Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.11.2013, 10:23   #1
prnha
 
Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner - Frage

Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner



Hallo allerseits!
Anscheinend habe ich mir irgendwie einen Bitcoin-Miner zugezogen, der meine Grafikkarte nutzt. Ich vermute dies aus dem Grund, dass seit einigen Tagen mein Laptop-Lüfter, der für die GPU zuständig ist, gut hörbar lüftet, obwohl ich mich im Idle-Betrieb befinde. SpeedFan zeigt Temperaturen von um die 80 °C für die GPU an, obwohl ich normalerweise im Idle bei 50-60 °C bin. Der Windows-Taskmanager zeigt mir zwei Prozesse an, die meines Erachtens nach dafür zuständig sind: TimeServer.exe sowie WindowsTime.exe. Sie befinden sich im Ordner C:\ProgramData\Microsoft\Windows\Time -- anscheinend also nicht im normalen Windows-Ordner.
Unter den Autostarteinträgen befand sich ein Eintrag mit folgenden Daten:
Name: miner
Hersteller: Unbekannt
Befehl: "C:\Users\bakoe\AppData\Roaming\miner\nircmd.exe" exec hide "C:\Users\bakoe\AppData\Roaming\miner\start.bat"
Diesen Eintrag habe ich inzwischen deaktiviert und habe den entsprechenden Ordner (miner) in meinen Anwendungsdaten gelöscht. Nach einem Neustart besteht jedoch immer noch das Problem. Wenn ich jedoch die beiden Prozesse manuell über den Taskmanager beende, besteht das Problem bis zum nächsten Neustart nicht mehr. Wie kann ich den Bitcoin-Miner dauerhaft entfernen?
Hier sind meine Logfiles:
defogger_disable.txt:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:11 on 09/11/2013 (bakoe)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST.txt:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by bakoe (administrator) on BAKOE-LAPTOP on 09-11-2013 09:58:41
Running from C:\Users\bakoe\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft) C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe
() C:\Program Files (x86)\XSManager\WTGService.exe
(Microsoft) C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
() C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\bakoe\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-02-12] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [OscarEditor] - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe [3333632 2012-08-16] ()
MountPoints2: {dfcb6f5c-16b2-11e3-bdd1-68a3c434fd09} - F:\XSManagerinstallation.exe
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [676608 2013-06-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Startup: C:\Users\bakoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\bakoe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: 10.0.9.1:3128
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC374BB8A93B1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 05 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 06 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9 17 C:\Windows\SysWOW64\BfLLR.dll [196096] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 05 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 06 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 17 %SYSTEMROOT%\system32\BfLLR.dll [216064] (Bigfoot Networks, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default
FF NetworkProxy: "backup.ftp", "10.0.9.1"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.socks", "10.0.9.1"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "10.0.9.1"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "10.0.9.1"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "10.0.9.1"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "10.0.9.1"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "10.0.9.1"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Shop-Alarm - C:\Users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\Extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com
FF Extension: YouTube Unblocker - C:\Users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\Extensions\youtubeunblocker@unblocker.yt
FF Extension: IE Tab - C:\Users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF Extension: firebug - C:\Users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: FirePHPExtension-Build - C:\Users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\Extensions\FirePHPExtension-Build@firephp.org.xpi
FF Extension: jid1-93CWPmRbVPjRQA - C:\Users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi
FF Extension: omnibar - C:\Users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\Extensions\omnibar@ajitk.com.xpi
FF Extension: Stratiform - C:\Users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\Extensions\Stratiform@SoapySpew.xpi
FF Extension: thumbnailZoom - C:\Users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\Extensions\thumbnailZoom@dadler.github.com.xpi
FF Extension: YoutubeDownloader - C:\Users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi
FF Extension: No Name - C:\Users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\Extensions\{3f12f2e9-bff5-4585-8f63-ec28646678ed}.xpi
FF Extension: Adblock Plus - C:\Users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: prefs - C:\Users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\Extensions\{f96ac632-94e3-40b2-b69f-e349d35973df}.xpi
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\bakoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\bakoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\bakoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\bakoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\bakoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Hover Zoom) - C:\Users\bakoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.21_0
CHR Extension: (Gmail) - C:\Users\bakoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-07] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [33792 2011-02-15] ()
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [490496 2012-07-23] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
R2 Time; C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe [10752 2013-11-01] (Microsoft)
R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [327392 2012-01-14] ()
S2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [x]
S2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [x]
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [x]

