: C:\Users\Kaskadeking\AppData\Roaming\mozilla\firefox\profiles\3tx73yav.default\minidumps [9 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 27.07.2014 at 11:45:42,43 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014 Ran by Kaskadeking (administrator) on KASKADEKING-PC on 27-07-2014 11:47:51 Running from C:\Users\Kaskadeking\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-01] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-06-16] (Oracle Corporation) HKU\S-1-5-21-4058871879-2829469030-3260525534-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com) HKU\S-1-5-21-4058871879-2829469030-3260525534-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] () HKU\S-1-5-21-4058871879-2829469030-3260525534-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC) HKU\S-1-5-21-4058871879-2829469030-3260525534-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-4058871879-2829469030-3260525534-1000\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1 IFEO\taskmgr.exe: [Debugger] "C:\USERS\KASKADEKING\DOCUMENTS\PROCESSEXPLORER\PROCEXP.EXE" Startup: C:\Users\Kaskadeking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll () ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kaskadeking\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kaskadeking\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kaskadeking\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC6CB5525ACE2CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @java.com/DTPlugin,version=11.11.2 - C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.11.2 - C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @nielsen/FirefoxTracker - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Kaskadeking\AppData\Local\Roblox\Versions\version-1112937d32504d8c\\NPRobloxProxy.dll ( ROBLOX Corporation) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Kaskadeking\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: HTTPS-Everywhere - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\https-everywhere@eff.org [2014-06-27] FF Extension: WOT - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-12] FF Extension: Firebug - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\firebug@software.joehewitt.com.xpi [2014-07-01] FF Extension: MEGA - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\firefox@mega.co.nz.xpi [2014-04-23] FF Extension: Magic Actions for YouTube™ - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2014-07-18] FF Extension: Stylish - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-07-18] FF Extension: NoScript - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-16] FF Extension: DownThemAll! - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-11-20] FF Extension: Adblock Edge - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-03-15] FF Extension: No Name - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\na8igrqn.MC-Manager\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-05-21] FF Extension: No Name - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\na8igrqn.MC-Manager\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-05-21] FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Privacy Suite 14\spmplugin3 FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-24] FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (avast! Online Security) - C:\Users\Kaskadeking\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-16] CHR Extension: (SmallringFX DarkBlue Theme) - C:\Users\Kaskadeking\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfijmgohofmpjlcgmjplbpmkpchdhpk [2014-03-05] CHR Extension: (Google Wallet) - C:\Users\Kaskadeking\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-11] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-01] (AVAST Software) S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-01] (BlueStack Systems, Inc.) S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-01] (BlueStack Systems, Inc.) S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-01] (BlueStack Systems, Inc.) S4 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed] S2 dnscrypt-proxy; C:\Users\Kaskadeking\Desktop\DNSCrypt Windows Service Manager Package\dnscrypt-proxy.exe [258062 2013-09-16] () [File not signed] S3 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [642048 2014-06-07] (FileZilla Project) [File not signed] S2 HerculesWiFi; C:\Windows\SysWOW64\\HerculesWiFiService.exe [78232 2012-07-31] (Guillemot Corporation) S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1618888 2014-04-30] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21009352 2014-04-30] (NVIDIA Corporation) S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-23] () S2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.) S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC) S2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-03-05] (Microsoft Corporation) [File not signed] S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Player\vmware-hostd.exe [14407384 2014-04-14] () S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-05] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [151648 2014-06-10] (Alfa System Programming) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-01] () S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-01] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-01] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-01] () S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-01] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-01] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-01] () S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-01] (BlueStack Systems) S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-22] (Disc Soft Ltd) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19744 2014-04-30] (NVIDIA Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [85016 2014-03-09] (Sysinternals - www.sysinternals.com) R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1065616 2012-07-11] (Realtek Semiconductor Corporation ) S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-06-20] (Duplex Secure Ltd.) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-06-15] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-06-15] (Acronis International GmbH) S1 Vdsk; C:\Windows\System32\Drivers\vdsk.sys [55552 2013-09-17] (NT KERNEL RESOURCES LAB.) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-06-15] (Acronis International GmbH) S2 VMparport; C:\Windows\system32\drivers\VMparport.sys [32472 2014-04-14] (VMware, Inc.) