Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Alles rund um Windows (https://www.trojaner-board.de/alles-rund-um-windows/)
-   -   Unbekanntes Geräusch in Firefox bei Seitenwechsel (https://www.trojaner-board.de/152038-unbekanntes-geraeusch-firefox-seitenwechsel.html)

Kaskadeking 05.04.2014 12:37
Unbekanntes Geräusch in Firefox bei Seitenwechsel
 
Hallo an alle Trojaner-Board User ;)

Ich habe seit 3-5 Tagen ein Problem das ich beim Firefox ein Geräusch bekomme sobald ich die Seite wechsel. Das Geräusch kommt aber nur sobald ich eine Website aufrufe die ich noch nie aufgerufen habe. Heute ist es derzeit nur 1x gekommen gestern war es aber sehr oft.

Ich habe bereits einen Scan mit avast gemacht was nichts ergeben hat.
Malewarebytes hat einige PUPs gefunden die ich in die Quarantäne verschoben habe.

Malewarebytes Log:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.04.03.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Kaskadeking :: KASKADEKING-PC [Administrator]

03.04.2014 17:16:55
mbam-log-2014-04-03 (17-16-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 487280
Laufzeit: 1 Stunde(n), 41 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 14
C:\Users\Kaskadeking\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F462UDIW\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kaskadeking\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNHBKHIZ\SPIdentifierImpl[1].exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kaskadeking\AppData\Local\Temp\nsbEB03.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kaskadeking\AppData\Local\Temp\nse1A08.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kaskadeking\AppData\Local\Temp\nsk7505.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kaskadeking\AppData\Local\Temp\sp-downloader.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kaskadeking\AppData\Local\Temp\SPIdentifier.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kaskadeking\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kaskadeking\AppData\Local\Temp\AU\SPSetup.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kaskadeking\AppData\Local\Temp\nsv37EC\SpSetup.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsi3AB1.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsl33CE.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsnD109.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nst2F29.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

M-K-D-B 05.04.2014 12:59
:hallo:



Sollen wir deinen Rechner auf Malware überprüfen, um so auszuschließen, dass es davon kommt?

Kaskadeking 05.04.2014 14:30
Ich glaube nicht das es von Malware kommt da ich im ProcessExplorer keine verdächtigen Prozesse gefunden habe. Und beim Lautsprecher-Mixer wird auch nichts angezeigt wenn der Ton abgespielt wird. Ich habe aber noch mal einen Scan mit Malewarebytes gemacht der mir 6 weitere infizierte Dateien angezeigt hat. Davon waren 3 aber im Papierkorb und 3 im Temp Ordner (Appdata\Local\Temp).

Log:
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.04.03.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Kaskadeking :: KASKADEKING-PC [Administrator]

05.04.2014 15:21:05
mbam-log-2014-04-05 (15-21-05).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 233989
Laufzeit: 6 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Kaskadeking\AppData\Local\Temp\CT3251747 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 5
C:\$Recycle.Bin\S-1-5-21-4058871879-2829469030-3260525534-1000\$RM7LRXN.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-4058871879-2829469030-3260525534-1000\$RTDSQXE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-4058871879-2829469030-3260525534-1000\$RWWXMEU.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kaskadeking\AppData\Local\Temp\06055237-1be0-40ad-9697-276fee5509db\tb_PrizeRebelBar.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kaskadeking\AppData\Local\Temp\CT3251747\ddt.csf (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Conduit scheint lästiger zu sein als ich dachte

M-K-D-B 05.04.2014 14:33
Servus,



ich würde gerne Malware ausschließen, bevor wir anderes versuchen.

Bist du dabei? :)

Kaskadeking 05.04.2014 14:37
Ja, ich bin immer dabei :)

M-K-D-B 05.04.2014 15:18
Servus,


wir beginnen so:



Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Kaskadeking 05.04.2014 15:31
FRST.txt:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Kaskadeking (administrator) on KASKADEKING-PC on 05-04-2014 16:25:48
Running from C:\Users\Kaskadeking\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
() C:\Program Files (x86)\Hercules\WiFi Station N\WiFiN.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Guillemot Corporation) C:\Windows\SysWOW64\HerculesWiFiService.exe
(Sysinternals - www.sysinternals.com) C:\Users\Kaskadeking\Desktop\Desktops.exe
(Dropbox, Inc.) C:\Users\Kaskadeking\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Sysinternals - www.sysinternals.com) C:\USERS\KASKADEKING\DOCUMENTS\PROCESSEXPLORER\PROCEXP.EXE
(Sysinternals - www.sysinternals.com) C:\Users\Kaskadeking\AppData\Local\Temp\procexp64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe
(Sysinternals - www.sysinternals.com) C:\Users\Kaskadeking\Documents\ProcessExplorer\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\Kaskadeking\AppData\Local\Temp\procexp64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-29] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2014-02-03] (Power Software Ltd)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [815888 2014-02-18] (BlueStack Systems, Inc.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-11-18] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-4058871879-2829469030-3260525534-1000\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-4058871879-2829469030-3260525534-1000\...\Run: [Sysinternals Desktops] - C:\Users\Kaskadeking\Desktop\Desktops.exe [116824 2012-10-17] (Sysinternals - www.sysinternals.com)
HKU\S-1-5-21-4058871879-2829469030-3260525534-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4058871879-2829469030-3260525534-1000\...\MountPoints2: {8114ff9f-7a99-11e3-9628-0015833d0a57} - E:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-4058871879-2829469030-3260525534-1000\...\Winlogon: [Shell] expstart.exe [925184 2014-03-05] () <==== ATTENTION
IFEO\taskmgr.exe: [Debugger] "C:\USERS\KASKADEKING\DOCUMENTS\PROCESSEXPLORER\PROCEXP.EXE"
Startup: C:\Users\Kaskadeking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Kaskadeking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kaskadeking\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Kaskadeking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC6CB5525ACE2CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de
FF NetworkProxy: "autoconfig_url", "hxxp://localhost:8080/proxy.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nielsen/FirefoxTracker - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ColorZilla - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2014-01-12]
FF Extension: WOT - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-12]
FF Extension: Lightbeam - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013-11-27]
FF Extension: Stylish - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-03-05]
FF Extension: NoScript - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-16]
FF Extension: DownThemAll! - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-11-20]
FF Extension: User Agent Switcher - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-01-11]
FF Extension: Adblock Edge - C:\Users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-03-15]
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Privacy Suite 14\spmplugin3
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-24]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2014-03-29]