==================== Drivers (Whitelisted) ====================

R3 Ak27x64; C:\Windows\System32\DRIVERS\Ak27x64.sys [3364720 2012-07-23] (Qualcomm Atheros, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-09-06] (Avira Operations GmbH & Co. KG)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [66928 2012-07-23] (Qualcomm Atheros, Inc.)
S3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [141824 2013-09-06] (Wireless Data Device)
S3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [123904 2013-09-06] (Wireless Device)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-06] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-09 09:23 - 2013-11-09 09:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-09 09:23 - 2013-11-09 09:44 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-09 09:23 - 2013-11-09 09:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-09 09:22 - 2013-11-09 09:44 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-09 09:20 - 2013-11-09 09:20 - 00003260 _____ C:\Users\bakoe\Desktop\RKreport[0]_S_11092013_092027.txt
2013-11-09 09:18 - 2013-11-09 09:20 - 00000000 ____D C:\Users\bakoe\Desktop\RK_Quarantine
2013-11-09 09:18 - 2013-11-09 09:18 - 04012032 _____ C:\Users\bakoe\Desktop\RogueKillerX64.exe
2013-11-09 09:12 - 2013-11-09 09:12 - 00000000 ____D C:\FRST
2013-11-09 09:11 - 2013-11-09 09:11 - 01957098 _____ (Farbar) C:\Users\bakoe\Desktop\FRST64.exe
2013-11-09 09:10 - 2013-11-09 09:10 - 00000168 _____ C:\Users\bakoe\defogger_reenable
2013-11-09 09:04 - 2013-11-09 09:04 - 00000378 _____ C:\Users\bakoe\Desktop\Note.txt
2013-11-08 15:55 - 2013-11-08 15:59 - 00000882 _____ C:\Users\Public\Desktop\SimCity 4.lnk
2013-11-08 15:50 - 2013-11-08 15:51 - 00276728 _____ C:\Windows\Minidump\110813-14102-01.dmp
2013-11-07 23:08 - 2013-11-07 23:08 - 00002030 _____ C:\Users\Public\Desktop\NetBeans IDE 7.4.lnk
2013-11-07 23:05 - 2013-11-08 14:55 - 00000000 ____D C:\Program Files\NetBeans 7.4
2013-11-07 23:03 - 2013-11-07 23:13 - 00000000 ____D C:\Users\bakoe\.nbi
2013-11-07 19:53 - 2013-11-07 19:53 - 00001939 _____ C:\Users\bakoe\Desktop\bwinfneu.java
2013-11-07 19:41 - 2013-11-07 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-07 19:34 - 2013-11-07 19:33 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-07 19:33 - 2013-11-07 19:33 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-07 19:33 - 2013-11-07 19:33 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-07 19:33 - 2013-11-07 19:33 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-07 19:32 - 2013-11-07 19:34 - 00000000 ____D C:\ProgramData\Oracle
2013-11-07 19:32 - 2013-11-07 19:32 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-07 19:32 - 2013-11-07 19:32 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-07 19:32 - 2013-11-07 19:32 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-07 19:32 - 2013-11-07 19:32 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-07 19:32 - 2013-11-07 19:32 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-07 19:17 - 2013-11-07 19:53 - 00007609 _____ C:\Users\bakoe\AppData\Local\Resmon.ResmonCfg
2013-11-06 16:27 - 2013-11-06 16:27 - 00276616 _____ C:\Windows\Minidump\110613-15022-01.dmp
2013-11-05 10:04 - 2013-11-05 10:04 - 00000000 ____D C:\Program Files (x86)\ParallelGraphics
2013-11-05 10:04 - 2013-11-05 10:04 - 00000000 ____D C:\Plugins
2013-11-05 10:03 - 2013-11-07 12:40 - 00000000 ____D C:\Program Files (x86)\Geometrie
2013-11-05 10:03 - 2013-11-05 10:08 - 00000102 _____ C:\Windows\WXPKEY.INC
2013-11-05 10:03 - 2013-11-05 10:03 - 00208896 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2013-11-05 10:03 - 2013-11-05 10:03 - 00074752 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2013-11-02 21:55 - 2013-11-05 10:14 - 00001764 _____ C:\Windows\Sandboxie.ini
2013-11-02 21:55 - 2013-11-02 21:55 - 00000905 _____ C:\Users\bakoe\Desktop\Sandboxed Web Browser.lnk
2013-11-02 21:55 - 2013-11-02 21:55 - 00000000 ____D C:\Program Files\Sandboxie
2013-11-01 18:57 - 2013-11-01 19:18 - 00000000 ____D C:\Users\bakoe\AppData\Local\CSDSteamBuild
2013-11-01 18:57 - 2013-11-01 18:57 - 00000539 _____ C:\Users\Public\Desktop\Cook Serve Delicious.lnk
2013-11-01 17:37 - 2013-11-01 17:37 - 00000737 _____ C:\Users\bakoe\Desktop\Slender The Arrival.lnk
2013-11-01 17:36 - 2013-11-01 17:36 - 00000000 ____D C:\Program Files (x86)\w
2013-11-01 14:04 - 2013-11-01 14:04 - 00276728 _____ C:\Windows\Minidump\110113-34398-01.dmp
2013-10-31 23:33 - 2013-10-31 23:33 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_tcwbf_01_09_00.Wdf
2013-10-31 23:33 - 2013-10-31 23:33 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2013-10-31 23:33 - 2013-10-31 23:33 - 00000000 ____D C:\Program Files\AuthenTec
2013-10-31 23:33 - 2012-07-26 05:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-31 23:33 - 2012-07-26 05:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-31 23:33 - 2012-07-26 03:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-10-31 23:33 - 2012-06-02 15:35 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-10-31 23:31 - 2012-07-26 04:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-10-31 23:31 - 2012-07-26 04:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-10-31 23:31 - 2012-07-26 04:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-10-31 23:31 - 2012-07-26 04:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-10-31 23:31 - 2012-07-26 04:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-10-31 23:31 - 2012-07-26 03:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-10-31 23:31 - 2012-07-26 03:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-10-31 23:31 - 2012-06-02 15:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-10-31 23:20 - 2012-12-07 14:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-10-31 23:20 - 2012-12-07 14:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-10-31 23:20 - 2012-12-07 13:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-10-31 23:20 - 2012-12-07 13:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-10-31 23:20 - 2012-12-07 12:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-10-31 23:20 - 2012-12-07 12:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-10-31 23:20 - 2012-12-07 12:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-10-31 23:20 - 2012-12-07 12:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-10-31 23:20 - 2012-12-07 12:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-10-31 23:20 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-10-31 23:20 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-10-31 23:20 - 2012-12-07 12:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-10-31 23:20 - 2012-12-07 12:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-10-31 23:20 - 2012-12-07 12:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-10-31 23:20 - 2012-12-07 12:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-10-31 23:20 - 2012-12-07 12:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-10-31 23:20 - 2012-12-07 12:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-10-31 23:20 - 2012-12-07 12:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-10-31 23:20 - 2012-12-07 11:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-10-31 23:20 - 2012-12-07 11:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-10-31 23:20 - 2012-12-07 11:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-10-31 23:20 - 2012-12-07 11:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-10-31 23:20 - 2012-12-07 11:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-10-31 23:20 - 2012-12-07 11:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-10-31 23:20 - 2012-12-07 11:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-10-31 23:20 - 2012-12-07 11:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-10-31 23:20 - 2012-12-07 11:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-10-31 23:20 - 2012-12-07 11:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-10-31 23:20 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-10-31 23:20 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-10-31 23:20 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-10-31 23:20 - 2012-12-07 11:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-10-31 23:20 - 2011-03-11 07:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2013-10-31 23:20 - 2011-03-11 07:41 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2013-10-31 23:20 - 2011-03-11 07:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2013-10-31 23:20 - 2011-03-11 07:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2013-10-31 23:20 - 2011-03-11 07:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2013-10-31 23:20 - 2011-03-11 07:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2013-10-31 23:20 - 2011-03-11 07:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2013-10-31 23:20 - 2011-03-11 07:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2013-10-31 23:20 - 2011-03-11 06:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-10-31 23:20 - 2011-03-11 06:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2013-10-31 23:20 - 2011-03-11 05:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-10-31 23:19 - 2013-01-24 07:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-10-31 23:19 - 2012-11-30 06:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-10-31 23:19 - 2012-11-30 06:45 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-31 23:19 - 2012-11-30 06:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-10-31 23:19 - 2012-11-30 06:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-10-31 23:19 - 2012-11-30 06:41 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-10-31 23:19 - 2012-11-30 06:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 06:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-10-31 23:19 - 2012-11-30 05:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 05:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 04:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-10-31 23:19 - 2012-11-30 03:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 03:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 03:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 03:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-10-31 23:19 - 2012-11-30 00:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls
2013-10-31 23:19 - 2012-11-30 00:15 - 00420064 _____ C:\Windows\system32\locale.nls
2013-10-31 23:19 - 2012-11-22 06:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-10-31 23:19 - 2012-11-22 05:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-10-31 23:19 - 2012-08-02 18:58 - 00574464 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-31 23:19 - 2012-08-02 17:57 - 00490496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-31 23:19 - 2012-05-05 09:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-10-31 23:19 - 2012-05-05 08:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-10-31 23:19 - 2012-05-01 06:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2013-10-31 23:19 - 2012-04-07 13:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2013-10-31 23:19 - 2012-04-07 12:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2013-10-31 23:19 - 2012-01-04 11:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2013-10-31 23:19 - 2012-01-04 09:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2013-10-31 23:19 - 2011-12-30 07:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2013-10-31 23:19 - 2011-12-30 06:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2013-10-31 23:19 - 2011-06-16 06:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2013-10-31 23:19 - 2011-06-16 05:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2013-10-31 23:19 - 2011-05-04 06:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2013-10-31 23:19 - 2011-05-04 06:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2013-10-31 23:19 - 2011-05-04 06:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2013-10-31 23:19 - 2011-05-04 06:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2013-10-31 23:19 - 2011-05-04 06:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2013-10-31 23:19 - 2011-05-04 06:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2013-10-31 23:19 - 2011-05-04 06:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2013-10-31 23:19 - 2011-05-04 06:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2013-10-31 23:19 - 2011-05-04 06:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2013-10-31 23:19 - 2011-05-04 05:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-10-31 23:19 - 2011-05-04 05:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-10-31 23:19 - 2011-05-04 05:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-10-31 23:19 - 2011-05-04 05:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-10-31 23:19 - 2011-05-04 05:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-10-31 23:19 - 2011-05-04 05:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2013-10-31 23:19 - 2011-05-04 05:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-10-31 23:19 - 2011-05-04 05:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-10-31 23:19 - 2011-05-04 05:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-10-31 23:19 - 2011-04-22 23:15 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2013-10-31 23:19 - 2011-03-25 04:29 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-31 23:19 - 2011-03-25 04:29 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-31 23:19 - 2011-03-25 04:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-31 23:19 - 2011-03-25 04:29 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-31 23:19 - 2011-03-25 04:29 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-31 23:19 - 2011-03-25 04:29 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-31 23:19 - 2011-03-25 04:28 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-31 23:19 - 2011-03-12 13:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-10-31 23:19 - 2011-03-12 12:23 - 00870912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-10-31 23:19 - 2011-02-25 07:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-10-31 23:19 - 2011-02-25 06:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2013-10-31 23:19 - 2011-02-24 07:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-10-31 23:19 - 2011-02-24 06:38 - 00288256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-10-31 23:19 - 2011-02-19 13:05 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-31 23:19 - 2011-02-19 13:04 - 00902656 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-31 23:19 - 2011-02-19 07:30 - 00739840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-31 23:19 - 2011-02-18 11:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2013-10-31 23:19 - 2011-02-18 06:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2013-10-31 23:19 - 2011-01-17 12:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-31 23:19 - 2011-01-17 06:47 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-31 23:14 - 2012-02-11 07:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-10-31 23:14 - 2012-02-11 07:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-10-31 22:57 - 2010-02-23 09:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2013-10-31 22:34 - 2013-10-31 22:34 - 00000000 ____D C:\Windows\system32\SPReview
2013-10-29 12:33 - 2013-10-29 12:33 - 00001800 _____ C:\Users\bakoe\Desktop\Photomatix Pro 4.1.4 (64-bit).lnk
2013-10-29 12:33 - 2013-10-29 12:33 - 00000000 ____D C:\Users\bakoe\AppData\Roaming\HDRsoft
2013-10-29 12:33 - 2013-10-29 12:33 - 00000000 ____D C:\Program Files\PhotomatixPro4
2013-10-26 19:06 - 2013-10-26 19:06 - 00276616 _____ C:\Windows\Minidump\102613-20061-01.dmp
2013-10-22 21:31 - 2013-10-22 21:32 - 00000000 ____D C:\Program Files (x86)\MOUSE Editor
2013-10-21 04:10 - 2013-10-21 04:11 - 00000686 _____ C:\Users\bakoe\Desktop\Battlefield 2.lnk
2013-10-21 01:42 - 2013-10-21 02:14 - 00000000 ____D C:\ProgramData\TrackMania
2013-10-20 17:11 - 2013-10-20 17:11 - 00001616 _____ C:\Users\Public\Desktop\King Arthur's Gold Beta.lnk
2013-10-20 11:03 - 2013-10-20 11:03 - 00276560 _____ C:\Windows\Minidump\102013-25272-01.dmp
2013-10-20 10:43 - 2013-10-20 10:43 - 00276616 _____ C:\Windows\Minidump\102013-16114-01.dmp
2013-10-19 18:02 - 2013-10-19 18:02 - 00000000 ____D C:\Users\bakoe\AppData\Roaming\AHR Software
2013-10-19 15:43 - 2013-10-19 15:43 - 00000000 ____D C:\Users\bakoe\AppData\Local\Nem's Tools
2013-10-18 22:29 - 2013-10-18 22:29 - 00002954 _____ C:\Windows\System32\Tasks\{EC7193CE-B048-4406-AD7D-57AED5E23AA7}
2013-10-18 22:28 - 2013-10-18 22:28 - 00002954 _____ C:\Windows\System32\Tasks\{181AC2A6-24C5-49A1-88C8-446A93EE6AC3}
2013-10-18 22:27 - 2013-10-18 22:27 - 00002954 _____ C:\Windows\System32\Tasks\{2BC9ADB4-0D25-47EF-9790-32D1C80D7F5E}
2013-10-18 22:27 - 2013-10-18 22:27 - 00002954 _____ C:\Windows\System32\Tasks\{25C371F8-173C-4472-A75C-2FE5F77BDFD9}
2013-10-18 22:22 - 2013-10-18 22:31 - 00001625 _____ C:\Users\bakoe\Desktop\RollerCoaster Tycoon 2.lnk
2013-10-18 21:46 - 2013-10-18 21:46 - 00000000 ___RD C:\Sandbox
2013-10-18 21:36 - 2013-10-18 21:42 - 00000000 ____D C:\Users\bakoe\AppData\Roaming\HandBrake
2013-10-18 21:36 - 2013-10-18 21:36 - 00000833 _____ C:\Users\bakoe\Desktop\Handbrake.lnk
2013-10-18 21:36 - 2013-10-18 21:36 - 00000000 ____D C:\Users\bakoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2013-10-18 21:36 - 2013-10-18 21:36 - 00000000 ____D C:\Program Files\Handbrake
2013-10-18 21:08 - 2013-10-18 21:08 - 00276616 _____ C:\Windows\Minidump\101813-15943-01.dmp
2013-10-18 20:43 - 2013-10-18 20:43 - 00003080 _____ C:\Windows\System32\Tasks\{84C731E5-C6A6-41B5-80B2-4A2B9141D8B6}
2013-10-18 20:38 - 1999-05-29 09:54 - 00045568 _____ C:\Windows\UniFish3.exe
2013-10-18 20:11 - 2013-10-19 09:22 - 00000000 ____D C:\Users\bakoe\Desktop\Tine
2013-10-14 16:41 - 2013-10-14 16:41 - 00030219 _____ C:\Windows\SysWOW64\hs_err_pid3904.log
2013-10-10 18:00 - 2013-10-10 18:00 - 00276616 _____ C:\Windows\Minidump\101013-21465-01.dmp