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) S2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] U3 DfSdkS; S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-27 11:47 - 2014-07-27 11:47 - 00017802 _____ () C:\Users\Kaskadeking\Desktop\FRST.txt 2014-07-27 11:45 - 2014-07-27 11:45 - 00000838 _____ () C:\Users\Kaskadeking\Desktop\JRT.txt 2014-07-27 11:40 - 2014-07-27 11:40 - 01016261 _____ (Thisisu) C:\Users\Kaskadeking\Desktop\JRT.exe 2014-07-27 10:53 - 2014-07-27 11:35 - 00001159 _____ () C:\Users\Kaskadeking\Downloads\mbam.txt 2014-07-27 10:09 - 2014-07-27 11:47 - 00000000 ____D () C:\FRST 2014-07-27 10:08 - 2014-07-27 04:06 - 02093568 _____ (Farbar) C:\Users\Kaskadeking\Desktop\FRST64.exe 2014-07-27 10:07 - 2014-07-27 10:07 - 00000310 _____ () C:\Windows\PFRO.log 2014-07-26 11:10 - 2014-07-26 11:10 - 00000000 ____D () C:\ProgramData\Caphyon 2014-07-26 11:10 - 2014-06-10 16:58 - 00151648 _____ (Alfa System Programming) C:\Windows\system32\Drivers\AlfaFF.sys 2014-07-26 11:10 - 2013-09-17 19:40 - 00055552 _____ (NT KERNEL RESOURCES LAB.) C:\Windows\system32\Drivers\vdsk.sys 2014-07-26 11:09 - 2014-07-26 11:16 - 00000000 ____D () C:\Users\Public\Documents\cs 2014-07-26 10:55 - 2014-07-26 21:10 - 00000896 _____ () C:\Windows\setupact.log 2014-07-26 10:55 - 2014-07-26 21:10 - 00000021 _____ () C:\Windows\S.dirmngr 2014-07-26 10:55 - 2014-07-26 10:55 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-25 12:16 - 2014-07-25 16:37 - 00000000 ____D () C:\Users\Public\Documents\EA Games 2014-07-25 12:14 - 2014-07-25 16:48 - 00001690 _____ () C:\Users\Public\Desktop\The Sims 2 Ultimate Collection.lnk 2014-07-25 10:20 - 2014-07-25 10:21 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\GiliSoft 2014-07-24 10:02 - 2014-07-24 10:03 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\.kde 2014-07-24 10:02 - 2014-07-24 10:02 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\GNU 2014-07-23 21:28 - 2014-07-23 21:52 - 00000278 _____ () C:\.htaccess 2014-07-23 20:46 - 2014-07-23 20:46 - 00000016 _____ () C:\Users\Kaskadeking\Desktop\APB Premium 1 Day.txt 2014-07-23 18:13 - 2014-07-23 18:13 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Downloaded Installations 2014-07-23 18:13 - 2014-07-23 18:13 - 00000000 ____D () C:\Program Files (x86)\AMD 2014-07-23 18:12 - 2014-07-23 18:12 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA 2014-07-23 18:12 - 2014-07-23 18:12 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-07-23 18:12 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2014-07-23 18:12 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2014-07-23 18:12 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2014-07-23 18:12 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2014-07-23 18:12 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2014-07-23 18:12 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2014-07-23 13:52 - 2014-07-23 13:52 - 00001177 _____ () C:\Users\Kaskadeking\Desktop\Auslogics BoostSpeed.lnk 2014-07-23 13:52 - 2014-07-23 13:52 - 00000000 ____D () C:\Windows\System32\Tasks\Auslogics 2014-07-23 12:04 - 2014-07-23 14:19 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-07-23 10:27 - 2014-07-23 10:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-23 10:25 - 2014-07-26 20:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-07-21 20:26 - 2014-07-27 11:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-21 20:26 - 2014-07-21 20:27 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-21 20:26 - 2014-07-21 20:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-21 20:26 - 2014-07-21 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-21 20:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-21 20:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-21 20:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-21 20:20 - 2014-07-21 20:20 - 00000000 ____D () C:\Program Files (x86)\Ruiware 2014-07-21 14:06 - 2014-07-21 14:06 - 00005884 _____ () C:\Users\Kaskadeking\AppData\Local\recently-used.xbel 2014-07-18 13:21 - 2014-07-18 13:21 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\stetic 2014-07-18 13:20 - 2014-07-18 13:21 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\MonoDevelop-Unity-4.0 2014-07-18 13:20 - 2014-07-18 13:20 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\MonoDevelop-Unity-4.0 2014-07-18 12:04 - 2014-07-18 13:36 - 00000000 ____D () C:\Users\Kaskadeking\Documents\MyGame 2014-07-18 11:52 - 2014-07-18 12:06 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Unity 2014-07-18 11:47 - 2014-07-18 12:27 - 00000000 ____D () C:\ProgramData\Unity 2014-07-18 11:47 - 2014-07-18 11:47 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Apple Computer 2014-07-18 11:47 - 2014-07-18 11:47 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Apple Computer 2014-07-18 11:46 - 2014-07-18 11:47 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Unity 2014-07-18 11:45 - 2014-07-18 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2014-07-18 11:45 - 2014-07-18 11:45 - 00001128 _____ () C:\Users\Public\Desktop\Unity.lnk 2014-07-18 11:45 - 2014-07-18 11:45 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects 2014-07-18 11:37 - 2014-07-18 11:46 - 00000000 ____D () C:\Program Files (x86)\Unity 2014-07-18 11:37 - 2014-07-18 11:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-18 11:37 - 2014-07-18 11:36 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-18 11:37 - 2014-07-18 11:36 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-18 11:37 - 2014-07-18 11:36 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-18 11:36 - 2014-07-18 11:36 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-18 11:32 - 2014-07-18 11:32 - 00001861 _____ () C:\Users\Kaskadeking\Desktop\Blender.lnk 2014-07-18 11:30 - 2014-07-18 11:30 - 00000000 ____D () C:\Program Files\Blender Foundation 2014-07-16 14:31 - 2014-07-18 11:03 - 00000133 _____ () C:\Users\Kaskadeking\SciTE.session 2014-07-16 14:15 - 2014-07-16 14:15 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Lua Projects 2014-07-16 14:12 - 2014-07-16 14:12 - 00000000 ____D () C:\Program Files (x86)\Lua 2014-07-10 19:02 - 2014-07-10 19:02 - 00001368 _____ () C:\Users\Kaskadeking\Desktop\ROBLOX Player.lnk 2014-07-10 19:01 - 2014-07-12 14:18 - 00001380 _____ () C:\Users\Kaskadeking\Desktop\ROBLOX Studio 2013.lnk 2014-07-10 19:01 - 2014-07-12 14:18 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2014-07-10 19:01 - 2014-07-12 14:18 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Roblox 2014-07-09 21:36 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-09 21:36 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-09 21:36 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-09 21:36 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-09 21:36 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-09 21:36 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-09 21:36 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-09 21:36 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-09 21:36 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-09 