Chrome:
=======
CHR Extension: (avast! Online Security) - C:\Users\Kaskadeking\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-16]
CHR Extension: (SmallringFX DarkBlue Theme) - C:\Users\Kaskadeking\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfijmgohofmpjlcgmjplbpmkpchdhpk [2014-03-05]
CHR Extension: (Google Wallet) - C:\Users\Kaskadeking\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-29]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-01-16] (Adobe Systems)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-29] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-02-18] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-02-18] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [766736 2014-02-18] (BlueStack Systems, Inc.)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany)
R2 HerculesWiFi; C:\Windows\SysWOW64\\HerculesWiFiService.exe [78232 2012-07-31] (Guillemot Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-05] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580232 2013-12-09] (WiseCleaner.com)
S2 楗敳潂瑯獁楳瑳湡t; 㩃停潲牧浡䘠汩獥⠠㡸⤶坜獩履楗敳䌠牡⁥㘳尵潂瑯楔敭攮數 [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-29] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-29] ()
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122128 2014-02-18] (BlueStack Systems)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-11] (Disc Soft Ltd)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [85016 2014-03-09] (Sysinternals - www.sysinternals.com)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1065616 2012-07-11] (Realtek Semiconductor Corporation                          )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-01-11] (Duplex Secure Ltd.)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31824 2013-10-18] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
U3 axy2ky1t; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-05 16:25 - 2014-04-05 16:26 - 00017404 _____ () C:\Users\Kaskadeking\Desktop\FRST.txt
2014-04-05 16:25 - 2014-04-05 16:25 - 00000000 ____D () C:\FRST
2014-04-05 16:25 - 2014-03-13 05:38 - 02157056 _____ (Farbar) C:\Users\Kaskadeking\Desktop\FRST64.exe
2014-04-05 13:42 - 2014-04-05 13:42 - 00000000 ____D () C:\Users\Kaskadeking\Documents\EA Games
2014-04-05 13:41 - 2014-04-05 13:41 - 00000000 __RHD () C:\Users\Kaskadeking\AppData\Roaming\SecuROM
2014-04-05 12:14 - 2014-04-05 12:33 - 02905749 _____ (EpickingDE ) C:\Users\Kaskadeking\Desktop\Minecraft Manager 1.4.3.exe
2014-04-05 11:01 - 2014-04-05 11:01 - 00000000 ____D () C:\ProgramData\NovaTech Network
2014-04-05 10:58 - 2014-04-05 10:58 - 00000000 ____D () C:\Program Files (x86)\Novawave
2014-04-04 19:44 - 2012-10-17 18:28 - 00116824 _____ (Sysinternals - www.sysinternals.com) C:\Users\Kaskadeking\Desktop\Desktops.exe
2014-04-04 19:38 - 2014-04-04 19:43 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Dexpot
2014-04-04 19:37 - 2014-04-04 19:43 - 00000000 ____D () C:\Program Files (x86)\Dexpot
2014-04-04 19:24 - 2014-04-04 22:15 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Freemake Music Box
2014-04-04 19:24 - 2014-04-04 19:24 - 00001256 _____ () C:\Users\Public\Desktop\Freemake Music Box.lnk
2014-04-04 19:24 - 2014-04-04 19:24 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Freemake
2014-04-04 19:24 - 2014-04-04 19:24 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-04-04 19:24 - 2014-04-04 19:24 - 00000000 ____D () C:\ProgramData\Freemake
2014-04-04 19:24 - 2014-04-04 19:24 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-04-04 19:08 - 2014-04-04 19:08 - 00000000 ____D () C:\Program Files\Axantum
2014-04-03 20:16 - 2014-04-03 20:16 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-03 18:23 - 2014-04-03 19:03 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-04-02 18:54 - 2014-04-02 18:54 - 00001093 _____ () C:\Users\Kaskadeking\Desktop\Cheat Engine.lnk
2014-04-02 18:54 - 2014-04-02 18:54 - 00000000 ____D () C:\Users\Kaskadeking\Documents\My Cheat Tables
2014-04-02 18:54 - 2014-04-02 18:54 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.3
2014-04-02 18:17 - 2014-04-02 18:17 - 00000000 ____D () C:\ProgramData\InstallMate
2014-04-02 13:52 - 2014-04-04 17:12 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Euro Truck Simulator 2
2014-04-01 15:59 - 2014-04-01 15:59 - 02902039 _____ (EpickingDE ) C:\Users\Kaskadeking\Desktop\Minecraft_Manager_Setup.exe
2014-03-31 14:52 - 2014-03-31 14:52 - 00000000 ____D () C:\Users\Kaskadeking\Documents\GameMaker
2014-03-31 14:51 - 2014-03-31 14:58 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\gamemaker_studio
2014-03-31 14:51 - 2014-03-31 14:51 - 00000000 ____D () C:\ProgramData\gamemaker_studio
2014-03-30 16:21 - 2014-03-30 16:21 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-03-30 16:21 - 2014-03-30 16:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-03-30 15:39 - 2014-03-30 15:39 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Games for Windows - LIVE Demos
2014-03-30 15:30 - 2014-03-30 15:30 - 00000000 ____D () C:\Users\Kaskadeking\Documents\My Games
2014-03-30 15:30 - 2014-03-30 15:30 - 00000000 ____D () C:\ProgramData\Codemasters
2014-03-30 13:29 - 2014-04-05 12:35 - 00000000 ____D () C:\Program Files (x86)\Minecraft Manager
2014-03-30 13:18 - 2014-03-30 13:18 - 00001128 _____ () C:\Users\Public\Desktop\Inno Setup Compiler.lnk
2014-03-30 13:18 - 2014-03-30 13:18 - 00000000 ____D () C:\Program Files (x86)\Inno Setup 5
2014-03-30 13:16 - 2014-04-05 12:11 - 00000000 ____D () C:\Users\Kaskadeking\Desktop\Minecraft Manager Setup Daten
2014-03-30 10:59 - 2014-03-30 10:59 - 00000000 ____D () C:\Users\Kaskadeking\Source
2014-03-29 21:21 - 2014-03-29 21:21 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-29 14:58 - 2014-03-29 14:58 - 00000000 ____D () C:\Program Files (x86)\Fiddler2
2014-03-29 12:12 - 2014-03-29 12:12 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Banished
2014-03-27 16:02 - 2014-03-27 16:02 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\updateSystem.NET
2014-03-27 15:15 - 2014-03-27 15:15 - 00002022 _____ () C:\Users\Kaskadeking\Desktop\updateSystem.NET Administration.lnk
2014-03-27 15:15 - 2014-03-27 15:15 - 00000000 ____D () C:\Program Files\updateSystem.NET
2014-03-25 16:39 - 2014-03-25 16:39 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Fiddler2
2014-03-24 20:34 - 2014-03-24 20:34 - 00000000 ____D () C:\Users\Kaskadeking\Documents\updateSystem.NET
2014-03-23 14:36 - 2014-03-23 14:36 - 00001682 _____ () C:\Users\Public\Desktop\S4League.lnk
2014-03-23 14:32 - 2014-03-23 14:43 - 00000000 ____D () C:\Program Files (x86)\S4League
2014-03-19 19:41 - 2014-04-01 18:30 - 00000000 ____D () C:\Games
2014-03-19 19:38 - 2014-03-19 19:38 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\QuickScan
2014-03-19 19:08 - 2014-03-21 15:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-18 18:46 - 2014-04-01 18:28 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Cobalt
2014-03-18 18:46 - 2014-03-18 18:48 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Cobalt
2014-03-18 18:45 - 2014-04-01 18:28 - 00000000 ____D () C:\Program Files (x86)\Oxeye Games
2014-03-16 14:45 - 2014-04-05 15:54 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\.minecraft
2014-03-16 13:02 - 2014-03-16 13:03 - 00001848 _____ () C:\Users\Kaskadeking\Desktop\Wichtiges Zeug.lnk
2014-03-15 20:27 - 2014-03-16 11:23 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\streamripper
2014-03-15 20:19 - 2014-03-16 11:21 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-03-13 13:33 - 2014-03-13 13:33 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\.TCLauncher
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-12 16:50 - 2014-03-04 16:35 - 31474976 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-12 16:50 - 2014-03-04 16:35 - 25255256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-12 16:50 - 2014-03-04 16:35 - 23716640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-12 16:50 - 2014-03-04 16:35 - 17755424 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-12 16:50 - 2014-03-04 16:35 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-12 16:50 - 2014-03-04 16:35 - 12708128 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-12 16:50 - 2014-03-04 16:35 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-12 16:50 - 2014-03-04 16:35 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-12 16:50 - 2014-03-04 16:35 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-12 16:50 - 2014-03-04 16:35 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-12 16:50 - 2014-03-04 16:35 - 03143456 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-12 16:50 - 2014-03-04 16:35 - 02958792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-12 16:50 - 2014-03-04 16:35 - 02783008 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-12 16:50 - 2014-03-04 16:35 - 02411976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-12 16:50 - 2014-03-04 16:35 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433523.dll
2014-03-12 16:50 - 2014-03-04 16:35 - 01516488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433523.dll
2014-03-12 16:50 - 2014-03-04 16:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-12 16:50 - 2014-03-04 16:35 - 00877856 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-12 16:50 - 2014-03-04 16:35 - 00863064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-12 16:50 - 2014-03-04 16:35 - 00846168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-12 16:38 - 2014-03-12 16:38 - 00000000 ____D () C:\NVIDIA
2014-03-12 13:52 - 2014-03-12 13:52 - 00004348 _____ () C:\Windows\System32\Tasks\Erweiterter Taskmanager
2014-03-12 13:45 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 13:45 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 13:45 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 13:45 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 13:45 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 13:45 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 13:45 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 13:45 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 13:45 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 13:45 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 13:45 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 13:45 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 13:45 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 13:45 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 13:45 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 13:45 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 13:45 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 13:45 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 13:45 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 13:45 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 13:45 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 13:45 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 13:45 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 13:45 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 13:45 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 13:45 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 13:45 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 13:45 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 13:45 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 13:45 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 13:45 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 13:45 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 13:45 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 13:45 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 13:45 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 13:45 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 13:45 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 13:45 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 13:45 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 13:45 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 13:45 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 13:45 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 13:45 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 13:42 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 13:42 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-10 14:43 - 2014-03-30 12:50 - 00001587 _____ () C:\Users\Kaskadeking\Desktop\Wireshark.lnk
2014-03-09 11:35 - 2014-03-09 11:35 - 00085016 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON23.SYS
2014-03-09 11:28 - 2014-03-09 11:28 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Wireshark
2014-03-09 11:27 - 2014-03-09 11:27 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-03-09 11:26 - 2014-03-09 11:27 - 00000000 ____D () C:\Program Files\Wireshark
2014-03-08 10:53 - 2014-04-04 19:19 - 00000000 ____D () C:\Users\Kaskadeking\Stuff
2014-03-07 19:00 - 2014-03-23 10:48 - 00000000 ____D () C:\Users\Kaskadeking\Documents\EpickingDE Berichte
2014-03-07 17:25 - 2014-03-07 17:26 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-03-07 17:24 - 2014-03-07 17:24 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Bluestacks
2014-03-06 15:41 - 2014-03-06 15:49 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Garry's Mod