==================== One Month Modified Files and Folders =======

2013-11-09 09:58 - 2013-09-07 08:33 - 00000000 ____D C:\Users\bakoe\AppData\Roaming\FileZilla
2013-11-09 09:53 - 2013-11-09 09:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-09 09:51 - 2009-07-14 05:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-09 09:51 - 2009-07-14 05:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-09 09:47 - 2013-09-05 23:48 - 01615219 _____ C:\Windows\WindowsUpdate.log
2013-11-09 09:45 - 2013-09-22 00:44 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-09 09:44 - 2013-11-09 09:23 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-09 09:44 - 2013-11-09 09:22 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-09 09:44 - 2013-09-09 07:17 - 00000000 ____D C:\Users\bakoe\AppData\Roaming\Dropbox
2013-11-09 09:43 - 2013-09-22 00:44 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-09 09:43 - 2013-09-07 11:24 - 00020748 _____ C:\Windows\setupact.log
2013-11-09 09:43 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-09 09:41 - 2013-09-21 14:33 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-11-09 09:23 - 2013-11-09 09:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-09 09:20 - 2013-11-09 09:20 - 00003260 _____ C:\Users\bakoe\Desktop\RKreport[0]_S_11092013_092027.txt
2013-11-09 09:20 - 2013-11-09 09:18 - 00000000 ____D C:\Users\bakoe\Desktop\RK_Quarantine
2013-11-09 09:18 - 2013-11-09 09:18 - 04012032 _____ C:\Users\bakoe\Desktop\RogueKillerX64.exe
2013-11-09 09:12 - 2013-11-09 09:12 - 00000000 ____D C:\FRST
2013-11-09 09:11 - 2013-11-09 09:11 - 01957098 _____ (Farbar) C:\Users\bakoe\Desktop\FRST64.exe
2013-11-09 09:10 - 2013-11-09 09:10 - 00000168 _____ C:\Users\bakoe\defogger_reenable
2013-11-09 09:10 - 2013-09-05 23:52 - 00000000 ____D C:\Users\bakoe
2013-11-09 09:04 - 2013-11-09 09:04 - 00000378 _____ C:\Users\bakoe\Desktop\Note.txt
2013-11-09 07:09 - 2013-09-06 22:57 - 00000000 ____D C:\Users\bakoe\AppData\Local\Adobe
2013-11-08 15:59 - 2013-11-08 15:55 - 00000882 _____ C:\Users\Public\Desktop\SimCity 4.lnk
2013-11-08 15:51 - 2013-11-08 15:50 - 00276728 _____ C:\Windows\Minidump\110813-14102-01.dmp
2013-11-08 15:50 - 2013-09-07 10:52 - 00000000 ____D C:\Windows\Minidump
2013-11-08 15:46 - 2013-09-11 08:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-08 14:55 - 2013-11-07 23:05 - 00000000 ____D C:\Program Files\NetBeans 7.4
2013-11-07 23:13 - 2013-11-07 23:03 - 00000000 ____D C:\Users\bakoe\.nbi
2013-11-07 23:13 - 2013-09-06 00:31 - 00000000 ____D C:\Users\bakoe\AppData\Roaming\NetBeans
2013-11-07 23:08 - 2013-11-07 23:08 - 00002030 _____ C:\Users\Public\Desktop\NetBeans IDE 7.4.lnk
2013-11-07 23:08 - 2013-11-07 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-07 23:04 - 2013-09-06 00:19 - 00000000 ____D C:\Program Files\Java
2013-11-07 19:53 - 2013-11-07 19:53 - 00001939 _____ C:\Users\bakoe\Desktop\bwinfneu.java
2013-11-07 19:53 - 2013-11-07 19:17 - 00007609 _____ C:\Users\bakoe\AppData\Local\Resmon.ResmonCfg
2013-11-07 19:34 - 2013-11-07 19:32 - 00000000 ____D C:\ProgramData\Oracle
2013-11-07 19:33 - 2013-11-07 19:34 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-07 19:33 - 2013-11-07 19:33 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-07 19:33 - 2013-11-07 19:33 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-07 19:33 - 2013-11-07 19:33 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-07 19:32 - 2013-11-07 19:32 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-07 19:32 - 2013-11-07 19:32 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-07 19:32 - 2013-11-07 19:32 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-07 19:32 - 2013-11-07 19:32 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-07 19:32 - 2013-11-07 19:32 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-07 19:16 - 2009-07-14 18:58 - 00697082 _____ C:\Windows\system32\perfh007.dat
2013-11-07 19:16 - 2009-07-14 18:58 - 00148346 _____ C:\Windows\system32\perfc007.dat
2013-11-07 19:16 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-07 12:40 - 2013-11-05 10:03 - 00000000 ____D C:\Program Files (x86)\Geometrie
2013-11-06 16:27 - 2013-11-06 16:27 - 00276616 _____ C:\Windows\Minidump\110613-15022-01.dmp
2013-11-05 10:14 - 2013-11-02 21:55 - 00001764 _____ C:\Windows\Sandboxie.ini
2013-11-05 10:08 - 2013-11-05 10:03 - 00000102 _____ C:\Windows\WXPKEY.INC
2013-11-05 10:04 - 2013-11-05 10:04 - 00000000 ____D C:\Program Files (x86)\ParallelGraphics
2013-11-05 10:04 - 2013-11-05 10:04 - 00000000 ____D C:\Plugins
2013-11-05 10:03 - 2013-11-05 10:03 - 00208896 ____N (Microsoft Corporation) C:\Windows\Setup1.exe
2013-11-05 10:03 - 2013-11-05 10:03 - 00074752 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2013-11-05 10:03 - 2013-09-05 23:52 - 00000000 ___RD C:\Users\bakoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-04 15:05 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-04 09:17 - 2013-09-06 12:43 - 00000146 _____ C:\Users\bakoe\Desktop\Zugaenge.txt
2013-11-02 21:55 - 2013-11-02 21:55 - 00000905 _____ C:\Users\bakoe\Desktop\Sandboxed Web Browser.lnk
2013-11-02 21:55 - 2013-11-02 21:55 - 00000000 ____D C:\Program Files\Sandboxie
2013-11-02 19:00 - 2013-09-06 22:57 - 00000000 ____D C:\Users\bakoe\AppData\Roaming\Adobe
2013-11-02 19:00 - 2013-09-06 10:16 - 00000000 ____D C:\ProgramData\Adobe
2013-11-02 17:41 - 2013-09-09 07:22 - 00001029 _____ C:\Users\bakoe\Desktop\Dropbox.lnk
2013-11-02 17:41 - 2013-09-09 07:19 - 00000000 ____D C:\Users\bakoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-11-01 19:18 - 2013-11-01 18:57 - 00000000 ____D C:\Users\bakoe\AppData\Local\CSDSteamBuild
2013-11-01 19:06 - 2013-09-06 00:31 - 00000000 ____D C:\Users\bakoe\AppData\Roaming\vlc
2013-11-01 18:57 - 2013-11-01 18:57 - 00000539 _____ C:\Users\Public\Desktop\Cook Serve Delicious.lnk
2013-11-01 17:37 - 2013-11-01 17:37 - 00000737 _____ C:\Users\bakoe\Desktop\Slender The Arrival.lnk
2013-11-01 17:36 - 2013-11-01 17:36 - 00000000 ____D C:\Program Files (x86)\w
2013-11-01 17:29 - 2013-09-07 08:31 - 00000000 ____D C:\Program Files\Sublime Text 2
2013-11-01 17:28 - 2009-07-14 05:45 - 05014656 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-01 17:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-11-01 17:15 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-01 15:25 - 2013-09-06 00:35 - 00093856 _____ C:\Users\bakoe\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-01 14:04 - 2013-11-01 14:04 - 00276728 _____ C:\Windows\Minidump\110113-34398-01.dmp
2013-10-31 23:35 - 2013-09-14 23:59 - 00008528 _____ C:\Windows\IE9_main.log
2013-10-31 23:35 - 2013-09-06 23:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-31 23:33 - 2013-10-31 23:33 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_tcwbf_01_09_00.Wdf
2013-10-31 23:33 - 2013-10-31 23:33 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2013-10-31 23:33 - 2013-10-31 23:33 - 00000000 ____D C:\Program Files\AuthenTec
2013-10-31 23:33 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2013-10-31 23:28 - 2013-09-06 06:39 - 01591234 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-31 23:05 - 2013-10-05 12:17 - 00000000 ___RD C:\Users\bakoe\Podcasts
2013-10-31 23:05 - 2013-09-05 23:52 - 00000000 ___RD C:\Users\bakoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-31 23:03 - 2013-09-06 00:42 - 00094874 _____ C:\Windows\PFRO.log
2013-10-31 23:02 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-10-31 22:58 - 2013-09-23 07:21 - 00439944 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-10-31 22:56 - 2013-09-15 00:40 - 00000000 ____D C:\Windows\system32\MRT
2013-10-31 22:55 - 2013-09-15 00:39 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-31 22:55 - 2013-09-07 08:56 - 00001912 _____ C:\Windows\epplauncher.mif
2013-10-31 22:54 - 2013-09-07 08:56 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-31 22:54 - 2013-09-07 08:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-10-31 22:42 - 2009-07-14 19:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-10-31 22:42 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-10-31 22:42 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-10-31 22:42 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-10-31 22:42 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-10-31 22:42 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-10-31 22:42 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-10-31 22:42 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-10-31 22:42 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-10-31 22:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2013-10-31 22:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-10-31 22:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-10-31 22:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-10-31 22:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-10-31 22:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-10-31 22:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-10-31 22:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sppui
2013-10-31 22:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Setup
2013-10-31 22:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\oobe
2013-10-31 22:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\migwiz
2013-10-31 22:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\manifeststore
2013-10-31 22:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Dism
2013-10-31 22:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2013-10-31 22:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2013-10-31 22:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-10-31 22:37 - 2009-07-14 03:36 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2013-10-31 22:37 - 2009-07-14 03:36 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2013-10-31 22:34 - 2013-10-31 22:34 - 00000000 ____D C:\Windows\system32\SPReview
2013-10-29 12:33 - 2013-10-29 12:33 - 00001800 _____ C:\Users\bakoe\Desktop\Photomatix Pro 4.1.4 (64-bit).lnk
2013-10-29 12:33 - 2013-10-29 12:33 - 00000000 ____D C:\Users\bakoe\AppData\Roaming\HDRsoft
2013-10-29 12:33 - 2013-10-29 12:33 - 00000000 ____D C:\Program Files\PhotomatixPro4
2013-10-26 19:37 - 2013-09-07 14:54 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-10-26 19:08 - 2013-09-21 12:32 - 00000000 ____D C:\Users\bakoe\Desktop\Tools
2013-10-26 19:06 - 2013-10-26 19:06 - 00276616 _____ C:\Windows\Minidump\102613-20061-01.dmp
2013-10-22 21:32 - 2013-10-22 21:31 - 00000000 ____D C:\Program Files (x86)\MOUSE Editor
2013-10-22 21:31 - 2013-09-06 00:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-21 19:45 - 2013-09-29 13:30 - 00000000 ____D C:\Program Files (x86)\MiKTeX 2.9
2013-10-21 04:11 - 2013-10-21 04:10 - 00000686 _____ C:\Users\bakoe\Desktop\Battlefield 2.lnk
2013-10-21 04:03 - 2013-09-21 10:48 - 00000000 ____D C:\Users\bakoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-21 03:22 - 2013-10-07 20:39 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-10-21 03:22 - 2013-10-05 14:45 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-21 02:14 - 2013-10-21 01:42 - 00000000 ____D C:\ProgramData\TrackMania
2013-10-20 19:26 - 2013-10-05 14:45 - 00271200 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-20 18:42 - 2013-10-07 20:39 - 00000000 ____D C:\Users\bakoe\AppData\Local\PunkBuster
2013-10-20 17:11 - 2013-10-20 17:11 - 00001616 _____ C:\Users\Public\Desktop\King Arthur's Gold Beta.lnk
2013-10-20 17:11 - 2013-09-06 10:31 - 00000000 ____D C:\Games
2013-10-20 17:07 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-10-20 17:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\spool
2013-10-20 11:03 - 2013-10-20 11:03 - 00276560 _____ C:\Windows\Minidump\102013-25272-01.dmp
2013-10-20 10:43 - 2013-10-20 10:43 - 00276616 _____ C:\Windows\Minidump\102013-16114-01.dmp
2013-10-19 18:02 - 2013-10-19 18:02 - 00000000 ____D C:\Users\bakoe\AppData\Roaming\AHR Software
2013-10-19 15:43 - 2013-10-19 15:43 - 00000000 ____D C:\Users\bakoe\AppData\Local\Nem's Tools
2013-10-19 09:22 - 2013-10-18 20:11 - 00000000 ____D C:\Users\bakoe\Desktop\Tine
2013-10-19 08:20 - 2013-09-22 00:46 - 00002192 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-18 22:31 - 2013-10-18 22:22 - 00001625 _____ C:\Users\bakoe\Desktop\RollerCoaster Tycoon 2.lnk
2013-10-18 22:29 - 2013-10-18 22:29 - 00002954 _____ C:\Windows\System32\Tasks\{EC7193CE-B048-4406-AD7D-57AED5E23AA7}
2013-10-18 22:28 - 2013-10-18 22:28 - 00002954 _____ C:\Windows\System32\Tasks\{181AC2A6-24C5-49A1-88C8-446A93EE6AC3}
2013-10-18 22:27 - 2013-10-18 22:27 - 00002954 _____ C:\Windows\System32\Tasks\{2BC9ADB4-0D25-47EF-9790-32D1C80D7F5E}
2013-10-18 22:27 - 2013-10-18 22:27 - 00002954 _____ C:\Windows\System32\Tasks\{25C371F8-173C-4472-A75C-2FE5F77BDFD9}
2013-10-18 21:46 - 2013-10-18 21:46 - 00000000 ___RD C:\Sandbox
2013-10-18 21:42 - 2013-10-18 21:36 - 00000000 ____D C:\Users\bakoe\AppData\Roaming\HandBrake
2013-10-18 21:36 - 2013-10-18 21:36 - 00000833 _____ C:\Users\bakoe\Desktop\Handbrake.lnk
2013-10-18 21:36 - 2013-10-18 21:36 - 00000000 ____D C:\Users\bakoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2013-10-18 21:36 - 2013-10-18 21:36 - 00000000 ____D C:\Program Files\Handbrake
2013-10-18 21:08 - 2013-10-18 21:08 - 00276616 _____ C:\Windows\Minidump\101813-15943-01.dmp
2013-10-18 20:43 - 2013-10-18 20:43 - 00003080 _____ C:\Windows\System32\Tasks\{84C731E5-C6A6-41B5-80B2-4A2B9141D8B6}
2013-10-15 13:40 - 2013-09-22 00:44 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-15 13:40 - 2013-09-22 00:44 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-14 16:41 - 2013-10-14 16:41 - 00030219 _____ C:\Windows\SysWOW64\hs_err_pid3904.log
2013-10-10 18:00 - 2013-10-10 18:00 - 00276616 _____ C:\Windows\Minidump\101013-21465-01.dmp