21:36 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-09 21:36 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-09 21:36 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-09 21:36 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-09 21:36 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-09 21:36 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-09 21:36 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-09 21:36 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-09 21:36 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-09 21:36 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-09 21:36 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-09 21:36 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-09 21:36 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-09 21:36 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-09 21:36 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-09 21:36 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-09 21:36 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-09 21:36 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-09 21:36 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-09 21:36 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-09 21:36 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-09 21:36 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-09 21:36 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-09 21:36 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-09 21:36 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-09 21:36 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-09 21:36 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-09 21:36 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-09 21:36 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-09 21:36 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-09 21:36 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-09 21:36 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-09 21:36 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-09 21:36 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-09 21:36 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-09 21:36 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-09 21:36 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-09 21:36 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-09 21:36 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-09 21:36 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-09 21:36 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-09 21:36 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-09 21:36 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-09 21:36 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-09 21:36 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-09 21:36 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-09 21:36 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-09 21:36 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-09 21:36 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-09 21:36 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-09 21:36 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-09 21:36 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-09 21:36 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-09 21:34 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-09 21:34 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-09 21:34 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-08 19:13 - 2014-07-08 19:13 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Xamasoft 2014-07-07 21:14 - 2014-07-18 11:22 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Audacity 2014-07-05 11:33 - 2014-07-05 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP 2014-07-05 11:29 - 2014-07-05 21:59 - 00000000 ____D () C:\xampp 2014-07-03 20:16 - 2014-07-03 20:16 - 00000222 _____ () C:\Users\Kaskadeking\Desktop\Infinity Wars - Animated Trading Card Game.url 2014-07-03 20:01 - 2014-07-18 14:36 - 00073784 _____ () C:\Users\Kaskadeking\Desktop\KsTBeats - Projekte (VLC Netzwerkstream).xspf 2014-07-02 14:28 - 2014-07-02 17:03 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\DVDVideoSoft 2014-07-01 19:11 - 2014-07-01 19:11 - 00000568 _____ () C:\Users\Kaskadeking\Documents\kaskadekingde@live.de (0x2D011EB4) rev.asc 2014-07-01 19:08 - 2014-07-01 19:08 - 00000568 _____ () C:\Users\Kaskadeking\Documents\kaskadekingde@gmail.com (0xDF5CFF9B) rev.asc 2014-07-01 19:01 - 2014-07-24 13:02 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\gnupg 2014-07-01 19:01 - 2014-07-01 19:01 - 00000000 ____D () C:\ProgramData\GNU 2014-07-01 19:01 - 2014-07-01 19:01 - 00000000 ____D () C:\Program Files (x86)\GNU 2014-07-01 16:22 - 2014-07-01 16:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-07-01 14:55 - 2014-07-23 10:32 - 00001264 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk 2014-07-01 14:55 - 2014-07-23 10:32 - 00001252 _____ () C:\Users\Public\Desktop\paint.net.lnk 2014-07-01 14:55 - 2014-07-23 10:32 - 00000000 ____D () C:\Program Files\paint.net 2014-07-01 14:54 - 2014-07-01 14:58 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\paint.net 2014-06-28 16:26 - 2014-06-28 16:26 - 00000000 ____D () C:\Program Files (x86)\NirSoft 2014-06-28 15:01 - 2014-06-28 15:01 - 00000000 ____D () C:\Users\Kaskadeking\Desktop\DNSCrypt Windows Service Manager Package 2014-06-28 10:48 - 2014-06-28 10:48 - 00001290 _____ () C:\Users\Kaskadeking\Desktop\Auslogics Disk Defrag Professional.lnk 2014-06-28 10:48 - 2014-06-28 10:48 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Auslogics 2014-06-27 13:46 - 2014-06-27 13:46 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Razer 2014-06-27 13:46 - 2014-06-27 13:46 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Razer_Inc 2014-06-27 13:45 - 2014-06-27 13:45 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Razer 2014-06-27 13:44 - 2014-06-27 13:44 - 00002133 _____ () C:\Users\Public\Desktop\Razer Game Booster.lnk 2014-06-27 13:44 - 2014-06-27 13:44 - 00000000 ____D () C:\ProgramData\Razer 2014-06-27 13:44 - 2014-06-27 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer 2014-06-27 13:44 - 2014-06-27 13:44 - 00000000 ____D () C:\Program Files (x86)\Razer ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-07-27 11:47 - 2014-07-27 11:47 - 00017802 _____ () C:\Users\Kaskadeking\Desktop\FRST.txt 2014-07-27 11:47 - 2014-07-27 10:09 - 00000000 ____D () C:\FRST 2014-07-27 11:45 - 2014-07-27 11:45 - 00000838 _____ () C:\Users\Kaskadeking\Desktop\JRT.txt 2014-07-27 11:40 - 2014-07-27 11:40 - 01016261 _____ (Thisisu) C:\Users\Kaskadeking\Desktop\JRT.exe 2014-07-27 11:35 - 2014-07-27 10:53 - 00001159 _____ () C:\Users\Kaskadeking\Downloads\mbam.txt 2014-07-27 11:19 - 2014-07-21 20:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-27 10:16 - 2013-11-17 15:19 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Notepad++ 2014-07-27 10:07 - 2014-07-27 10:07 - 00000310 _____ () C:\Windows\PFRO.log 2014-07-27 04:06 - 2014-07-27 10:08 - 02093568 _____ (Farbar) C:\Users\Kaskadeking\Desktop\FRST64.exe 2014-07-26 21:29 - 2009-07-14 19:58 - 00715748 _____ () C:\Windows\system32\perfh007.dat 2014-07-26 21:29 - 2009-07-14 19:58 - 00157044 _____ () C:\Windows\system32\perfc007.dat 2014-07-26 21:29 - 2009-07-14 07:13 - 01669414 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-26 21:11 - 2014-01-11 14:36 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-26 21:10 - 2014-07-26 10:55 - 00000896 _____ () C:\Windows\setupact.log 2014-07-26 21:10 - 2014-07-26 10:55 - 00000021 _____ () C:\Windows\S.dirmngr 2014-07-26 21:10 - 2014-02-16 12:47 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-26 21:10 - 2013-11-16 11:00 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-07-26 21:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-26 20:54 - 2014-07-23 10:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-07-26 20:49 - 2014-02-06 17:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-26 11:16 - 2014-07-26 11:09 - 00000000 ____D () C:\Users\Public\Documents\cs 2014-07-26 11:15 - 2014-06-09 16:48 - 00001024 _____ () C:\.rnd 2014-07-26 11:10 - 2014-07-26 11:10 - 00000000 ____D () C:\ProgramData\Caphyon 2014-07-26 11:04 - 2009-07-14 06:45 - 00022032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-26 11:04 - 2009-07-14 06:45 - 00022032 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-26 11:03 - 2014-04-05 19:05 - 01586967 _____ () C:\Windows\WindowsUpdate.log 2014-07-26 10:56 - 2013-11-16 12:24 - 00000000 ____D () C:\ProgramData\VMware 2014-07-26 10:55 - 2014-07-26 10:55 - 00000000 _____ () C:\Windows\setuperr.log 2014-07-25 16:48 - 2014-07-25 12:14 - 00001690 _____ () C:\Users\Public\Desktop\The Sims 2 Ultimate Collection.lnk 2014-07-25 16:38 - 2013-12-08 18:08 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-07-25 16:37 - 2014-07-25 12:16 - 00000000 ____D () C:\Users\Public\Documents\EA Games 2014-07-25 16:37 - 2014-04-05 13:42 - 00000000 ____D () C:\Users\Kaskadeking\Documents\EA Games 2014-07-25 12:14 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-07-25 10:26 - 2013-12-03 16:12 - 00010752 _____ () C:\Users\Kaskadeking\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-25 10:21 - 2014-07-25 10:20 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\GiliSoft 2014-07-24 17:01 - 2013-11-17 17:47 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-07-24 15:21 - 2014-04-05 17:20 - 00001948 _____ () C:\Windows\Sandboxie.ini 2014-07-24 13:02 - 2014-07-01 19:01 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\gnupg 2014-07-24 12:43 - 2013-12-08 18:17 - 00000000 ____D () C:\Program Files (x86)\Origin Games 2014-07-24 12:31 - 2014-02-13 18:12 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Visual Studio 2013 2014-07-24 10:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-24 10:03 - 2014-07-24 10:02 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\.kde 2014-07-24 10:02 - 2014-07-24 10:02 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\GNU 2014-07-24 10:01 - 2013-12-24 11:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-07-24 10:00 - 2013-11-16 11:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-23 21:52 - 2014-07-23 21:28 - 00000278 _____ () C:\.htaccess 2014-07-23 20:46 - 2014-07-23 20:46 - 00000016 _____ () C:\Users\Kaskadeking\Desktop\APB Premium 1 Day.txt 2014-07-23 20:23 - 2014-03-08 10:53 - 00000000 ____D () C:\Users\Kaskadeking\Stuff 2014-07-23 18:13 - 2014-07-23 18:13 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Downloaded Installations 2014-07-23 18:13 - 2014-07-23 18:13 - 00000000 ____D () C:\Program Files (x86)\AMD 2014-07-23 18:13 - 2014-03-30 15:30 - 00000000 ____D () C:\Users\Kaskadeking\Documents\My Games 2014-07-23 18:12 - 2014-07-23 18:12 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA 2014-07-23 18:12 - 2014-07-23 18:12 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies 2014-07-23 18:12 - 2014-02-05 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-07-23 17:20 - 2014-03-16 14:45 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\.minecraft 2014-07-23 14:19 - 2014-07-23 12:04 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-07-23 14:19 - 2014-05-31 22:12 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-07-23 14:08 - 2014-05-31 20:15 - 00281288 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-07-23 13:52 - 2014-07-23 13:52 - 00001177 _____ () C:\Users\Kaskadeking\Desktop\Auslogics BoostSpeed.lnk 2014-07-23 13:52 - 2014-07-23 13:52 - 00000000 ____D () C:\Windows\System32\Tasks\Auslogics 2014-07-23 13:52 - 2014-06-08 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics 2014-07-23 13:52 - 2014-06-08 19:37 - 00000000 ____D () C:\Program Files (x86)\Auslogics 2014-07-23 12:18 - 2014-05-31 22:12 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-07-23 12:04 - 2014-05-31 21:54 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\PunkBuster 2014-07-23 11:52 - 2013-11-16 11:48 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Thunderbird 2014-07-23 10:33 - 2013-11-16 12:18 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Skype 2014-07-23 10:32 - 2014-07-01 14:55 - 00001264 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk 2014-07-23 10:32 - 2014-07-01 14:55 - 00001252 _____ () C:\Users\Public\Desktop\paint.net.lnk 2014-07-23 10:32 - 2014-07-01 14:55 - 00000000 ____D () C:\Program Files\paint.net 2014-07-23 10:29 - 2014-04-05 18:35 - 00002008 _____ () C:\Users\Kaskadeking\Desktop\FileZilla Client.lnk 2014-07-23 10:29 - 2014-01-12 11:26 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\FileZilla 2014-07-23 10:29 - 2014-01-12 11:25 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-07-23 10:27 - 2014-07-23 10:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-21 20:27 - 2014-07-21 20:26 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-21 20:27 - 2014-07-21 20:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-21 20:26 - 2014-07-21 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-21 20:22 - 2014-06-09 10:52 - 00000000 ____D () C:\ProgramData\InstallMate 2014-07-21 20:20 - 2014-07-21 20:20 - 00000000 ____D () C:\Program Files (x86)\Ruiware 2014-07-21 18:47 - 2013-11-16 12:29 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\VMware 2014-07-21 18:47 - 2013-11-16 12:29 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\VMware 2014-07-21 18:42 - 2014-05-13 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo 2014-07-21 18:40 - 2013-11-26 15:52 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Virtual Machines 2014-07-21 