==================== One Month Modified Files and Folders =======

2014-04-05 16:26 - 2014-04-05 16:25 - 00017404 _____ () C:\Users\Kaskadeking\Desktop\FRST.txt
2014-04-05 16:25 - 2014-04-05 16:25 - 00000000 ____D () C:\FRST
2014-04-05 16:07 - 2014-02-09 11:01 - 01640746 _____ () C:\Windows\WindowsUpdate.log
2014-04-05 15:59 - 2014-02-16 12:47 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-05 15:59 - 2014-01-11 14:36 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-05 15:54 - 2014-03-16 14:45 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\.minecraft
2014-04-05 15:42 - 2009-07-14 06:45 - 00013232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-05 15:42 - 2009-07-14 06:45 - 00013232 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-05 15:37 - 2009-07-14 19:58 - 00702100 _____ () C:\Windows\system32\perfh007.dat
2014-04-05 15:37 - 2009-07-14 19:58 - 00150766 _____ () C:\Windows\system32\perfc007.dat
2014-04-05 15:37 - 2009-07-14 07:13 - 01628730 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-05 15:35 - 2014-02-06 17:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-05 15:34 - 2013-11-16 12:27 - 00000000 ___RD () C:\Users\Kaskadeking\Dropbox
2014-04-05 15:34 - 2013-11-16 12:24 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Dropbox
2014-04-05 15:33 - 2013-12-24 11:37 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-05 15:33 - 2013-12-23 11:05 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Wise Care 365
2014-04-05 15:33 - 2013-11-16 12:24 - 00000000 ____D () C:\ProgramData\VMware
2014-04-05 15:32 - 2014-03-05 09:16 - 00057962 _____ () C:\Windows\PFRO.log
2014-04-05 15:32 - 2014-03-02 16:02 - 00011816 _____ () C:\Windows\setupact.log
2014-04-05 15:32 - 2013-11-16 11:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-05 15:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-05 13:42 - 2014-04-05 13:42 - 00000000 ____D () C:\Users\Kaskadeking\Documents\EA Games
2014-04-05 13:41 - 2014-04-05 13:41 - 00000000 __RHD () C:\Users\Kaskadeking\AppData\Roaming\SecuROM
2014-04-05 13:41 - 2013-12-08 18:09 - 00000000 ____D () C:\ProgramData\Origin
2014-04-05 13:39 - 2013-12-08 18:08 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-05 12:55 - 2014-03-02 19:10 - 00261076 _____ () C:\Windows\DirectX.log
2014-04-05 12:35 - 2014-03-30 13:29 - 00000000 ____D () C:\Program Files (x86)\Minecraft Manager
2014-04-05 12:33 - 2014-04-05 12:14 - 02905749 _____ (EpickingDE ) C:\Users\Kaskadeking\Desktop\Minecraft Manager 1.4.3.exe
2014-04-05 12:11 - 2014-03-30 13:16 - 00000000 ____D () C:\Users\Kaskadeking\Desktop\Minecraft Manager Setup Daten
2014-04-05 12:08 - 2014-01-12 11:26 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\FileZilla
2014-04-05 11:01 - 2014-04-05 11:01 - 00000000 ____D () C:\ProgramData\NovaTech Network
2014-04-05 10:58 - 2014-04-05 10:58 - 00000000 ____D () C:\Program Files (x86)\Novawave
2014-04-05 10:22 - 2013-12-08 18:17 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-04-05 10:09 - 2014-02-25 17:05 - 00592896 _____ () C:\Users\Kaskadeking\Documents\KaskadekingDE-Passwoerter.ps7
2014-04-04 22:21 - 2013-11-17 17:47 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-04 22:15 - 2014-04-04 19:24 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Freemake Music Box
2014-04-04 19:43 - 2014-04-04 19:38 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Dexpot
2014-04-04 19:43 - 2014-04-04 19:37 - 00000000 ____D () C:\Program Files (x86)\Dexpot
2014-04-04 19:24 - 2014-04-04 19:24 - 00001256 _____ () C:\Users\Public\Desktop\Freemake Music Box.lnk
2014-04-04 19:24 - 2014-04-04 19:24 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Freemake
2014-04-04 19:24 - 2014-04-04 19:24 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-04-04 19:24 - 2014-04-04 19:24 - 00000000 ____D () C:\ProgramData\Freemake
2014-04-04 19:24 - 2014-04-04 19:24 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-04-04 19:19 - 2014-03-08 10:53 - 00000000 ____D () C:\Users\Kaskadeking\Stuff
2014-04-04 19:08 - 2014-04-04 19:08 - 00000000 ____D () C:\Program Files\Axantum
2014-04-04 17:12 - 2014-04-02 13:52 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Euro Truck Simulator 2
2014-04-04 15:27 - 2013-11-16 10:56 - 00000000 ____D () C:\Users\Kaskadeking
2014-04-03 20:16 - 2014-04-03 20:16 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-03 19:03 - 2014-04-03 18:23 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-04-03 17:13 - 2013-11-16 18:37 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\vlc
2014-04-02 18:54 - 2014-04-02 18:54 - 00001093 _____ () C:\Users\Kaskadeking\Desktop\Cheat Engine.lnk
2014-04-02 18:54 - 2014-04-02 18:54 - 00000000 ____D () C:\Users\Kaskadeking\Documents\My Cheat Tables
2014-04-02 18:54 - 2014-04-02 18:54 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.3
2014-04-02 18:17 - 2014-04-02 18:17 - 00000000 ____D () C:\ProgramData\InstallMate
2014-04-02 18:17 - 2014-02-25 17:02 - 00001138 _____ () C:\Users\Public\Desktop\Password Safe 7.lnk
2014-04-02 18:17 - 2014-02-25 17:02 - 00000000 ____D () C:\Program Files (x86)\Password Safe and Repository 7
2014-04-01 20:21 - 2014-01-24 19:06 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\BitTorrent
2014-04-01 18:30 - 2014-03-19 19:41 - 00000000 ____D () C:\Games
2014-04-01 18:28 - 2014-03-18 18:46 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Cobalt
2014-04-01 18:28 - 2014-03-18 18:45 - 00000000 ____D () C:\Program Files (x86)\Oxeye Games
2014-04-01 16:37 - 2014-02-13 18:12 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Visual Studio 2013
2014-04-01 15:59 - 2014-04-01 15:59 - 02902039 _____ (EpickingDE ) C:\Users\Kaskadeking\Desktop\Minecraft_Manager_Setup.exe
2014-04-01 15:54 - 2014-02-16 12:47 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-01 15:54 - 2014-01-11 14:36 - 00004116 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-31 16:27 - 2013-11-17 17:27 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\EpickingDE
2014-03-31 14:58 - 2014-03-31 14:51 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\gamemaker_studio
2014-03-31 14:52 - 2014-03-31 14:52 - 00000000 ____D () C:\Users\Kaskadeking\Documents\GameMaker
2014-03-31 14:51 - 2014-03-31 14:51 - 00000000 ____D () C:\ProgramData\gamemaker_studio
2014-03-30 20:36 - 2013-11-16 12:18 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-30 20:36 - 2013-11-16 12:18 - 00000000 ____D () C:\ProgramData\Skype