Some content of TEMP:
====================
C:\Users\bakoe\AppData\Local\Temp\AutoRun.exe
C:\Users\bakoe\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\bakoe\AppData\Local\Temp\CmdLineExt01.dll
C:\Users\bakoe\AppData\Local\Temp\nircmd.exe
C:\Users\bakoe\AppData\Local\Temp\ntdll_dump.dll
C:\Users\bakoe\AppData\Local\Temp\sfamcc00001.dll
C:\Users\bakoe\AppData\Local\Temp\SIntf16.dll
C:\Users\bakoe\AppData\Local\Temp\SIntf32.dll
C:\Users\bakoe\AppData\Local\Temp\SIntfNT.dll
C:\Users\bakoe\AppData\Local\Temp\wget.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-01 16:06

==================== End Of Log ============================
         
Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by bakoe at 2013-11-09 09:59:12
Running from C:\Users\bakoe\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 6.2.1)
7 Days to Die - Alpha version 1.1 (x32 Version: 1.1)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Creative Suite 6 Master Collection (x32 Version: 6)
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
AIO_CDB_ProductContext (x32 Version: 130.0.365.000)
AIO_CDB_Software (x32 Version: 130.0.365.000)
AIO_Scan (x32 Version: 130.0.421.000)
AMD Accelerated Video Transcoding (Version: 13.10.100.30604)
AMD Catalyst Control Center (x32 Version: 2013.0604.1838.31590)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.80604.1838)
AMD Wireless Display v3.0 (Version: 1.0.0.12)
ANNO 1404 - Königsedition (x32 Version: 3.10.0000)
Apple Application Support (x32 Version: 2.2.2)
Apple Software Update (x32 Version: 2.1.3.127)
ArmA 2 Free Uninstall (x32)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite MFC-J6710DW (x32 Version: 2.0.0.0)
BufferChm (x32 Version: 130.0.331.000)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0604.1838.31590)
Catalyst Control Center InstallProxy (x32 Version: 2013.0604.1838.31590)
Catalyst Control Center Localization All (x32 Version: 2013.0604.1838.31590)
CCC Help Chinese Standard (x32 Version: 2013.0604.1837.31590)
CCC Help Chinese Traditional (x32 Version: 2013.0604.1837.31590)
CCC Help Czech (x32 Version: 2013.0604.1837.31590)
CCC Help Danish (x32 Version: 2013.0604.1837.31590)
CCC Help Dutch (x32 Version: 2013.0604.1837.31590)
CCC Help English (x32 Version: 2013.0604.1837.31590)
CCC Help Finnish (x32 Version: 2013.0604.1837.31590)
CCC Help French (x32 Version: 2013.0604.1837.31590)
CCC Help German (x32 Version: 2013.0604.1837.31590)
CCC Help Greek (x32 Version: 2013.0604.1837.31590)
CCC Help Hungarian (x32 Version: 2013.0604.1837.31590)
CCC Help Italian (x32 Version: 2013.0604.1837.31590)
CCC Help Japanese (x32 Version: 2013.0604.1837.31590)
CCC Help Korean (x32 Version: 2013.0604.1837.31590)
CCC Help Norwegian (x32 Version: 2013.0604.1837.31590)
CCC Help Polish (x32 Version: 2013.0604.1837.31590)
CCC Help Portuguese (x32 Version: 2013.0604.1837.31590)
CCC Help Russian (x32 Version: 2013.0604.1837.31590)
CCC Help Spanish (x32 Version: 2013.0604.1837.31590)
CCC Help Swedish (x32 Version: 2013.0604.1837.31590)
CCC Help Thai (x32 Version: 2013.0604.1837.31590)
CCC Help Turkish (x32 Version: 2013.0604.1837.31590)
ccc-utility64 (Version: 2013.0604.1838.31590)
Cook Serve Delicious (x32 Version: 1)
Copy (x32 Version: 130.0.428.000)
Cortona® VRML Client (x32 Version: 4.2.0.93)
Counter-Strike: Global Offensive (x32)
DAEMON Tools Lite (x32 Version: 4.47.1.0337)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 130.0.465.000)
DocProc (x32 Version: 13.0.0.0)
Dropbox (HKCU Version: 2.4.6)
DS2 All*Saves v2 (x32 Version: 2)
DS2BW All*Saves v2 (x32 Version: 2)
Dungeon Defenders (x32)
Dungeon Siege 2 (x32)
Dungeon Siege 2 Broken World (x32 Version: 1.00.0000)
Dungeon Siege Legends of Aranna (x32)
Far Cry 3 (x32 Version: 1.01)
Fax (x32 Version: 130.0.418.000)
FileZilla Client 3.7.3 (x32 Version: 3.7.3)
GeoStar 3D (x32)
GitHub (HKCU Version: 1.1.1.0)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
GPBaseService2 (x32 Version: 130.0.371.000)
HandBrake 0.9.9.1 (x32 Version: 0.9.9.1)
Hotkey 3.3040 (x32 Version: 3.3040)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (x32 Version: 4.000.011.006)
HPPhotoGadget (x32 Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000)
HPPhotosmartEssential (x32 Version: 2.04.0000)
HPProductAssistant (x32 Version: 130.0.371.000)
HPSSupply (x32 Version: 130.0.371.000)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java SE Development Kit 7 Update 45 (64-bit) (Version: 1.7.0.450)
JMicron Ethernet Adapter NDIS Driver (x32 Version: 6.0.26.6)
JMicron Flash Media Controller Driver (x32 Version: 1.0.62.0)
King Arthur's Gold Beta (x32 Version: 0.95.590.0)
K-Lite Mega Codec Pack 9.8.0 (x32 Version: 9.8.0)
MakeMKV v1.8.5 (x32 Version: v1.8.5)
ManiaPlanet (x32)
MarketResearch (x32 Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Camera Codec Pack (Version: 16.4.1620.0719)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
MiKTeX 2.9 (x32 Version: 2.9)
MotioninJoy Gamepad tool 0.7.1001 (Version: 0.7.1001)
Mouse Editor (x32 Version: 12.08.0006)
MOUSE Editor (x32 Version: 12.08.0006)
Mozilla Firefox 25.0 (x86 de) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
NetBeans IDE 7.4 (Version: 7.4)
Network64 (Version: 130.0.572.000)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
PDF Settings CS6 (x32 Version: 11.0)
Photomatix Pro version 4.1.4 (Version: 4.1.4)
PNGGauntlet (x32 Version: 3.1.1)
PunkBuster Services (x32 Version: 0.993)
Qualcomm Atheros Killer Network Manager (Version: 6.1.0.395)
Qualcomm Atheros Killer Network Manager (x32 Version: 6.1.0.395)
Qubicle Constructor Basic Edition version 1.6 (x32 Version: 1.6)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.39.0)
RollerCoaster Tycoon 2 (x32)
Sandboxie 4.06 (64-bit) (Version: 4.06)
Scan (x32 Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
SimCity 4 (x32)
Skype™ 6.7 (x32 Version: 6.7.102)
Slender The Arrival (x32 Version: 2.0.0.0)
SmartWebPrinting (x32 Version: 130.0.457.000)
SolutionCenter (x32 Version: 130.0.373.000)
SpeedFan (remove only) (x32)
Status (x32 Version: 130.0.469.000)
Steam (x32 Version: 1.0.0.0)
Sublime Text 2.0.2
Synaptics Pointing Device Driver (Version: 15.0.8.0)
Texmaker (x32)
THX TruStudio Pro (x32 Version: TAMB-CVS1D-1-LB R07)
TmUnitedForever Update 2010-03-15 (x32)
Toolbox (x32 Version: 130.0.648.000)
TOU (x32)
TrayApp (x32 Version: 130.0.422.000)
Ultimate Control version 1.2 (x32 Version: 1.2)
UnloadSupport (x32 Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition
VLC media player 2.0.8 (x32 Version: 2.0.8)
WebReg (x32 Version: 130.0.132.017)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
XSManager (x32 Version: 3.0)
yEd Graph Editor 3.10.1 (x32 Version: 3.10.1)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