18:08 - 2013-11-17 17:27 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\EpickingDE 2014-07-21 16:11 - 2013-11-16 10:56 - 00000000 ____D () C:\Users\Kaskadeking 2014-07-21 16:08 - 2013-11-16 12:27 - 00000000 ___RD () C:\Users\Kaskadeking\Dropbox 2014-07-21 16:07 - 2013-11-16 13:48 - 00000000 ____D () C:\Users\Kaskadeking\.gimp-2.8 2014-07-21 15:43 - 2014-06-15 14:46 - 00000000 ___RD () C:\Users\Kaskadeking\Sync 2014-07-21 14:33 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-07-21 14:06 - 2014-07-21 14:06 - 00005884 _____ () C:\Users\Kaskadeking\AppData\Local\recently-used.xbel 2014-07-21 14:06 - 2013-11-16 14:05 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\gtk-2.0 2014-07-21 10:15 - 2013-11-16 12:24 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Dropbox 2014-07-21 10:14 - 2014-03-03 17:06 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\DropboxMaster 2014-07-20 09:39 - 2014-05-24 18:20 - 00001555 _____ () C:\Users\Kaskadeking\Desktop\KeePass2.lnk 2014-07-18 16:31 - 2014-06-25 21:14 - 00000000 ____D () C:\Users\Kaskadeking\Documents\FIFA World 2014-07-18 14:59 - 2014-07-18 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2014-07-18 14:59 - 2013-11-16 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-18 14:37 - 2013-11-16 18:37 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\vlc 2014-07-18 14:36 - 2014-07-03 20:01 - 00073784 _____ () C:\Users\Kaskadeking\Desktop\KsTBeats - Projekte (VLC Netzwerkstream).xspf 2014-07-18 14:15 - 2013-12-26 16:57 - 00000000 ____D () C:\Users\Kaskadeking\.thumbnails 2014-07-18 13:36 - 2014-07-18 12:04 - 00000000 ____D () C:\Users\Kaskadeking\Documents\MyGame 2014-07-18 13:21 - 2014-07-18 13:21 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\stetic 2014-07-18 13:21 - 2014-07-18 13:20 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\MonoDevelop-Unity-4.0 2014-07-18 13:20 - 2014-07-18 13:20 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\MonoDevelop-Unity-4.0 2014-07-18 12:27 - 2014-07-18 11:47 - 00000000 ____D () C:\ProgramData\Unity 2014-07-18 12:06 - 2014-07-18 11:52 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Unity 2014-07-18 11:47 - 2014-07-18 11:47 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Apple Computer 2014-07-18 11:47 - 2014-07-18 11:47 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Apple Computer 2014-07-18 11:47 - 2014-07-18 11:46 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Unity 2014-07-18 11:46 - 2014-07-18 11:37 - 00000000 ____D () C:\Program Files (x86)\Unity 2014-07-18 11:45 - 2014-07-18 11:45 - 00001128 _____ () C:\Users\Public\Desktop\Unity.lnk 2014-07-18 11:45 - 2014-07-18 11:45 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects 2014-07-18 11:36 - 2014-07-18 11:37 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-18 11:36 - 2014-07-18 11:37 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-18 11:36 - 2014-07-18 11:37 - 00176040 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-18 11:36 - 2014-07-18 11:37 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-18 11:36 - 2014-07-18 11:36 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-18 11:32 - 2014-07-18 11:32 - 00001861 _____ () C:\Users\Kaskadeking\Desktop\Blender.lnk 2014-07-18 11:30 - 2014-07-18 11:30 - 00000000 ____D () C:\Program Files\Blender Foundation 2014-07-18 11:22 - 2014-07-07 21:14 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Audacity 2014-07-18 11:11 - 2014-04-16 15:09 - 00000000 ____D () C:\Program Files (x86)\Minecraft Manager 2014-07-18 11:03 - 2014-07-16 14:31 - 00000133 _____ () C:\Users\Kaskadeking\SciTE.session 2014-07-16 14:15 - 2014-07-16 14:15 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Lua Projects 2014-07-16 14:12 - 2014-07-16 14:12 - 00000000 ____D () C:\Program Files (x86)\Lua 2014-07-15 08:39 - 2014-06-14 18:58 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-07-15 08:39 - 2014-06-14 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-07-12 14:18 - 2014-07-10 19:01 - 00001380 _____ () C:\Users\Kaskadeking\Desktop\ROBLOX Studio 2013.lnk 2014-07-12 14:18 - 2014-07-10 19:01 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2014-07-12 14:18 - 2014-07-10 19:01 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Roblox 2014-07-12 12:31 - 2009-07-14 04:34 - 00000120 _____ () C:\Windows\system32\Drivers\etc\hosts.old 2014-07-12 11:47 - 2013-11-16 12:16 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\TS3Client 2014-07-11 21:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-07-11 18:52 - 2014-06-25 14:46 - 00000000 ____D () C:\Users\Kaskadeking\Documents\SteamCMD Games 2014-07-10 19:02 - 2014-07-10 19:02 - 00001368 _____ () C:\Users\Kaskadeking\Desktop\ROBLOX Player.lnk 2014-07-10 10:15 - 2009-07-14 06:45 - 00304952 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-09 22:31 - 2014-02-08 21:53 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-09 22:29 - 2014-02-08 21:53 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-09 17:35 - 2014-02-06 17:51 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-09 17:35 - 2013-11-16 12:41 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-09 17:35 - 2013-11-16 12:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-08 19:13 - 2014-07-08 19:13 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Xamasoft 2014-07-07 16:16 - 2014-04-20 11:49 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-07-07 16:16 - 2014-04-20 11:49 - 00001094 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-07-07 11:57 - 2013-12-08 18:09 - 00000000 ____D () C:\ProgramData\Origin 2014-07-05 21:59 - 2014-07-05 11:29 - 00000000 ____D () C:\xampp 2014-07-05 11:33 - 2014-07-05 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP 2014-07-04 12:44 - 2013-12-24 11:37 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-07-03 20:16 - 2014-07-03 20:16 - 00000222 _____ () C:\Users\Kaskadeking\Desktop\Infinity Wars - Animated Trading Card Game.url 2014-07-02 17:03 - 2014-07-02 14:28 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\DVDVideoSoft 2014-07-01 19:50 - 2014-01-11 12:45 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\DAEMON Tools Lite 2014-07-01 19:11 - 2014-07-01 19:11 - 00000568 _____ () C:\Users\Kaskadeking\Documents\kaskadekingde@live.de (0x2D011EB4) rev.asc 2014-07-01 19:08 - 2014-07-01 19:08 - 00000568 _____ () C:\Users\Kaskadeking\Documents\kaskadekingde@gmail.com (0xDF5CFF9B) rev.asc 2014-07-01 19:01 - 2014-07-01 19:01 - 00000000 ____D () C:\ProgramData\GNU 2014-07-01 19:01 - 2014-07-01 19:01 - 00000000 ____D () C:\Program Files (x86)\GNU 2014-07-01 17:16 - 2013-12-09 17:43 - 00000000 ____D () C:\Windows\Minidump 2014-07-01 16:23 - 2014-04-03 20:16 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-07-01 16:22 - 2014-07-01 16:22 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-07-01 