2014-03-30 16:21 - 2014-03-30 16:21 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-03-30 16:21 - 2014-03-30 16:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-03-30 15:39 - 2014-03-30 15:39 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Games for Windows - LIVE Demos
2014-03-30 15:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-30 15:30 - 2014-03-30 15:30 - 00000000 ____D () C:\Users\Kaskadeking\Documents\My Games
2014-03-30 15:30 - 2014-03-30 15:30 - 00000000 ____D () C:\ProgramData\Codemasters
2014-03-30 13:18 - 2014-03-30 13:18 - 00001128 _____ () C:\Users\Public\Desktop\Inno Setup Compiler.lnk
2014-03-30 13:18 - 2014-03-30 13:18 - 00000000 ____D () C:\Program Files (x86)\Inno Setup 5
2014-03-30 12:50 - 2014-03-10 14:43 - 00001587 _____ () C:\Users\Kaskadeking\Desktop\Wireshark.lnk
2014-03-30 10:59 - 2014-03-30 10:59 - 00000000 ____D () C:\Users\Kaskadeking\Source
2014-03-30 10:59 - 2014-02-14 16:42 - 00000000 ____D () C:\ProgramData\Microsoft Team Foundation Local Workspaces
2014-03-30 10:16 - 2013-12-28 13:14 - 00001003 _____ () C:\Users\Kaskadeking\Documents\MailShield.der
2014-03-30 10:13 - 2013-11-16 11:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 21:21 - 2014-03-29 21:21 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-29 21:21 - 2013-12-24 11:37 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-29 21:21 - 2013-12-24 11:37 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-29 21:21 - 2013-12-24 11:37 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-29 21:21 - 2013-12-24 11:37 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-29 21:21 - 2013-12-24 11:37 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-29 21:21 - 2013-12-24 11:37 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-03-29 21:21 - 2013-12-24 11:37 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-29 21:21 - 2013-12-24 11:37 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-29 14:58 - 2014-03-29 14:58 - 00000000 ____D () C:\Program Files (x86)\Fiddler2
2014-03-29 13:46 - 2014-02-15 11:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 12:12 - 2014-03-29 12:12 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Banished
2014-03-28 15:34 - 2014-03-03 17:05 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-28 15:34 - 2013-11-16 10:56 - 00000000 ___RD () C:\Users\Kaskadeking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-27 16:02 - 2014-03-27 16:02 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\updateSystem.NET
2014-03-27 15:15 - 2014-03-27 15:15 - 00002022 _____ () C:\Users\Kaskadeking\Desktop\updateSystem.NET Administration.lnk
2014-03-27 15:15 - 2014-03-27 15:15 - 00000000 ____D () C:\Program Files\updateSystem.NET
2014-03-25 16:39 - 2014-03-25 16:39 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Fiddler2
2014-03-24 20:34 - 2014-03-24 20:34 - 00000000 ____D () C:\Users\Kaskadeking\Documents\updateSystem.NET
2014-03-23 14:43 - 2014-03-23 14:32 - 00000000 ____D () C:\Program Files (x86)\S4League
2014-03-23 14:36 - 2014-03-23 14:36 - 00001682 _____ () C:\Users\Public\Desktop\S4League.lnk
2014-03-23 14:36 - 2013-11-16 11:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-23 10:48 - 2014-03-07 19:00 - 00000000 ____D () C:\Users\Kaskadeking\Documents\EpickingDE Berichte
2014-03-21 15:33 - 2014-03-19 19:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 19:38 - 2014-03-19 19:38 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\QuickScan
2014-03-18 21:47 - 2014-02-08 21:53 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 21:45 - 2014-02-08 21:53 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 18:48 - 2014-03-18 18:46 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Cobalt
2014-03-16 13:03 - 2014-03-16 13:02 - 00001848 _____ () C:\Users\Kaskadeking\Desktop\Wichtiges Zeug.lnk
2014-03-16 11:23 - 2014-03-15 20:27 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\streamripper
2014-03-16 11:21 - 2014-03-15 20:19 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-03-16 11:19 - 2014-03-05 20:17 - 00000000 ____D () C:\Program Files (x86)\Trendy Entertainment
2014-03-15 19:58 - 2014-02-21 21:10 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\CrashDumps
2014-03-13 13:33 - 2014-03-13 13:33 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\.TCLauncher
2014-03-13 13:12 - 2009-07-14 06:45 - 00291960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 05:38 - 2014-04-05 16:25 - 02157056 _____ (Farbar) C:\Users\Kaskadeking\Desktop\FRST64.exe
2014-03-12 17:07 - 2014-03-12 17:07 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-12 17:07 - 2013-11-16 10:59 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-12 16:38 - 2014-03-12 16:38 - 00000000 ____D () C:\NVIDIA
2014-03-12 16:37 - 2013-11-16 12:29 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\VMware
2014-03-12 16:37 - 2013-11-16 12:29 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\VMware
2014-03-12 13:53 - 2013-11-18 17:28 - 00003344 _____ () C:\Windows\System32\Tasks\Eingabeaufforderung mit Systemrechten
2014-03-12 13:52 - 2014-03-12 13:52 - 00004348 _____ () C:\Windows\System32\Tasks\Erweiterter Taskmanager
2014-03-11 19:36 - 2014-02-06 17:51 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 19:36 - 2013-11-16 12:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 19:36 - 2013-11-16 12:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-09 11:36 - 2013-11-27 17:39 - 00007605 _____ () C:\Users\Kaskadeking\AppData\Local\Resmon.ResmonCfg
2014-03-09 11:35 - 2014-03-09 11:35 - 00085016 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON23.SYS
2014-03-09 11:28 - 2014-03-09 11:28 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Roaming\Wireshark
2014-03-09 11:27 - 2014-03-09 11:27 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-03-09 11:27 - 2014-03-09 11:26 - 00000000 ____D () C:\Program Files\Wireshark
2014-03-09 11:21 - 2013-12-25 21:15 - 00000000 __SHD () C:\Users\Kaskadeking\Desktop\RAMMap
2014-03-08 12:05 - 2013-11-16 13:10 - 00000000 ____D () C:\EpickingDE
2014-03-07 17:33 - 2014-02-05 17:08 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-03-07 17:27 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-03-07 17:26 - 2014-03-07 17:25 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-03-07 17:24 - 2014-03-07 17:24 - 00000000 ____D () C:\Users\Kaskadeking\AppData\Local\Bluestacks
2014-03-06 15:49 - 2014-03-06 15:41 - 00000000 ____D () C:\Users\Kaskadeking\Documents\Garry's Mod
2014-03-06 15:38 - 2014-02-08 22:06 - 00064832 _____ () C:\Users\Kaskadeking\AppData\Local\GDIPFONTCACHEV1.DAT