==================== Restore Points  =========================

09-11-2013 07:33:57 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-11-02 19:59 - 00003133 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost


==================== Scheduled Tasks (whitelisted) =============

Task: {20E42896-7016-43BF-AAC6-E1D3797C0081} - System32\Tasks\{25C371F8-173C-4472-A75C-2FE5F77BDFD9} => C:\Games\RollerCoaster Tycoon 2\rct2.exe [2002-10-14] ()
Task: {38592739-7561-4F3E-B054-BE6832A60EBA} - System32\Tasks\{2BC9ADB4-0D25-47EF-9790-32D1C80D7F5E} => C:\Games\RollerCoaster Tycoon 2\rct2.exe [2002-10-14] ()
Task: {488789CF-B8BC-42E5-8150-70F308F0192A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-22] (Google Inc.)
Task: {52AE57F6-46A6-444B-8C1A-B08E4A709009} - System32\Tasks\{EC7193CE-B048-4406-AD7D-57AED5E23AA7} => C:\Games\RollerCoaster Tycoon 2\rct2.exe [2002-10-14] ()
Task: {8FE47B67-B480-4508-AE72-315C8F83A999} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-22] (Google Inc.)
Task: {917F4F15-9AFC-45E3-9870-FBC5E664CE95} - System32\Tasks\AdobeAAMUpdater-1.0-bakoe-laptop-bakoe => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {F24B70A0-0E34-4FA5-A066-FAB6DE7EE15F} - System32\Tasks\{181AC2A6-24C5-49A1-88C8-446A93EE6AC3} => C:\Games\RollerCoaster Tycoon 2\rct2.exe [2002-10-14] ()
Task: {F30A591B-A727-4201-ACD8-04899E01995A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-05-09 19:46 - 2011-05-09 19:46 - 02760192 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtCore4.dll
2011-05-09 19:56 - 2011-05-09 19:56 - 09856000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtGui4.dll
2011-05-09 19:47 - 2011-05-09 19:47 - 00416256 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtXml4.dll
2012-07-23 15:36 - 2012-07-23 15:36 - 00217600 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFCommon.dll
2011-05-10 11:32 - 2011-05-10 11:32 - 00731648 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\qwt5.dll
2011-05-09 19:48 - 2011-05-09 19:48 - 00990720 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtNetwork4.dll
2013-09-17 12:40 - 2010-03-16 00:04 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2011-03-16 23:07 - 2011-03-16 23:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-12-02 10:56 - 2010-12-02 10:56 - 00815104 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll
2011-01-09 13:45 - 2011-01-09 13:45 - 00088064 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_MouseDeviceManager.dll
2012-06-14 08:59 - 2012-06-14 08:59 - 02414080 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll
2012-05-17 04:17 - 2012-05-17 04:17 - 01000448 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
2010-09-20 07:18 - 2010-09-20 07:18 - 00085504 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ZoomControl.dll
2010-09-20 07:18 - 2010-09-20 07:18 - 00054272 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ScrollbarControl.dll
2011-04-12 08:14 - 2011-04-12 08:14 - 00063488 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInRight.dll
2010-11-01 13:16 - 2010-11-01 13:16 - 00062976 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInOne.dll
2012-04-27 04:40 - 2012-04-27 04:40 - 00118272 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_Wheel4D.dll
2009-06-06 13:50 - 2009-06-06 13:50 - 00019968 _____ () C:\Program Files (x86)\Hotkey\Audiodll.dll
2013-10-05 12:30 - 2010-11-01 16:34 - 00159744 ____N () C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\de-DE\THXAudio.resources.dll
2013-11-01 17:36 - 2013-11-01 17:36 - 01311275 _____ () C:\ProgramData\Microsoft\Windows\Time\numpy.core.multiarray.pyd
2013-11-01 17:36 - 2013-11-01 17:36 - 00410432 _____ () C:\ProgramData\Microsoft\Windows\Time\numpy.core.umath.pyd
2013-11-01 17:36 - 2013-11-01 17:36 - 02222455 _____ () C:\ProgramData\Microsoft\Windows\Time\numpy.core._dotblas.pyd
2013-11-01 17:36 - 2013-11-01 17:36 - 00174793 _____ () C:\ProgramData\Microsoft\Windows\Time\numpy.core.scalarmath.pyd
2013-11-01 17:36 - 2013-11-01 17:36 - 00041019 _____ () C:\ProgramData\Microsoft\Windows\Time\numpy.lib._compiled_base.pyd
2013-11-01 17:36 - 2013-11-01 17:36 - 02382083 _____ () C:\ProgramData\Microsoft\Windows\Time\numpy.linalg.lapack_lite.pyd
2013-11-01 17:36 - 2013-11-01 17:36 - 00046383 _____ () C:\ProgramData\Microsoft\Windows\Time\numpy.fft.fftpack_lite.pyd
2013-11-01 17:36 - 2013-11-01 17:36 - 00515437 _____ () C:\ProgramData\Microsoft\Windows\Time\numpy.random.mtrand.pyd
2013-11-01 17:36 - 2013-11-01 17:36 - 00074240 _____ () C:\ProgramData\Microsoft\Windows\Time\_ctypes.pyd
2013-11-01 17:36 - 2013-11-01 17:36 - 00040960 _____ () C:\ProgramData\Microsoft\Windows\Time\_socket.pyd
2013-11-01 17:36 - 2013-11-01 17:36 - 00285184 _____ () C:\ProgramData\Microsoft\Windows\Time\_hashlib.pyd
2013-11-01 17:36 - 2013-11-01 17:36 - 00009728 _____ () C:\ProgramData\Microsoft\Windows\Time\select.pyd
2013-11-01 17:36 - 2013-11-01 17:36 - 00577536 _____ () C:\ProgramData\Microsoft\Windows\Time\pyopencl._cl.pyd
2013-11-01 17:36 - 2013-11-01 17:36 - 00219648 _____ () C:\ProgramData\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\bakoe\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-07 19:41 - 2013-11-07 19:41 - 03368048 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00018207 _____ () C:\Program Files (x86)\FileZilla FTP Client\mingwm10.dll
2012-09-23 19:43 - 2012-09-23 19:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: hp LaserJet 1320 series
Description: hp LaserJet 1320 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: hp LaserJet 1320 series
Description: hp LaserJet 1320 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: hp LaserJet 1320 series
Description: hp LaserJet 1320 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: hp LaserJet 1320 series
Description: hp LaserJet 1320 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: hp LaserJet 1320 series
Description: hp LaserJet 1320 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: hp LaserJet 1320 series
Description: hp LaserJet 1320 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/09/2013 07:04:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16162

Error: (11/09/2013 07:04:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16162

Error: (11/09/2013 07:04:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/09/2013 07:04:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15164

Error: (11/09/2013 07:04:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15164

Error: (11/09/2013 07:04:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/09/2013 07:04:16 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14150

Error: (11/09/2013 07:04:16 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14150

Error: (11/09/2013 07:04:16 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/09/2013 07:04:15 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13151


System errors:
=============
Error: (11/09/2013 09:53:53 AM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE

Error: (11/09/2013 09:53:53 AM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE

Error: (11/09/2013 09:53:53 AM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE

Error: (11/09/2013 09:53:50 AM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE

Error: (11/09/2013 09:53:50 AM) (Source: mbamchameleon) (User: )
Description: \??\C:\Program Files\Microsoft Security Client\MpCmdRun.exe

Error: (11/09/2013 09:53:50 AM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE

Error: (11/09/2013 09:53:50 AM) (Source: mbamchameleon) (User: )
Description: \??\C:\Program Files\Microsoft Security Client\MpCmdRun.exe

Error: (11/09/2013 09:52:48 AM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (11/09/2013 09:52:48 AM) (Source: mbamchameleon) (User: )
Description: C0000022

Error: (11/09/2013 09:52:09 AM) (Source: mbamchameleon) (User: )
Description: C00000BE


Microsoft Office Sessions:
=========================
Error: (11/09/2013 07:04:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16162

Error: (11/09/2013 07:04:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16162

Error: (11/09/2013 07:04:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/09/2013 07:04:17 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15164

Error: (11/09/2013 07:04:17 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15164

Error: (11/09/2013 07:04:17 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/09/2013 07:04:16 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14150

Error: (11/09/2013 07:04:16 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14150

Error: (11/09/2013 07:04:16 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/09/2013 07:04:15 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13151


CodeIntegrity Errors:
===================================
  Date: 2013-10-31 20:42:59.206
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\http.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-10-31 20:42:59.191
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\http.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-06 07:12:14.359
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-09-06 07:12:14.218
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\atikmdag.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 29%
Total physical RAM: 8169.64 MB
Available physical RAM: 5720.3 MB
Total Pagefile: 16337.46 MB
Available Pagefile: 13340.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Programme) (Fixed) (Total:74.9 GB) (Free:4.32 GB) NTFS
Drive d: (Daten) (Fixed) (Total:390.76 GB) (Free:217.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 0047DD21)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=391 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Gmer.txt:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-09 10:10:32
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM500JJ rev.2AK10001 465,76GB
Running: 8mk5dds5.exe; Driver: C:\Users\bakoe\AppData\Local\Temp\uwdyypow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                                                    fffff80003205000 7 bytes [00, 00, 00, 00, 00, 00, 00]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 568                                                                                                                    fffff80003205008 37 bytes [03, 03, 00, F8, FF, FF, 58, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\SysWOW64\PnkBstrA.exe[1268] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                                               000000006fc11a22 2 bytes [C1, 6F]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1268] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                                               000000006fc11ad0 2 bytes [C1, 6F]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1268] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                                               000000006fc11b08 2 bytes [C1, 6F]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1268] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                                               000000006fc11bba 2 bytes [C1, 6F]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1268] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                                               000000006fc11bda 2 bytes [C1, 6F]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                        0000000075741465 2 bytes [74, 75]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[1268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                       00000000757414bb 2 bytes [74, 75]
.text     ...                                                                                                                                                                                   * 2
.text     C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe[2308] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                      0000000075741465 2 bytes [74, 75]
.text     C:\ProgramData\Microsoft\Windows\Time\Time-svc.exe[2308] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                     00000000757414bb 2 bytes [74, 75]
.text     ...                                                                                                                                                                                   * 2
.text     C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                     0000000075741465 2 bytes [74, 75]
.text     C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[3240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                    00000000757414bb 2 bytes [74, 75]
.text     ...                                                                                                                                                                                   * 2
.text     C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                    0000000075741465 2 bytes [74, 75]
.text     C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe[4012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                   00000000757414bb 2 bytes [74, 75]
.text     ...                                                                                                                                                                                   * 2
.text     C:\Users\bakoe\AppData\Roaming\Dropbox\bin\Dropbox.exe[3296] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                  0000000075741465 2 bytes [74, 75]
.text     C:\Users\bakoe\AppData\Roaming\Dropbox\bin\Dropbox.exe[3296] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                 00000000757414bb 2 bytes [74, 75]
.text     ...                                                                                                                                                                                   * 2
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                          0000000075741465 2 bytes [74, 75]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[5824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                         00000000757414bb 2 bytes [74, 75]
.text     ...                                                                                                                                                                                   * 2

---- Registry - GMER 2.1 ----

Reg       HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@J:\Spiele\Installer\[Open Beta] Trackmania\xb2 Stadium (2013)\StadiumOpenBeta.exe  1

---- EOF - GMER 2.1 ----
         
Vielen Dank bereits im Voraus!
LG prnha

Alt 09.11.2013, 10:35   #2
Larusso
/// Selecta Jahrusso
 
Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner - Standard

Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner





Bitte deinstalliere keine Programme ohne das ich dich dazu aufgefordert habe.
Arbeite bitte alle Schritte der Reihe nach ab. Manchmal erfordert ein Schritt den vorherigen.
Sollte es bei einem Schritt Probleme geben, stoppe bei diesen und berichte mir so gut wie möglich, welches Problem aufgetreten ist.