16:22 - 2014-04-19 12:34 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-07-01 16:22 - 2013-12-24 11:37 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-07-01 16:22 - 2013-12-24 11:37 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-07-01 16:22 - 2013-12-24 11:37 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-07-01 16:22 - 2013-12-24 11:37 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-07-01 16:22 - 2013-12-24 11:37 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-07-01 16:22 - 2013-12-24 11:37 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-07-01 16:22 - 2013-12-24 11:37 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-07-01 14:58 - 2014-07-01 14:54 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\paint.net 2014-06-30 15:13 - 2014-05-31 16:01 - 00000923 _____ () C:\Users\Kaskadeking\Desktop\TrueCrypt.lnk 2014-06-29 12:45 - 2014-06-22 16:24 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images 2014-06-28 16:26 - 2014-06-28 16:26 - 00000000 ____D () C:\Program Files (x86)\NirSoft 2014-06-28 15:01 - 2014-06-28 15:01 - 00000000 ____D () C:\Users\Kaskadeking\Desktop\DNSCrypt Windows Service Manager Package 2014-06-28 11:14 - 2014-06-20 16:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inno Key Generator 2014-06-28 11:14 - 2014-06-20 16:23 - 00000000 ____D () C:\Program Files (x86)\MJ Freelancing 2014-06-28 10:48 - 2014-06-28 10:48 - 00001290 _____ () C:\Users\Kaskadeking\Desktop\Auslogics Disk Defrag Professional.lnk 2014-06-28 10:48 - 2014-06-28 10:48 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Auslogics 2014-06-28 10:48 - 2014-06-08 19:37 - 00000000 ____D () C:\ProgramData\Auslogics 2014-06-27 18:01 - 2013-12-25 21:15 - 00000000 __SHD () C:\Users\Kaskadeking\Desktop\RAMMap 2014-06-27 13:46 - 2014-06-27 13:46 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Razer 2014-06-27 13:46 - 2014-06-27 13:46 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Razer_Inc 2014-06-27 13:45 - 2014-06-27 13:45 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Razer 2014-06-27 13:44 - 2014-06-27 13:44 - 00002133 _____ () C:\Users\Public\Desktop\Razer Game Booster.lnk 2014-06-27 13:44 - 2014-06-27 13:44 - 00000000 ____D () C:\ProgramData\Razer 2014-06-27 13:44 - 2014-06-27 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer 2014-06-27 13:44 - 2014-06-27 13:44 - 00000000 ____D () C:\Program Files (x86)\Razer ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-19 20:27 ==================== End Of Log ============================ --- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014 Ran by Kaskadeking at 2014-07-27 11:48:18 Running from C:\Users\Kaskadeking\Desktop Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acronis True Image 2014 (HKLM-x32\...\{3ECDD663-5AF8-489B-9E3C-561F33A271BD}Visible) (Version: 17.0.6673 - Acronis) Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) APB Reloaded (HKLM-x32\...\Steam App 113400) (Version: - Reloaded Productions) Ashampoo Burning Studio 2014 v.12.0.5 (HKLM-x32\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG) Ashampoo Snap 6 v.6.0.10 (HKLM-x32\...\{C92AB6F1-770F-EA32-6CF7-8A0792FA1A4B}_is1) (Version: 6.0.10 - Ashampoo GmbH & Co. KG) Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 6.5.6.0 - Auslogics Labs Pty Ltd) Auslogics Disk Defrag Professional (HKLM-x32\...\{ADE1535C-C836-4F2E-BDA1-1C7C304743E3}_is1) (Version: 4.3.9.0 - Auslogics Software Pty Ltd) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) AxCrypt 1.7.3156.0 (HKLM\...\{8B49CDB9-824C-44D6-A5D3-D0235D3030B8}) (Version: 1.7.3156.0 - Axantum Software AB) Blender (HKLM\...\Blender) (Version: 2.71 - Blender Foundation) BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.9.3088 - BlueStack Systems, Inc.) BlueStacks Notification Center (HKLM-x32\...\{4C02AFA8-074D-44FE-B0E1-A73D4AA65390}) (Version: 0.8.9.3088 - BlueStack Systems, Inc.) Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Buildtools-Sprachressourcen - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Buildtools-Sprachressourcen - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 6.12.2.633 - Microsoft Corporation) Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.) Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD) EA Sports FIFA World (HKLM-x32\...\{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}) (Version: 7.0.0.45489 - Electronic Arts, Inc.) EaseUS Data Recovery Wizard 7.0 (HKLM-x32\...\EaseUS Data Recovery Wizard 7.0_is1) (Version: - EaseUS) EaseUS Partition Master 9.3.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS) Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation) Erforderliche Komponenten für SSDT (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft Corporation) Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software) FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - ) FileZilla Client 3.9.0.1 (HKCU\...\FileZilla Client) (Version: 3.9.0.1 - Tim Kosse) FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.45 - FileZilla Project) Fireflies Screensaver (remove only) (HKLM-x32\...\Fireflies) (Version: - ) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project) Gun Monkeys (HKLM-x32\...\Steam App 239450) (Version: - Size Five Games) Hercules WiFi Station N (HKLM-x32\...\{120E5B08-DC3C-4DCD-AAB0-0BB5EB225929}) (Version: 7.0.0.0 - Hercules) Infinity Wars - Animated Trading Card Game (HKLM-x32\...\Steam App 257730) (Version: - Lightmare Studios) Inno Setup Version 5.5.4 (HKLM-x32\...\Inno Setup 5_is1) (Version: 5.5.4 - jrsoftware.org) Java 8 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218011FF}) (Version: 8.0.110 - Oracle Corporation) Java Auto Updater (x32 Version: 2.8.11.12 - Oracle, Inc.) Hidden Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation) Logon Screen (HKLM\...\{1730D13B-7517-4321-A88B-64627CF67CDC}_is1) (Version: - Daniel Rebelo) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft C++ REST SDK for Visual Studio 2013 (x32 Version: 1.0 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation) Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Help Viewer 2.1 (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Help Viewer 2.1 Sprachpaket - DEU (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden Microsoft NuGet - Visual Studio Express 2013 for Windows Desktop (x32 Version: 2.7.40911.287 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{EC75BD20-F9CA-4E77-825F-ABD77E95BE91}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{0BF65908-D137-4A9E-B7C9-78F32F74F6FD}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL-Sprachdienst (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 DEU (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - DEU (12.0.30919.1) (HKLM-x32\...