Files to move or delete:
====================
C:\Users\Kaskadeking\jagex_cl_runescape_LIVE.dat


Some content of TEMP:
====================
C:\Users\Kaskadeking\AppData\Local\Temp\drm_dyndata_7380015.dll
C:\Users\Kaskadeking\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmavpjj.dll
C:\Users\Kaskadeking\AppData\Local\Temp\FreemakeMusicBox_1.0.1.0.exe
C:\Users\Kaskadeking\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.2-b2974jnks.dll
C:\Users\Kaskadeking\AppData\Local\Temp\jansi-64-git-Bukkit-1.7.2-R0.3-b3020jnks.dll
C:\Users\Kaskadeking\AppData\Local\Temp\nsi45CF.tmp.exe
C:\Users\Kaskadeking\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Kaskadeking\AppData\Local\Temp\nvStInst.exe
C:\Users\Kaskadeking\AppData\Local\Temp\procexp64.exe
C:\Users\Kaskadeking\AppData\Local\Temp\safeguard.exe
C:\Users\Kaskadeking\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-21 16:03

==================== End Of Log ============================
--- --- ---


Und hier die Addition:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Kaskadeking at 2014-04-05 16:26:38
Running from C:\Users\Kaskadeking\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Ashampoo WinOptimizer 10 v.10.2.6 (HKLM-x32\...\{4209F371-88D4-AB00-ED2B-D6520C84D9D5}_is1) (Version: 10.02.06 - Ashampoo GmbH & Co. KG)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
AxCrypt 1.7.3156.0 (HKLM\...\{8B49CDB9-824C-44D6-A5D3-D0235D3030B8}) (Version: 1.7.3156.0 - Axantum Software AB)
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30332 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.6.3059 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{62763BAD-53A8-4C9F-B4CF-7CCABFEFD725}) (Version: 0.8.6.3059 - BlueStack Systems, Inc.)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Buildtools-Sprachressourcen - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Camtasia Studio 8 (HKLM-x32\...\{F5C9BE9A-04C3-4A72-8CD0-BB67C722D608}) (Version: 8.1.2.1344 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 6.12.2.633 - Microsoft Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.25 - Dropbox, Inc.)
EaseUS Data Recovery Wizard 7.0 (HKLM-x32\...\EaseUS Data Recovery Wizard 7.0_is1) (Version:  - EaseUS)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{3FF082A7-A5DE-4BDA-B56A-1D2BEFD617A3}) (Version: 11.1.3000.0 - Microsoft Corporation)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.4.6.2 - Telerik)
FileZilla Client 3.7.3 (HKCU\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Freemake Music Box (HKLM-x32\...\Freemake Music Box_is1) (Version: 1.0.1 - Ellora Assets Corporation)
GameMaker: Studio (HKLM-x32\...\Steam App 214850) (Version:  - YoYo Games Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.8 (HKLM\...\GIMP-2_is1) (Version: 2.8.8 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hercules WiFi Station N (HKLM-x32\...\{120E5B08-DC3C-4DCD-AAB0-0BB5EB225929}) (Version: 7.0.0.0 - Hercules)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inno Setup Version 5.5.4 (HKLM-x32\...\Inno Setup 5_is1) (Version: 5.5.4 - jrsoftware.org)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Logon Screen (HKLM\...\{1730D13B-7517-4321-A88B-64627CF67CDC}_is1) (Version:  - Daniel Rebelo)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft C++ REST SDK for Visual Studio 2013 (x32 Version: 1.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden
Microsoft NuGet - Visual Studio Express 2013 for Windows Desktop (x32 Version: 2.7.40911.287 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{D4E30517-FE6F-491E-942F-AE10E1B18F38}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{B4EDAE03-DB34-4DD0-BA7E-2ED80DEA50B1}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{269A8DF6-BBDA-441F-932B-233F9B746D72}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{EC75BD20-F9CA-4E77-825F-ABD77E95BE91}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{0BF65908-D137-4A9E-B7C9-78F32F74F6FD}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{93945D16-4C3D-433E-B7E4-3D0D86B284C8}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{6F173435-3F19-4043-BA3D-A46AA8472859}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL-Sprachdienst  (HKLM-x32\...\{1D812D86-D8EF-41AC-A518-BA12E1913747}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (12.0.30919.1) (HKLM-x32\...\{7CC03C58-3471-43D2-A251-EC9AE225E772}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft Team Foundation Server 2013 Object Model (x64) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Team Foundation Server 2013-Objektmodell Sprachpaket (x64) - DEU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x64 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++  x86 Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 32bit Compilers - DEU Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Core Libraries (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86-x64 Compilers (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2013 Express Prerequisites x64 - DEU (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell (Minimum) (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Shell-(Mindest)-Ressourcen (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013 Team Explorer Sprachpaket - DEU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2013-Vorbereitung (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2013 for Windows Desktop (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2013 für Windows Desktop - DEU (HKLM-x32\...\{42da2807-2142-4f67-816d-684a640cd6ff}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 für Windows Desktop - DEU (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer Core (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2013 XAML UI Designer deu Resources (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Windows SDK .NET Framework Tools (30514) (Version: 7.1.30514 - Microsoft) Hidden
Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK Intellisense and Reference Assemblies (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
Microsoft-System-CLR-Typen für SQL Server 2012 (HKLM-x32\...\{43341417-7882-4F34-8390-53DFD00F6C0F}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2012 (x64) (HKLM\...\{24440413-490E-41CA-BD33-0B30FD3EBE3A}) (Version: 11.1.3366.16 - Microsoft Corporation)
Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.0.1 - Vitalwerks Internet Solutions LLC)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
NovaBench 3.0.4 (HKLM-x32\...\{88603FC0-6B3C-442D-981E-E3D49F083548}_is1) (Version:  - Novawave Inc.)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.6 (HKLM\...\{DC65DFD8-E175-4A85-948A-42965853B2E8}) (Version: 4.3.6 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Password Safe and Repository 7 (HKLM\...\{7B6F4DF3-57DA-49AD-8A6B-5639E9D66E8B}) (Version: 7.3.0.2223 - MATESO GmbH)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.0.2 r2161 - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
S4 League_EU (HKLM-x32\...\{6DCD0B4D-EC6E-46C4-921B-F108450467C2}) (Version: 1.00.0000 - )
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic Adventure DX (HKLM-x32\...\Steam App 71250) (Version:  - SEGA)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Movies(TM) (HKLM-x32\...\InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}) (Version: 1.0 - Activision)
The Movies(TM) (x32 Version: 1.0 - Activision) Hidden
tools-linux (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
updateSystem.NET (HKLM\...\8d7ea403-65fb-4276-8ada-3b39f0fe2461) (Version: 1.5.2.515 - Maximilian Krauss)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.1 - VMware, Inc)
VMware Player (Version: 6.0.1 - VMware, Inc.) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Software Development Kit (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x64 Remote (Version: 8.59.29989 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit DirectX x86 Remote (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote (Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Windows XP Targeting with C++ (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.10.6 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.6 - The Wireshark developer community, hxxp://www.wireshark.org)
Wise Care 365 Version 2.92 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.92 - WiseCleaner.com, Inc.)
Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version:  - Team17 Software Ltd.)
XYplorer 13.40 (HKLM-x32\...\XYplorer) (Version: 13.40 - Donald Lessau)