Here we go


Ich sehe du hast RogueKiller laufen lassen. Poste mir bitte die Logfile.
C:\Users\bakoe\Desktop\RKreport[0]_S_11092013_092027.txt



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Alt 09.11.2013, 11:02   #3
prnha
 
Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner - Standard

Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner



Danke für die eilige Antwort!
Anzumerken wäre, dass ich vor Erstellen dieser beiden Logfiles die TimeServer.exe sowie die WindowsTime.exe über den Taskmanager beendet habe, woraufhin das exzessive Lüften sowie die hohen Temperaturen erst einmal verschwunden sind. Erst bei einem Neustart treten die Probleme wieder auf - sag Bescheid, falls ich die Logs nochmal bei laufender TimeServer.exe und WindowsTime.exe erstellen soll!
Hier der Inhalt der RKreport[0]_S_11092013_092027.txt:
Code:
ATTFilter
RogueKiller V8.7.6 _x64_ [Oct 28 2013] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.adlice.com/forum/
Webseite : hxxp://www.adlice.com/softwares/roguekiller/
Blog : hxxp://tigzyrk.blogspot.com/

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestartet in : Normaler Modus
Benutzer : bakoe [Admin Rechte]
Funktion : Scannen -- Datum : 11/09/2013 09:20:27
| ARK || FAK || MBR |

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 11 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (10.0.9.1:3128 [Country: (Private Address) (XX), City: (Private Address)]) -> GEFUNDEN
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> GEFUNDEN
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> GEFUNDEN
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> GEFUNDEN
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> GEFUNDEN
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowUser (0) -> GEFUNDEN
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> GEFUNDEN
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> GEFUNDEN
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> GEFUNDEN
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN

¤¤¤ Geplante Tasks : 0 ¤¤¤

¤¤¤ Autostart-Einträge : 0 ¤¤¤

¤¤¤ Web-Browsern : 2 ¤¤¤
[FF][PROXY] cjmp2tik.default : user_pref("network.proxy.hxxp", "10.0.9.1"); -> GEFUNDEN
[FF][PROXY] cjmp2tik.default : user_pref("network.proxy.hxxp_port", 3128); -> GEFUNDEN

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN 0x0] ¤¤¤

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infektion :  ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HM500JJ ATA Device +++++
--- User ---
[MBR] d715d1f55b5ab2ba3ebd1850cff3d398
[BSP] 9558cd494870183a6e4ffa4bc277e2f8 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76700 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 157288448 | Size: 400138 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Abgeschlossen : << RKreport[0]_S_11092013_092027.txt >>
         