\{7CC03C58-3471-43D2-A251-EC9AE225E772}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation) Microsoft Team Foundation Server 2013 Object Model (x64) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Team Foundation Server 2013-Objektmodell Sprachpaket (x64) - DEU (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ x64 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ x86 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 32bit Compilers - DEU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Core Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86-x64 Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual Studio 2013 Express Prerequisites x64 - DEU (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Shell (Minimum) (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Shell-(Mindest)-Ressourcen (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013 Team Explorer Sprachpaket - DEU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio 2013-Vorbereitung (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Express 2013 for Windows Desktop (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Express 2013 für Windows Desktop - DEU (HKLM-x32\...\{42da2807-2142-4f67-816d-684a640cd6ff}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio Express 2013 für Windows Desktop - DEU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Ultimate 2013 XAML UI Designer Core (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual Studio Ultimate 2013 XAML UI Designer deu Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Windows SDK .NET Framework Tools (30514) (Version: 7.1.30514 - Microsoft) Hidden Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation) Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK Intellisense and Reference Assemblies (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 - Microsoft Corporation) Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version: - Virtual Heroes) Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) Mozilla Thunderbird 31.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.0 (x86 de)) (Version: 31.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MultiCommander (HKCU\...\MultiCommander) (Version: - ) NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - ) No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.2 - Vitalwerks Internet Solutions LLC) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team) NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation) NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation) NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation) NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation) Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.) paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC) Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation) Pokemon Online 2.4.1 (HKLM-x32\...\{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1) (Version: - Dreambelievers) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 r2290 - ) Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) ROBLOX Player for Kaskadeking (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Studio 2013 for Kaskadeking (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation) RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software) RT 7 Lite (64-Bit) (HKCU\...\RT 7 Lite x64) (Version: 2.6.0 - Rockers Team) RT 7 Lite x64 (Version: 2.6.0 - Rockers Team) Hidden S4 League_EU (HKLM-x32\...\{6DCD0B4D-EC6E-46C4-921B-F108450467C2}) (Version: 1.00.0000 - ) Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC) SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Sonic Adventure DX (HKLM-x32\...\Steam App 71250) (Version: - SEGA) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC) Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer) The Movies(TM) (HKLM-x32\...\InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}) (Version: 1.0 - Activision) The Movies(TM) (x32 Version: 1.0 - Activision) Hidden The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts) tools-freebsd (x32 Version: 9.6.2.1744117 - VMware, Inc.) Hidden tools-linux (x32 Version: 9.6.2.1744117 - VMware, Inc.) Hidden tools-netware (x32 Version: 9.6.2.1744117 - VMware, Inc.) Hidden tools-solaris (x32 Version: 9.6.2.1744117 - VMware, Inc.) Hidden tools-windows (x32 Version: 9.6.2.1744117 - VMware, Inc.) Hidden tools-winPre2k (x32 Version: 9.6.2.1744117 - VMware, Inc.) Hidden TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) Unity (HKLM-x32\...\Unity) (Version: 4.5.2f1 - Unity Technologies ApS) Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS) Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton) updateSystem.NET (HKLM\...\8d7ea403-65fb-4276-8ada-3b39f0fe2461) (Version: 1.5.2.515 - Maximilian Krauss) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.2 - VMware, Inc) VMware Workstation (Version: 10.0.2 - VMware, Inc.) Hidden Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Software Development Kit (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden Windows Software Development Kit (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden Windows Software Development Kit DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden Windows Software Development Kit DirectX x64 Remote (Version: 8.59.29989 - Microsoft Corporation) Hidden Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden Windows Software Development Kit for Windows Store Apps (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16422 - Microsoft Corporation) Windows XP Targeting with C++ (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware) WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version: - Team17 Software Ltd.) XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-4 - Bitnami) Zombie Panic Source (HKLM-x32\...\Steam App 17500) (Version: - Zombie Panic Team) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kaskadeking\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll () CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kaskadeking\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kaskadeking\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kaskadeking\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-4058871879-2829469030-3260525534-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kaskadeking\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 23-07-2014 16:09:02 DirectX wurde installiert 26-07-2014 09:02:31 Revo Uninstaller's restore point - GiliSoft Video Editor 6.5.0 26-07-2014 09:09:30 Установлено CyberSafe Top Secret 2 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2014-07-27 10:17 - 00512567 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 0.0.0.0 fr.a2dfp.net 0.0.0.0 m.fr.a2dfp.net 0.0.0.0 mfr.a2dfp.net 0.0.0.0 ad.a8.net 0.0.0.0 asy.a8ww.net 0.0.0.0 static.a-ads.com 0.0.0.0 abcstats.com 0.0.0.0 ad4.abradio.cz 