==================== Restore Points  =========================

30-03-2014 13:39:19 DirectX wurde installiert
30-03-2014 14:18:00 Revo Uninstaller's restore point - Microsoft Games for Windows Marketplace
30-03-2014 14:18:26 Removed Microsoft Games for Windows Marketplace
30-03-2014 14:19:22 Revo Uninstaller's restore point - Microsoft Games for Windows - LIVE Redistributable
30-03-2014 14:19:39 Removed Microsoft Games for Windows - LIVE Redistributable
30-03-2014 14:21:19 DirectX wurde installiert
30-03-2014 18:34:41 Windows Update
01-04-2014 16:23:19 Revo Uninstaller's restore point - DiRT 2
01-04-2014 16:27:10 Revo Uninstaller's restore point - Cobalt
01-04-2014 16:29:26 Revo Uninstaller's restore point - PlagueInc 1.0
01-04-2014 16:30:19 Revo Uninstaller's restore point - Rapture3D 2.3.26 Game
01-04-2014 16:32:15 Revo Uninstaller's restore point - OpenAL
03-04-2014 14:08:58 Revo Uninstaller's restore point - Euro Truck Simulator 2
03-04-2014 18:15:22 avast! antivirus system restore point
04-04-2014 12:12:50 Windows Update
04-04-2014 17:08:06 Installed AxCrypt 1.7.3156.0
05-04-2014 08:58:35 DirectX wurde installiert
05-04-2014 10:54:45 DirectX wurde installiert

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-03-23 11:34 - 00000889 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      epickingde.net
192.168.178.36  superwolf347.de


==================== Scheduled Tasks (whitelisted) =============

Task: {2D9005B1-ED55-41AC-9961-5DCA72872EE9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {49382FAC-98D4-489B-8F0C-A892B0C70BAB} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2013-12-09] (WiseCleaner.COM)
Task: {4C75E13B-8905-4A9E-AEB1-0FEAA20302D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {57D5AB86-97A2-4586-B345-495EDCD051E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-11] (Google Inc.)
Task: {5DF92A72-03FC-4802-BBB0-767A91F1491D} - System32\Tasks\Eingabeaufforderung mit Systemrechten => cmd.exe
Task: {8E93DA82-2581-4296-B300-4ED7FC7C4BF2} - System32\Tasks\Erweiterter Taskmanager => C:\Users\Kaskadeking\Documents\ProcessExplorer\procexp.exe [2014-02-04] (Sysinternals - www.sysinternals.com)
Task: {A5B29B19-E273-4004-862C-2C92057AA5C6} - System32\Tasks\WiFiN => C:\Program Files (x86)\Hercules\WiFi Station N\WiFiN.exe [2012-07-31] ()
Task: {B50E5808-AA27-465A-AB0A-2F47942BE1B2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-11] (Google Inc.)
Task: {E466CF9C-77CD-498F-93CA-F0EB86AD5F7B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-29] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe

==================== Loaded Modules (whitelisted) =============

2014-02-05 17:29 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-11-16 11:08 - 2012-07-31 15:43 - 01248152 _____ () C:\Program Files (x86)\Hercules\WiFi Station N\WiFiN.exe
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-03-05 14:25 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2013-10-29 22:45 - 2013-10-29 22:45 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2013-10-29 22:45 - 2013-10-29 22:45 - 00798392 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2013-10-29 22:41 - 2013-10-29 22:41 - 00058880 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.dll
2014-01-16 15:14 - 2014-01-16 15:14 - 00054696 _____ () C:\Program Files\Java\jre7\bin\prism-d3d.dll
2014-01-16 15:14 - 2014-01-16 15:14 - 00197544 _____ () C:\Program Files\Java\jre7\bin\glass.dll
2014-01-16 15:14 - 2014-01-16 15:14 - 00640424 _____ () C:\Program Files\Java\jre7\bin\libxml2.dll
2014-01-16 15:14 - 2014-01-16 15:14 - 00209832 _____ () C:\Program Files\Java\jre7\bin\libxslt.dll
2014-01-16 15:14 - 2014-01-16 15:14 - 14863784 _____ () C:\Program Files\Java\jre7\bin\jfxwebkit.dll
2014-01-16 15:14 - 2014-01-16 15:14 - 00319912 _____ () C:\Program Files\Java\jre7\bin\javafx-font.dll
2014-04-05 15:53 - 2014-04-05 15:53 - 00306176 _____ () C:\Users\Kaskadeking\AppData\Roaming\.minecraft\versions\BetterMinecraft-Beta\BetterMinecraft-Beta-natives-1319611214091\lwjgl64.dll
2014-04-05 15:53 - 2014-04-05 15:53 - 00382464 _____ () C:\Users\Kaskadeking\AppData\Roaming\.minecraft\versions\BetterMinecraft-Beta\BetterMinecraft-Beta-natives-1319611214091\OpenAL64.dll
2014-04-04 14:09 - 2014-04-04 14:09 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14040400\algo.dll
2014-04-05 15:35 - 2014-04-05 15:35 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040502\algo.dll
2014-03-05 14:25 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2014-04-05 15:33 - 2014-04-05 15:33 - 00041984 _____ () C:\Users\Kaskadeking\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmavpjj.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Kaskadeking\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-24 11:37 - 2013-12-24 11:37 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-18 13:46 - 2013-10-18 13:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2014-03-19 19:08 - 2014-03-19 19:08 - 03018864 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-03-19 19:08 - 2014-03-19 19:08 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-03-19 19:08 - 2014-03-19 19:08 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-02-15 11:59 - 2014-03-29 13:46 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-11 19:36 - 2014-03-11 19:36 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
2013-08-07 21:25 - 2013-08-07 21:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: A9TMKDS1 IDE Controller
Description: A9TMKDS1 IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: axy2ky1t
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/05/2014 03:33:02 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/05/2014 09:33:35 AM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/04/2014 03:37:57 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/04/2014 02:07:57 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/03/2014 08:38:45 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/03/2014 07:18:26 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/03/2014 07:18:12 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/03/2014 07:10:00 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/03/2014 04:27:53 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/03/2014 01:50:12 PM) (Source: BstHdAndroidSvc) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (04/05/2014 03:33:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (04/05/2014 03:33:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "楗敳䈠潯⁴獁楳瑳湡t"" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (04/05/2014 09:33:35 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (04/05/2014 09:33:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "楗敳䈠潯⁴獁楳瑳湡t"" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (04/04/2014 02:07:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (04/04/2014 02:07:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "楗敳䈠潯⁴獁楳瑳湡t"" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (04/03/2014 08:38:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (04/03/2014 08:38:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "楗敳䈠潯⁴獁楳瑳湡t"" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (04/03/2014 07:10:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (04/03/2014 07:09:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "楗敳䈠潯⁴獁楳瑳湡t"" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================
Error: (04/05/2014 03:33:02 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/05/2014 09:33:35 AM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/04/2014 03:37:57 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/04/2014 02:07:57 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/03/2014 08:38:45 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/03/2014 07:18:26 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/03/2014 07:18:12 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/03/2014 07:10:00 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/03/2014 04:27:53 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/03/2014 01:50:12 PM) (Source: BstHdAndroidSvc)(User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 6143.3 MB
Available physical RAM: 3371.92 MB
Total Pagefile: 12284.79 MB
Available Pagefile: 8831.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:231.29 GB) (Free:108.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 9CF2274C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=OF Extended)

==================== End Of Log ============================

M-K-D-B 05.04.2014 15:41
Servus,




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Kaskadeking 05.04.2014 16:06
ComboFix Log:

Code:
ComboFix 14-04-05.01 - Kaskadeking 05.04.2014  16:50:31.1.1 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.6143.4749 [GMT 2:00]
ausgeführt von:: c:\users\Kaskadeking\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-03-05 bis 2014-04-05  ))))))))))))))))))))))))))))))
.
.
2014-04-05 14:58 . 2014-04-05 14:58        --------        d-----w-        c:\users\hedev\AppData\Local\temp
2014-04-05 14:58 . 2014-04-05 14:58        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-04-05 14:25 . 2014-04-05 14:27        --------        d-----w-        C:\FRST
2014-04-05 11:41 . 2014-04-05 11:41        --------        d--h--r-        c:\users\Kaskadeking\AppData\Roaming\SecuROM
2014-04-05 09:01 . 2014-04-05 09:01        --------        d-----w-        c:\programdata\NovaTech Network
2014-04-05 08:58 . 2014-04-05 08:58        --------        d-----w-        c:\program files (x86)\Novawave
2014-04-04 17:38 . 2014-04-04 17:43        --------        d-----w-        c:\users\Kaskadeking\AppData\Roaming\Dexpot
2014-04-04 17:37 . 2014-04-04 17:43        --------        d-----w-        c:\program files (x86)\Dexpot
2014-04-04 17:24 . 2014-04-04 20:15        --------        d-----w-        c:\users\Kaskadeking\AppData\Local\Freemake Music Box
2014-04-04 17:24 . 2014-04-04 17:24        --------        d-----w-        c:\programdata\Freemake
2014-04-04 17:24 . 2014-04-04 17:24        --------        d-----w-        c:\program files (x86)\Freemake
2014-04-04 17:08 . 2014-04-04 17:08        --------        d-----w-        c:\program files\Axantum
2014-04-04 12:13 . 2014-03-07 04:43        10521840        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B684D582-03EF-4543-B78D-12C1D9A3355B}\mpengine.dll
2014-04-03 16:23 . 2014-04-03 17:03        --------        d-----w-        c:\programdata\SecTaskMan
2014-04-02 16:54 . 2014-04-02 16:54        --------        d-----w-        c:\program files (x86)\Cheat Engine 6.3
2014-04-02 16:17 . 2014-04-02 16:17        --------        d-----w-        c:\programdata\InstallMate
2014-03-31 12:51 . 2014-03-31 12:58        --------        d-----w-        c:\users\Kaskadeking\AppData\Local\gamemaker_studio
2014-03-31 12:51 . 2014-03-31 12:51        --------        d-----w-        c:\programdata\gamemaker_studio
2014-03-30 14:21 . 2014-03-30 14:21        --------        d-----w-        c:\windows\SysWow64\xlive
2014-03-30 14:21 . 2014-03-30 14:21        --------        d-----w-        c:\program files (x86)\Microsoft Games for Windows - LIVE
2014-03-30 13:30 . 2014-03-30 13:30        --------        d-----w-        c:\programdata\Codemasters
2014-03-30 11:29 . 2014-04-05 10:35        --------        d-----w-        c:\program files (x86)\Minecraft Manager
2014-03-30 11:18 . 2014-03-30 11:18        --------        d-----w-        c:\program files (x86)\Inno Setup 5
2014-03-30 08:59 . 2014-03-30 08:59        --------        d-----w-        c:\users\Kaskadeking\Source
2014-03-29 19:21 . 2014-03-29 19:21        43152        ----a-w-        c:\windows\avastSS.scr
2014-03-29 12:58 . 2014-03-29 12:58        --------        d-----w-        c:\program files (x86)\Fiddler2
2014-03-27 14:02 . 2014-03-27 14:02        --------        d-----w-        c:\users\Kaskadeking\AppData\Roaming\updateSystem.NET
2014-03-27 13:15 . 2014-03-27 13:15        --------        d-----w-        c:\program files\updateSystem.NET
2014-03-23 12:32 . 2014-03-23 12:43        --------        d-----w-        c:\program files (x86)\S4League
2014-03-23 12:32 . 2003-08-15 15:02        69632        ------w-        c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2014-03-23 12:32 . 2003-08-15 14:57        212992        ------w-        c:\program files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2014-03-23 12:32 . 2003-08-15 15:01        380928        ------w-        c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2014-03-23 12:31 . 2003-09-03 01:28        724992        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2014-03-23 12:31 . 2003-09-03 01:27        69715        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2014-03-23 12:31 . 2003-09-03 01:26        266240        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2014-03-23 12:31 . 2003-09-03 01:26        192512        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2014-03-23 12:31 . 2003-09-03 01:25        5632        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2014-03-23 12:31 . 2003-09-03 01:23        32768        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2014-03-23 12:31 . 2014-03-23 12:31        311428        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2014-03-23 12:31 . 2014-03-23 12:31        184452        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2014-03-19 17:41 . 2014-04-01 16:30        --------        d-----w-        C:\Games
2014-03-19 17:38 . 2014-03-19 17:38        --------        d-----w-        c:\users\Kaskadeking\AppData\Roaming\QuickScan
2014-03-19 17:08 . 2014-03-21 13:33        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2014-03-18 16:46 . 2014-04-01 16:28        --------        d-----w-        c:\users\Kaskadeking\AppData\Roaming\Cobalt
2014-03-18 16:45 . 2014-04-01 16:28        --------        d-----w-        c:\program files (x86)\Oxeye Games
2014-03-16 12:45 . 2014-04-05 13:54        --------        d-----w-        c:\users\Kaskadeking\AppData\Roaming\.minecraft
2014-03-15 18:27 . 2014-03-16 09:23        --------        d-----w-        c:\users\Kaskadeking\AppData\Roaming\streamripper
2014-03-15 18:19 . 2014-03-16 09:21        --------        d-----w-        c:\program files (x86)\Common Files\PX Storage Engine
2014-03-15 18:19 . 2014-03-16 09:21        --------        d-----w-        c:\program files (x86)\Winamp
2014-03-13 11:33 . 2014-03-13 11:33        --------        d-----w-        c:\users\Kaskadeking\AppData\Roaming\.TCLauncher
2014-03-12 15:07 . 2014-03-12 15:07        --------        d-----w-        c:\program files (x86)\AGEIA Technologies
2014-03-12 14:38 . 2014-03-12 14:38        --------        d-----w-        C:\NVIDIA
2014-03-12 11:42 . 2014-02-04 02:32        624128        ----a-w-        c:\windows\system32\qedit.dll
2014-03-12 11:42 . 2014-02-04 02:04        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
2014-03-09 09:35 . 2014-03-09 09:35        85016        ---ha-w-        c:\windows\system32\drivers\PROCMON23.SYS
2014-03-09 09:28 . 2014-03-09 09:28        --------        d-----w-        c:\users\Kaskadeking\AppData\Roaming\Wireshark
2014-03-09 09:27 . 2014-03-09 09:27        --------        d-----w-        c:\program files (x86)\WinPcap
2014-03-09 09:26 . 2014-03-09 09:27        --------        d-----w-        c:\program files\Wireshark
2014-03-08 08:53 . 2014-04-04 17:19        --------        d-----w-        c:\users\Kaskadeking\Stuff
2014-03-07 15:25 . 2014-03-07 15:26        --------        d-----w-        c:\program files (x86)\BlueStacks
2014-03-07 15:24 . 2014-03-07 15:24        --------        d-----w-        c:\users\Kaskadeking\AppData\Local\Bluestacks
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-30 13:41 . 2009-08-18 10:49        564632        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2014-03-30 13:41 . 2009-08-18 09:24        22240        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-03-29 19:21 . 2013-12-24 09:37        84816        ----a-w-        c:\windows\system32\drivers\aswstm.sys
2014-03-29 19:21 . 2013-12-24 09:37        208928        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2014-03-29 19:21 . 2013-12-24 09:37        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2014-03-29 19:21 . 2013-12-24 09:37        79184        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-03-29 19:21 . 2013-12-24 09:37        423240        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2014-03-29 19:21 . 2013-12-24 09:37        1039096        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2014-03-29 19:21 . 2013-12-24 09:37        334648        ----a-w-        c:\windows\system32\aswBoot.exe