0.0.0.0 a.abv.bg 0.0.0.0 adserver.abv.bg 0.0.0.0 adv.abv.bg 0.0.0.0 bimg.abv.bg 0.0.0.0 ca.abv.bg 0.0.0.0 www2.a-counter.kiev.ua 0.0.0.0 track.acclaimnetwork.com 0.0.0.0 accuserveadsystem.com 0.0.0.0 www.accuserveadsystem.com 0.0.0.0 achmedia.com 0.0.0.0 csh.actiondesk.com 0.0.0.0 ads.activepower.net 0.0.0.0 app.activetrail.com 0.0.0.0 stat.active24stats.nl #[Tracking.Cookie] 0.0.0.0 traffic.acwebconnecting.com 0.0.0.0 office.ad1.ru 0.0.0.0 cms.ad2click.nl There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {26715208-6CDA-44E1-88A9-826487D14CAF} - System32\Tasks\Auslogics\BoostSpeed\Scan and Repair => Rundll32.exe TaskSchedulerHelper.dll,RunTask "BoostSpeed.exe" "-UseTray -Schedule" Task: {43D22127-E6CC-4924-A0A0-9B03986D8BA5} - System32\Tasks\{222D721A-5FAE-44BF-9CC9-3287A5198C86} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/go/help.faq.installer?LastError=1618 Task: {4C75E13B-8905-4A9E-AEB1-0FEAA20302D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated) Task: {528F1604-2E56-41E0-A41F-FB1BA70D7251} - System32\Tasks\Auslogics\BoostSpeed\Start BoostSpeed оn Kaskadeking logon => C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe [2014-07-16] (Auslogics) Task: {57D5AB86-97A2-4586-B345-495EDCD051E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-11] (Google Inc.) Task: {5DF92A72-03FC-4802-BBB0-767A91F1491D} - System32\Tasks\Eingabeaufforderung mit Systemrechten => cmd.exe Task: {76CBC28E-FF43-41A5-9856-C5069199BC7E} - System32\Tasks\{C38F636B-85FD-4911-BBE0-98CB89257A69} => C:\Users\Kaskadeking\Desktop\TheMovies-Recovery.exe Task: {888379CF-FDFF-41ED-8326-58973DC3894D} - System32\Tasks\{C7C57895-A707-4234-9D05-BEB662BF1504} => C:\Users\Kaskadeking\Desktop\TheMovies-Recovery.exe Task: {A5B29B19-E273-4004-862C-2C92057AA5C6} - System32\Tasks\WiFiN => C:\Program Files (x86)\Hercules\WiFi Station N\WiFiN.exe [2012-07-31] () Task: {B2927C61-F596-49D2-A2ED-C07AE20DE8C3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-01] (AVAST Software) Task: {B50E5808-AA27-465A-AB0A-2F47942BE1B2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-11] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-10-01 10:32 - 2013-10-01 10:32 - 02818216 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll 2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2014-07-23 10:27 - 2014-07-23 10:27 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-07-09 17:35 - 2014-07-09 17:35 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll 2013-10-01 11:00 - 2013-10-01 11:00 - 00022336 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows:09CB0963D684C924 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: DirMngr => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\startupfolder: C:^Users^Kaskadeking^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe MSCONFIG\startupreg: NoIPDUCv4 => "C:\Program Files (x86)\No-IP\DUC40.exe" /minimize MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe" ==================== Faulty Device Manager Devices ============= Name: avast! Revert Description: avast! Revert Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswRvrt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: VMware Virtual Ethernet Adapter for VMnet1 Description: VMware Virtual Ethernet Adapter for VMnet1 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet8 Description: VMware Virtual Ethernet Adapter for VMnet8 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: avast! VM Monitor Description: avast! VM Monitor Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswVmm Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: VMware VMCI Host Device Description: VMware VMCI Host Device Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: vmci Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: NVIDIA nForce 10/100 Mbps Ethernet Description: NVIDIA nForce Networking Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: NVIDIA Service: NVNET Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (07/27/2014 11:48:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/27/2014 11:48:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/27/2014 11:48:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/27/2014 11:46:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/27/2014 11:46:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/27/2014 11:46:09 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-04-05 16:57:48.834 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-04-05 16:57:48.663 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 18% Total physical RAM: 6143.3 MB Available physical RAM: 4993.53 MB Total Pagefile: 12284.79 MB Available Pagefile: 11213.93 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:228.79 GB) (Free:54.06 GB) NTFS Drive w: (Windows 7 x64 Universal) (Fixed) (Total:4 GB) (Free:0.89 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 9CF2274C) Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=229 GB) - (Type=OF Extended) Partition 3: (Active) - (Size=4 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Der Benutzerprofildienst lädt jetzt zwar ordnungsgemäß wieder aber der Desktop ist immer noch schwarz. Er funktioniert aber nach ca. 1 Minute wieder. Vllt. ist da ja auch nur ein Nebeneffekt von der Systemwiederherstellung das der Desktop beim ersten Start so lange brauch (sehr unwahrscheinlich ) Ich werde das ganze mal beobachten |
27.07.2014, 14:19 | #4 |
/// the machine /// TB-Ausbilder | Benutzerprofildienst lädt ewig Dein Benutzerprofil is kaputt. Leg ein neues an und speicher die Daten aus dem alten, bevor gar nix mehr geht.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.07.2014, 14:43 | #5 |
Benutzerprofildienst lädt ewig Davon hab ich auch gelesen. Aber bei allen kam eine Fehlermeldung, bei mir aber braucht es nur ziemlich lange. Aber ich werd es trotzdem machen ^^
__________________ Mfg, Kaskadeking |
27.07.2014, 20:13 | #6 |
/// the machine /// TB-Ausbilder | Benutzerprofildienst lädt ewig sicher ist sicher
__________________ --> Benutzerprofildienst lädt ewig |
28.07.2014, 10:11 | #7 |
Benutzerprofildienst lädt ewig Hab jetzt schonmal ein 2. Account zur Sicherheit angelegt aber seit der Systemwiederherstellung funktioniert alles wieder. Der Desktop scheint auch wieder zügig zu laden.
__________________ Mfg, Kaskadeking |
28.07.2014, 18:31 | #8 |
/// the machine /// TB-Ausbilder | Benutzerprofildienst lädt ewig ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Benutzerprofildienst lädt ewig |
4d36e972-e325-11ce-bfc1-08002be10318, adware, antivirus, bildschirm, bluestacks, browser, combofix, computer, fehler, festplatte, firefox 31.0, flash player, ftp, helper, home, homepage, iexplore.exe, mozilla, nvbackend, poweriso, prozess, realtek, registry, required, rundll, scan, security, services.exe, software, svchost.exe, windows |