2014-03-29 19:21 . 2013-12-24 09:37        93568        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2014-03-18 19:45 . 2014-02-08 19:53        90015360        ----a-w-        c:\windows\system32\MRT.exe
2014-03-11 17:36 . 2013-11-16 10:41        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 17:36 . 2013-11-16 10:41        692616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-05 12:19 . 2014-03-05 12:19        925184        ----a-w-        c:\windows\expstart.exe
2014-03-05 12:00 . 2009-07-13 23:55        332288        ----a-w-        c:\windows\system32\uxtheme.dll
2014-03-05 12:00 . 2013-11-18 16:08        2851840        ----a-w-        c:\windows\system32\themeui.dll
2014-03-05 12:00 . 2009-07-13 23:54        44544        ----a-w-        c:\windows\system32\themeservice.dll
2014-03-04 14:35 . 2014-02-18 19:18        15783992        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2014-03-04 14:35 . 2014-02-05 15:28        2715264        ----a-w-        c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2010-01-12 04:03        3093280        ----a-w-        c:\windows\system32\nvapi64.dll
2014-03-04 14:35 . 2010-01-12 04:03        18302384        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2014-03-04 14:35 . 2010-01-12 04:03        14709720        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2014-03-04 13:06 . 2010-01-11 22:19        6714312        ----a-w-        c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2010-01-11 22:19        3497816        ----a-w-        c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2010-01-11 22:19        922968        ----a-w-        c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2010-01-11 22:19        64968        ----a-w-        c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2010-01-11 22:19        2558808        ----a-w-        c:\windows\system32\nvsvcr.dll
2014-03-04 13:05 . 2010-01-11 22:19        386336        ----a-w-        c:\windows\system32\nvmctray.dll
2014-03-04 11:32 . 2014-02-18 19:24        599840        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2014-02-13 16:12 . 2014-02-13 16:12        1139040        ----a-w-        c:\programdata\Microsoft\WDExpress\12.0\1031\ResourceCache.dll
2014-02-08 18:34 . 2014-02-18 19:18        1885472        ----a-w-        c:\windows\system32\nvdispco6433489.dll
2014-02-08 18:34 . 2014-02-18 19:18        1515296        ----a-w-        c:\windows\system32\nvdispgenco6433489.dll
2014-02-03 06:45 . 2014-03-05 17:34        129944        ----a-w-        c:\windows\system32\drivers\scdemu.sys
2014-01-16 13:16 . 2014-01-16 13:16        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-16 13:14 . 2014-01-16 13:15        108968        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll
2014-01-16 13:14 . 2014-01-16 13:15        312744        ----a-w-        c:\windows\system32\javaws.exe
2014-01-16 13:14 . 2014-01-16 13:15        189352        ----a-w-        c:\windows\system32\javaw.exe
2014-01-16 13:14 . 2014-01-16 13:15        189352        ----a-w-        c:\windows\system32\java.exe
2014-01-11 11:10 . 2014-01-11 11:10        381440        ----a-w-        c:\windows\system32\drivers\sptd.sys
2014-01-11 10:45 . 2014-01-11 10:45        283064        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Kaskadeking\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Kaskadeking\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54        131248        ----a-w-        c:\users\Kaskadeking\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sysinternals Desktops"="c:\users\Kaskadeking\Desktop\Desktops.exe" [2012-10-17 116824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-29 3854640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2014-02-03 377368]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-02-18 815888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\users\Kaskadeking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Kaskadeking\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-3-19 32667896]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2013-10-29 36536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
R2 ????????t;????4????t;???????????????????????????;??????????????????????????? [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WiseBootAssistant;Wise Boot Assistant;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe;c:\program files (x86)\Wise\Wise Care 365\BootTime.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\DfsdkS64.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\DfsdkS64.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VsEtwService120;Visual Studio ETW-Ereignisauflistungsdienst;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
S2 HerculesWiFi;HerculesWiFi;c:\windows\SysWOW64\\HerculesWiFiService.exe;c:\windows\SysWOW64\\HerculesWiFiService.exe [x]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 BthAudioHF;BthAudioHF-Dienst;c:\windows\system32\DRIVERS\BthAudioHF.sys;c:\windows\SYSNATIVE\DRIVERS\BthAudioHF.sys [x]
S3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]
S3 csr_a2dp;Bluetooth-AV-Profil;c:\windows\system32\drivers\bthav.sys;c:\windows\SYSNATIVE\drivers\bthav.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - PROCEXP152
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 18:55        1150280        ----a-w-        c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-16 17:36]
.
2014-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-11 12:36]
.
2014-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-11 12:36]
.
2013-12-23 c:\windows\Tasks\Wise Turbo Checker.job
- c:\program files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2013-12-23 13:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-29 19:21        290888        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
LSP: %windir%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{6F19C187-7861-4839-A7CF-716C1C6FEECE}\642716E6B4562737: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Kaskadeking\AppData\Roaming\Mozilla\Firefox\Profiles\3tx73yav.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
Binary file temp00 matches
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WiseBootAssistant ]
"ImagePath"="???????????????????????????"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,33,df,0d,ad,89,52,45,af,c1,59,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,f3,68,06,b9,b5,48,44,9a,d5,7b,\
.
[HKEY_USERS\S-1-5-21-4058871879-2829469030-3260525534-1000\Software\SecuROM\License information*]
"datasecu"=hex:b1,66,08,81,65,31,4b,69,de,b8,6f,e2,29,a8,12,25,fc,74,f7,dc,55,
  47,e6,31,f0,da,ef,59,86,31,db,21,a9,a5,3e,ad,d1,f7,43,e4,06,9e,b3,85,41,f4,\
"rkeysecu"=hex:0f,1f,98,1e,ef,c1,26,5a,c6,da,42,0e,d3,79,52,56
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WiseBootAssistant*]
"Type"=dword:00000110
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=expand:"???????????????????????????"
"DisplayName"="????4????t\""
"WOW64"=dword:00000001
"ObjectName"="LocalSystem"
.
Zeit der Fertigstellung: 2014-04-05  17:00:45
ComboFix-quarantined-files.txt  2014-04-05 15:00
.
Vor Suchlauf: 12 Verzeichnis(se), 119.848.435.712 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 119.403.376.640 Bytes frei
.
- - End Of File - - AD851F4D00EEBD997CEF2F86D15D59D3
A36C5E4F47E84449FF07ED3517B43A31
EDIT: Ich weiß jetzt wo das Geräusch herkommt. Irgendwie hat NoScript einfach die Checkbox "Klang ausgeben, wenn Skripte blockiert werden" aktiviert was dann diesen merkwürdigen Ton von sich gibt. Ist also damit gelöst >.<

M-K-D-B 05.04.2014 18:08
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.







Ich bin froh, dass wir helfen konnten :abklatsch:

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! :)

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:21 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19