Combofix.txt:
Code:
ATTFilter
ComboFix 13-11-07.01 - bakoe 09.11.2013  10:50:44.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8170.6265 [GMT 1:00]
ausgeführt von:: c:\users\bakoe\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome.manifest
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\api.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\api\asyncDB.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\api\background.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\api\browserAction.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\api\contextMenu.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\api\dbManager.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\api\dom_bg.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\api\fileManager.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\api\firefox.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\api\firefoxNotifications.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\api\firefoxOmnibox.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\api\message.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\api\pageAction.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\api\request.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\api\tabs.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\api\webRequest.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\background.html
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\baseObject.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\browser.xul
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\core\console.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\core\consts.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\core\delegate.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\core\extensionDataStore.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\core\folderIOWrapper.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\core\httpObserver.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\core\IDBWrapper.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\core\installer.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\core\logFile.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\core\prefs.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\core\progressListenerObserver.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\core\registry.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\core\reloadObserver.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\core\reports.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\core\requestObject.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\core\searchSettings.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\core\uninstallObserver.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\core\updateManager.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\core\utils.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\core\xhr.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\dialog.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\main.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\options.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\options.xul
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\chrome\content\search_dialog.xul
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\defaults\preferences\prefs.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\extensionData\manifest.xml
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\extensionData\plugins.json
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\extensionData\plugins\1_base.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\extensionData\plugins\17_jQuery.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\extensionData\plugins\21_debug.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\extensionData\plugins\22_resources.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\extensionData\plugins\28_initializer.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\extensionData\plugins\47_resources_background.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\extensionData\plugins\64_appApiMessage.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\extensionData\plugins\72_appApiValidation.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\extensionData\plugins\98_omniCommands.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\extensionData\userCode\background.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\extensionData\userCode\extension.js
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\install.rdf
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\locale\en-US\translations.dtd
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\skin\button1.png
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\skin\button2.png
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\skin\button3.png
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\skin\button4.png
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\skin\button5.png
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\skin\crossrider_statusbar.png
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\skin\icon128.png
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\skin\icon16.png
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\skin\icon24.png
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\skin\icon48.png
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\skin\panelarrow-up.png
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\skin\popup.html
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\skin\skin.css
c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com\skin\update.css
c:\windows\msxml4-KB954430-enu.LOG
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-10-09 bis 2013-11-09  ))))))))))))))))))))))))))))))
.
.
2013-11-09 09:55 . 2013-11-09 09:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-11-09 09:24 . 2013-10-14 07:12	10280728	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D73DDB29-7907-45DF-B451-D56F71764C93}\mpengine.dll
2013-11-09 08:23 . 2013-11-09 08:23	--------	d-----w-	c:\programdata\Malwarebytes
2013-11-09 08:23 . 2013-11-09 08:53	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-09 08:23 . 2013-11-09 08:44	116440	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-09 08:22 . 2013-11-09 08:44	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2013-11-09 08:12 . 2013-11-09 08:12	--------	d-----w-	C:\FRST
2013-11-07 22:05 . 2013-11-08 13:55	--------	d-----w-	c:\program files\NetBeans 7.4
2013-11-07 22:03 . 2013-11-07 22:13	--------	d-----w-	c:\users\bakoe\.nbi
2013-11-07 18:34 . 2013-11-07 18:33	312744	----a-w-	c:\windows\system32\javaws.exe
2013-11-07 18:33 . 2013-11-07 18:33	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-11-07 18:33 . 2013-11-07 18:33	189352	----a-w-	c:\windows\system32\javaw.exe
2013-11-07 18:33 . 2013-11-07 18:33	189352	----a-w-	c:\windows\system32\java.exe
2013-11-07 18:33 . 2013-11-07 18:33	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-11-07 18:32 . 2013-11-07 18:34	--------	d-----w-	c:\programdata\Oracle
2013-11-07 18:32 . 2013-11-07 18:32	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-07 18:32 . 2013-11-07 18:32	--------	d-----w-	c:\program files (x86)\Java
2013-11-07 18:09 . 2013-10-18 19:19	965000	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F705EF0-CAD8-448C-9714-41B9E70007A7}\gapaengine.dll
2013-11-07 18:08 . 2013-10-14 07:12	10280728	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-05 09:04 . 2013-11-05 09:04	--------	d-----w-	c:\program files (x86)\ParallelGraphics
2013-11-05 09:04 . 2013-11-05 09:04	--------	d-----w-	C:\Plugins
2013-11-05 09:04 . 2013-11-05 09:04	--------	d-----w-	c:\program files (x86)\Common Files\ParallelGraphics
2013-11-05 09:03 . 2013-11-07 11:40	--------	d-----w-	c:\program files (x86)\Geometrie
2013-11-05 09:03 . 2013-11-05 09:03	208896	------w-	c:\windows\Setup1.exe
2013-11-05 09:03 . 2013-11-05 09:03	74752	----a-w-	c:\windows\ST6UNST.EXE
2013-11-02 20:55 . 2013-11-02 20:55	--------	d-----w-	c:\program files\Sandboxie
2013-11-01 17:57 . 2013-11-01 18:18	--------	d-----w-	c:\users\bakoe\AppData\Local\CSDSteamBuild
2013-11-01 16:36 . 2013-11-01 16:36	--------	d-----w-	c:\program files (x86)\w
2013-11-01 16:36 . 2013-11-01 16:36	10752	----a-w-	c:\programdata\Microsoft\Windows\Time\Time-svc.exe
2013-11-01 16:36 . 2013-11-01 16:36	10240	----a-w-	c:\programdata\Microsoft\Windows\Time\WindowsTime.exe
2013-11-01 16:36 . 2013-11-01 16:36	49664	----a-w-	c:\programdata\Microsoft\Windows\Time\w9xpopen.exe
2013-11-01 16:36 . 2013-11-01 16:36	2303488	----a-w-	c:\programdata\Microsoft\Windows\Time\python27.dll
2013-11-01 16:36 . 2013-11-01 16:36	24064	----a-w-	c:\programdata\Microsoft\Windows\Time\TimeServer.exe
2013-11-01 16:36 . 2013-11-01 16:36	569680	----a-w-	c:\programdata\Microsoft\Windows\Time\msvcp90.dll
2013-11-01 16:36 . 2013-11-01 16:36	219648	----a-w-	c:\programdata\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll
2013-10-31 22:33 . 2013-10-31 22:33	--------	d-----w-	c:\program files\AuthenTec
2013-10-31 22:33 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-10-31 22:33 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2013-10-31 22:33 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2013-10-31 22:33 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2013-10-31 22:31 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2013-10-31 22:31 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2013-10-31 22:31 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2013-10-31 22:31 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2013-10-31 22:31 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2013-10-31 22:31 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2013-10-31 22:31 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2013-10-31 22:19 . 2011-05-04 05:25	2315776	----a-w-	c:\windows\system32\tquery.dll
2013-10-31 22:14 . 2012-02-11 06:36	559104	----a-w-	c:\windows\system32\spoolsv.exe
2013-10-31 22:14 . 2012-02-11 06:36	67072	----a-w-	c:\windows\splwow64.exe
2013-10-31 21:57 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2013-10-31 21:34 . 2013-10-31 21:34	--------	d-----w-	c:\windows\system32\SPReview
2013-10-29 11:33 . 2013-10-29 11:33	--------	d-----w-	c:\program files\PhotomatixPro4
2013-10-29 11:33 . 2013-10-29 11:33	--------	d-----w-	c:\users\bakoe\AppData\Roaming\HDRsoft
2013-10-22 20:31 . 2013-10-22 20:32	--------	d-----w-	c:\program files (x86)\MOUSE Editor
2013-10-21 00:42 . 2013-10-21 01:14	--------	d-----w-	c:\programdata\TrackMania
2013-10-19 17:02 . 2013-10-19 17:02	--------	d-----w-	c:\users\bakoe\AppData\Roaming\AHR Software
2013-10-19 14:43 . 2013-10-19 14:43	--------	d-----w-	c:\users\bakoe\AppData\Local\Nem's Tools
2013-10-18 21:30 . 2001-09-05 02:18	77824	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-10-18 21:30 . 2001-09-05 02:18	225280	----a-w-	c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-10-18 21:30 . 2001-09-05 02:14	176128	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-10-18 21:30 . 2001-09-05 02:13	32768	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-10-18 20:46 . 2013-10-18 20:46	--------	d-----r-	C:\Sandbox
2013-10-18 20:36 . 2013-10-18 20:42	--------	d-----w-	c:\users\bakoe\AppData\Roaming\HandBrake
2013-10-18 20:36 . 2013-10-18 20:36	--------	d-----w-	c:\program files\Handbrake
2013-10-18 19:38 . 1999-05-29 08:54	45568	----a-w-	c:\windows\UniFish3.exe
2013-10-18 19:19 . 2013-10-18 19:19	965000	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-31 21:55 . 2013-09-14 23:39	80541720	----a-w-	c:\windows\system32\MRT.exe
2013-10-31 21:37 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2013-10-31 21:37 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2013-10-21 02:22 . 2013-10-07 19:39	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-10-21 02:22 . 2013-10-05 13:45	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-10-20 18:26 . 2013-10-05 13:45	271200	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-10-07 19:30 . 2013-10-05 13:45	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-09-14 20:50 . 2013-09-14 20:50	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-14 20:50 . 2013-09-14 20:50	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-06 22:00 . 2013-09-06 22:00	283064	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2013-09-06 05:37 . 2013-09-06 05:42	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-09-06 05:37 . 2013-09-06 05:42	132088	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-09-06 05:37 . 2013-09-06 05:42	105344	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-09-06 05:16 . 2013-09-06 05:17	63648	----a-w-	c:\windows\system32\drivers\smsbda.sys
2013-09-06 05:16 . 2013-09-06 05:17	141824	----a-w-	c:\windows\system32\drivers\cmntnet.sys
2013-09-06 05:16 . 2013-09-06 05:17	133120	----a-w-	c:\windows\system32\drivers\cm_netamd.sys
2013-09-06 05:16 . 2013-09-06 05:17	123904	----a-w-	c:\windows\system32\drivers\cmnuusbser.sys
2013-09-06 05:16 . 2013-09-06 05:17	118272	----a-w-	c:\windows\system32\drivers\cm_seramd.sys
2013-09-06 05:16 . 2013-09-06 05:17	117888	----a-w-	c:\windows\system32\drivers\cmnsusbser.sys
2013-09-06 05:16 . 2013-09-06 05:17	112640	----a-w-	c:\windows\system32\drivers\cm_net32.sys
2013-09-06 05:16 . 2013-09-06 05:17	103680	----a-w-	c:\windows\system32\drivers\cm_ser32.sys
2013-09-05 23:16 . 2011-06-23 09:26	174680	----a-w-	c:\windows\system32\drivers\jmcr.sys
2013-09-05 23:16 . 2010-07-27 08:08	203352	----a-w-	c:\windows\SysWow64\jmcricon.dll
2013-09-05 23:16 . 2010-07-27 08:08	203352	----a-w-	c:\windows\system32\jmcricon.dll
2013-09-05 23:05 . 2013-09-05 23:05	53248	----a-w-	c:\windows\SysWow64\CSVer.dll
2013-08-19 22:46 . 2013-09-06 05:36	9515512	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{15327116-B45A-4FC9-B938-67B5650B0CF9}\mpengine.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\bakoe\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\bakoe\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\bakoe\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\bakoe\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\MOUSE Editor\MouseEditor.exe" [2012-08-16 3333632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-06-04 676608]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\bakoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\bakoe\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-11-1 29769432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-8-2 3079680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Time;Time;c:\programdata\Microsoft\Windows\Time\Time-svc.exe;c:\programdata\Microsoft\Windows\Time\Time-svc.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 cmntnet;Wireless Data Device USB Ethernet Driver;c:\windows\system32\DRIVERS\cmntnet.sys;c:\windows\SYSNATIVE\DRIVERS\cmntnet.sys [x]
R3 cmnuusbser;Mobile Connector USB Device for Serial Communication Device;c:\windows\system32\DRIVERS\cmnuusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmnuusbser.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe;c:\program files (x86)\Hotkey\PowerBiosServer.exe [x]
S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x]
S2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe;c:\program files (x86)\XSManager\WTGService.exe [x]
S3 Ak27x64;Killer Wireless-N 1102 device driver;c:\windows\system32\DRIVERS\Ak27x64.sys;c:\windows\SYSNATIVE\DRIVERS\Ak27x64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - UWDYYPOW
*Deregistered* - uwdyypow
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-19 07:19	1185744	----a-w-	c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-21 23:44]
.
2013-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-21 23:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\bakoe\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\bakoe\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\bakoe\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\bakoe\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 10.0.9.1:3128
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local;<local>
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\
FF - prefs.js: network.proxy.ftp - 10.0.9.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 10.0.9.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 10.0.9.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 10.0.9.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-09-15 22:54; 971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\971d5a0e-9273-487f-b423-ed4d001e437a@73136d87-5f3a-4380-8edb-16a7fa56bbc4.com
FF - ExtSQL: 2013-09-16 20:44; firebug@software.joehewitt.com; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\firebug@software.joehewitt.com.xpi
FF - ExtSQL: 2013-09-16 20:45; FirePHPExtension-Build@firephp.org; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\FirePHPExtension-Build@firephp.org.xpi
FF - ExtSQL: 2013-09-17 14:31; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: 2013-09-21 15:57; thumbnailZoom@dadler.github.com; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\thumbnailZoom@dadler.github.com.xpi
FF - ExtSQL: 2013-09-28 13:18; {77b819fa-95ad-4f2c-ac7c-486b356188a9}; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - ExtSQL: 2013-09-29 17:04; youtubeunblocker@unblocker.yt; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\youtubeunblocker@unblocker.yt
FF - ExtSQL: 2013-09-29 17:05; YoutubeDownloader@PeterOlayev.com; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi
FF - ExtSQL: 2013-10-09 22:06; jid1-93CWPmRbVPjRQA@jetpack; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi
FF - ExtSQL: 2013-10-31 23:02; {3f12f2e9-bff5-4585-8f63-ec28646678ed}; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\{3f12f2e9-bff5-4585-8f63-ec28646678ed}.xpi
FF - ExtSQL: 2013-11-01 18:27; Stratiform@SoapySpew; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\Stratiform@SoapySpew.xpi
FF - ExtSQL: 2013-11-01 18:35; omnibar@ajitk.com; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\omnibar@ajitk.com.xpi
FF - ExtSQL: 2013-11-02 22:27; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-11-07 23:16; {f96ac632-94e3-40b2-b69f-e349d35973df}; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\{f96ac632-94e3-40b2-b69f-e349d35973df}.xpi
FF - ExtSQL: !HIDDEN! 2013-09-17 14:31; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-11-09  10:57:02
ComboFix-quarantined-files.txt  2013-11-09 09:57
.
Vor Suchlauf: 4.496.322.560 Bytes frei
Nach Suchlauf: 4.652.969.984 Bytes frei
.
- - End Of File - - 151C535A2A293AAF2FFFEDCD50C88B22
A36C5E4F47E84449FF07ED3517B43A31
         
LG prnha
__________________

Alt 09.11.2013, 11:10   #4
Larusso
/// Selecta Jahrusso
 
Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner - Standard

Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner



Kein Problem.

Hast du MBAM mal laufen lassen und hat die TimeSaver Dateien nicht erkannt ?
Ich würde diese nämlich dann gerne zu denen hochladen.


Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    ATTFilter
    Folder::
    c:\programdata\Microsoft\Windows\Time
    Driver::
    Time
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!




Berichte bitte, wie der Rechner läuft.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 09.11.2013, 11:39   #5
prnha
 
Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner - Standard

Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner



Nein, MBAM hat die Datei nicht erkannt.
Nach dem von Combofix initiierten Neustart hat die TimeServer.exe sowie die WindowsTime.exe nicht mehr gestartet. Der Rechner läuft jetzt also wieder reibungslos
Hier ist das Logfile von Combofix:
Code:
ATTFilter
ComboFix 13-11-07.01 - bakoe 09.11.2013  11:17:31.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8170.6024 [GMT 1:00]
ausgeführt von:: c:\users\bakoe\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\bakoe\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Time
c:\programdata\Microsoft\Windows\Time\_ctypes.pyd
c:\programdata\Microsoft\Windows\Time\_hashlib.pyd
c:\programdata\Microsoft\Windows\Time\_socket.pyd
c:\programdata\Microsoft\Windows\Time\47aba95b6607d122fa8b14d990e231f4.elf
c:\programdata\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll
c:\programdata\Microsoft\Windows\Time\c5ba51c8822b2ebb730d18f8bab93d8a.elf
c:\programdata\Microsoft\Windows\Time\d4ce4f36e508153bf25ab6a8dcde7f0d.elf
c:\programdata\Microsoft\Windows\Time\library.zip
c:\programdata\Microsoft\Windows\Time\msvcp90.dll
c:\programdata\Microsoft\Windows\Time\numpy.core._dotblas.pyd
c:\programdata\Microsoft\Windows\Time\numpy.core.multiarray.pyd
c:\programdata\Microsoft\Windows\Time\numpy.core.scalarmath.pyd
c:\programdata\Microsoft\Windows\Time\numpy.core.umath.pyd
c:\programdata\Microsoft\Windows\Time\numpy.fft.fftpack_lite.pyd
c:\programdata\Microsoft\Windows\Time\numpy.lib._compiled_base.pyd
c:\programdata\Microsoft\Windows\Time\numpy.linalg.lapack_lite.pyd
c:\programdata\Microsoft\Windows\Time\numpy.random.mtrand.pyd
c:\programdata\Microsoft\Windows\Time\phatk.cl
c:\programdata\Microsoft\Windows\Time\pyopencl._cl.pyd
c:\programdata\Microsoft\Windows\Time\python27.dll
c:\programdata\Microsoft\Windows\Time\select.pyd
c:\programdata\Microsoft\Windows\Time\Time-svc.exe
c:\programdata\Microsoft\Windows\Time\TimeServer.exe
c:\programdata\Microsoft\Windows\Time\w9xpopen.exe
c:\programdata\Microsoft\Windows\Time\WindowsTime.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Time
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-10-09 bis 2013-11-09  ))))))))))))))))))))))))))))))
.
.
2013-11-09 10:21 . 2013-11-09 10:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-11-09 09:58 . 2013-10-14 07:12	10280728	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34943545-AD7B-44BA-9DBE-6A356127BF89}\mpengine.dll
2013-11-09 08:23 . 2013-11-09 08:23	--------	d-----w-	c:\programdata\Malwarebytes
2013-11-09 08:23 . 2013-11-09 08:53	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-09 08:23 . 2013-11-09 08:44	116440	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-09 08:22 . 2013-11-09 08:44	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2013-11-09 08:12 . 2013-11-09 08:12	--------	d-----w-	C:\FRST
2013-11-07 22:05 . 2013-11-08 13:55	--------	d-----w-	c:\program files\NetBeans 7.4
2013-11-07 22:03 . 2013-11-07 22:13	--------	d-----w-	c:\users\bakoe\.nbi
2013-11-07 18:34 . 2013-11-07 18:33	312744	----a-w-	c:\windows\system32\javaws.exe
2013-11-07 18:33 . 2013-11-07 18:33	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-11-07 18:33 . 2013-11-07 18:33	189352	----a-w-	c:\windows\system32\javaw.exe
2013-11-07 18:33 . 2013-11-07 18:33	189352	----a-w-	c:\windows\system32\java.exe
2013-11-07 18:33 . 2013-11-07 18:33	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-11-07 18:32 . 2013-11-07 18:34	--------	d-----w-	c:\programdata\Oracle
2013-11-07 18:32 . 2013-11-07 18:32	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-07 18:32 . 2013-11-07 18:32	--------	d-----w-	c:\program files (x86)\Java
2013-11-07 18:09 . 2013-10-18 19:19	965000	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F705EF0-CAD8-448C-9714-41B9E70007A7}\gapaengine.dll
2013-11-07 18:08 . 2013-10-14 07:12	10280728	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-05 09:04 . 2013-11-05 09:04	--------	d-----w-	c:\program files (x86)\ParallelGraphics
2013-11-05 09:04 . 2013-11-05 09:04	--------	d-----w-	C:\Plugins
2013-11-05 09:04 . 2013-11-05 09:04	--------	d-----w-	c:\program files (x86)\Common Files\ParallelGraphics
2013-11-05 09:03 . 2013-11-07 11:40	--------	d-----w-	c:\program files (x86)\Geometrie
2013-11-05 09:03 . 2013-11-05 09:03	208896	------w-	c:\windows\Setup1.exe
2013-11-05 09:03 . 2013-11-05 09:03	74752	----a-w-	c:\windows\ST6UNST.EXE
2013-11-02 20:55 . 2013-11-02 20:55	--------	d-----w-	c:\program files\Sandboxie
2013-11-01 17:57 . 2013-11-01 18:18	--------	d-----w-	c:\users\bakoe\AppData\Local\CSDSteamBuild
2013-11-01 16:36 . 2013-11-01 16:36	--------	d-----w-	c:\program files (x86)\w
2013-10-31 22:33 . 2013-10-31 22:33	--------	d-----w-	c:\program files\AuthenTec
2013-10-31 22:33 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-10-31 22:33 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2013-10-31 22:33 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2013-10-31 22:33 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2013-10-31 22:31 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2013-10-31 22:31 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2013-10-31 22:31 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2013-10-31 22:31 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2013-10-31 22:31 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2013-10-31 22:31 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2013-10-31 22:31 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2013-10-31 22:19 . 2011-05-04 05:25	2315776	----a-w-	c:\windows\system32\tquery.dll
2013-10-31 22:14 . 2012-02-11 06:36	559104	----a-w-	c:\windows\system32\spoolsv.exe
2013-10-31 22:14 . 2012-02-11 06:36	67072	----a-w-	c:\windows\splwow64.exe
2013-10-31 21:57 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2013-10-31 21:34 . 2013-10-31 21:34	--------	d-----w-	c:\windows\system32\SPReview
2013-10-29 11:33 . 2013-10-29 11:33	--------	d-----w-	c:\program files\PhotomatixPro4
2013-10-29 11:33 . 2013-10-29 11:33	--------	d-----w-	c:\users\bakoe\AppData\Roaming\HDRsoft
2013-10-22 20:31 . 2013-10-22 20:32	--------	d-----w-	c:\program files (x86)\MOUSE Editor
2013-10-21 00:42 . 2013-10-21 01:14	--------	d-----w-	c:\programdata\TrackMania
2013-10-19 17:02 . 2013-10-19 17:02	--------	d-----w-	c:\users\bakoe\AppData\Roaming\AHR Software
2013-10-19 14:43 . 2013-10-19 14:43	--------	d-----w-	c:\users\bakoe\AppData\Local\Nem's Tools
2013-10-18 21:30 . 2001-09-05 02:18	77824	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-10-18 21:30 . 2001-09-05 02:18	225280	----a-w-	c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-10-18 21:30 . 2001-09-05 02:14	176128	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-10-18 21:30 . 2001-09-05 02:13	32768	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-10-18 20:46 . 2013-10-18 20:46	--------	d-----r-	C:\Sandbox
2013-10-18 20:36 . 2013-10-18 20:42	--------	d-----w-	c:\users\bakoe\AppData\Roaming\HandBrake
2013-10-18 20:36 . 2013-10-18 20:36	--------	d-----w-	c:\program files\Handbrake
2013-10-18 19:38 . 1999-05-29 08:54	45568	----a-w-	c:\windows\UniFish3.exe
2013-10-18 19:19 . 2013-10-18 19:19	965000	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-31 21:55 . 2013-09-14 23:39	80541720	----a-w-	c:\windows\system32\MRT.exe
2013-10-31 21:37 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2013-10-31 21:37 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2013-10-21 02:22 . 2013-10-07 19:39	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-10-21 02:22 . 2013-10-05 13:45	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-10-20 18:26 . 2013-10-05 13:45	271200	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-10-07 19:30 . 2013-10-05 13:45	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-09-14 20:50 . 2013-09-14 20:50	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-14 20:50 . 2013-09-14 20:50	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-06 22:00 . 2013-09-06 22:00	283064	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2013-09-06 05:37 . 2013-09-06 05:42	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-09-06 05:37 . 2013-09-06 05:42	132088	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-09-06 05:37 . 2013-09-06 05:42	105344	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-09-06 05:16 . 2013-09-06 05:17	63648	----a-w-	c:\windows\system32\drivers\smsbda.sys
2013-09-06 05:16 . 2013-09-06 05:17	141824	----a-w-	c:\windows\system32\drivers\cmntnet.sys
2013-09-06 05:16 . 2013-09-06 05:17	133120	----a-w-	c:\windows\system32\drivers\cm_netamd.sys
2013-09-06 05:16 . 2013-09-06 05:17	123904	----a-w-	c:\windows\system32\drivers\cmnuusbser.sys
2013-09-06 05:16 . 2013-09-06 05:17	118272	----a-w-	c:\windows\system32\drivers\cm_seramd.sys
2013-09-06 05:16 . 2013-09-06 05:17	117888	----a-w-	c:\windows\system32\drivers\cmnsusbser.sys
2013-09-06 05:16 . 2013-09-06 05:17	112640	----a-w-	c:\windows\system32\drivers\cm_net32.sys
2013-09-06 05:16 . 2013-09-06 05:17	103680	----a-w-	c:\windows\system32\drivers\cm_ser32.sys
2013-09-05 23:16 . 2011-06-23 09:26	174680	----a-w-	c:\windows\system32\drivers\jmcr.sys
2013-09-05 23:16 . 2010-07-27 08:08	203352	----a-w-	c:\windows\SysWow64\jmcricon.dll
2013-09-05 23:16 . 2010-07-27 08:08	203352	----a-w-	c:\windows\system32\jmcricon.dll
2013-09-05 23:05 . 2013-09-05 23:05	53248	----a-w-	c:\windows\SysWow64\CSVer.dll
2013-08-19 22:46 . 2013-09-06 05:36	9515512	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{15327116-B45A-4FC9-B938-67B5650B0CF9}\mpengine.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\bakoe\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\bakoe\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\bakoe\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\bakoe\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\MOUSE Editor\MouseEditor.exe" [2012-08-16 3333632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-06-04 676608]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\bakoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\bakoe\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-11-1 29769432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-8-2 3079680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 cmntnet;Wireless Data Device USB Ethernet Driver;c:\windows\system32\DRIVERS\cmntnet.sys;c:\windows\SYSNATIVE\DRIVERS\cmntnet.sys [x]
R3 cmnuusbser;Mobile Connector USB Device for Serial Communication Device;c:\windows\system32\DRIVERS\cmnuusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmnuusbser.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe;c:\program files (x86)\Hotkey\PowerBiosServer.exe [x]
S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x]
S2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe;c:\program files (x86)\XSManager\WTGService.exe [x]
S3 Ak27x64;Killer Wireless-N 1102 device driver;c:\windows\system32\DRIVERS\Ak27x64.sys;c:\windows\SYSNATIVE\DRIVERS\Ak27x64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-19 07:19	1185744	----a-w-	c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-21 23:44]
.
2013-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-21 23:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\bakoe\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\bakoe\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\bakoe\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\bakoe\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 10.0.9.1:3128
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local;<local>
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\BfLLR.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\
FF - prefs.js: network.proxy.ftp - 10.0.9.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 10.0.9.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 10.0.9.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 10.0.9.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-09-16 20:44; firebug@software.joehewitt.com; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\firebug@software.joehewitt.com.xpi
FF - ExtSQL: 2013-09-16 20:45; FirePHPExtension-Build@firephp.org; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\FirePHPExtension-Build@firephp.org.xpi
FF - ExtSQL: 2013-09-17 14:31; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: 2013-09-21 15:57; thumbnailZoom@dadler.github.com; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\thumbnailZoom@dadler.github.com.xpi
FF - ExtSQL: 2013-09-28 13:18; {77b819fa-95ad-4f2c-ac7c-486b356188a9}; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - ExtSQL: 2013-09-29 17:04; youtubeunblocker@unblocker.yt; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\youtubeunblocker@unblocker.yt
FF - ExtSQL: 2013-09-29 17:05; YoutubeDownloader@PeterOlayev.com; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi
FF - ExtSQL: 2013-10-09 22:06; jid1-93CWPmRbVPjRQA@jetpack; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi
FF - ExtSQL: 2013-10-31 23:02; {3f12f2e9-bff5-4585-8f63-ec28646678ed}; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\{3f12f2e9-bff5-4585-8f63-ec28646678ed}.xpi
FF - ExtSQL: 2013-11-01 18:27; Stratiform@SoapySpew; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\Stratiform@SoapySpew.xpi
FF - ExtSQL: 2013-11-01 18:35; omnibar@ajitk.com; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\omnibar@ajitk.com.xpi
FF - ExtSQL: 2013-11-02 22:27; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-11-07 23:16; {f96ac632-94e3-40b2-b69f-e349d35973df}; c:\users\bakoe\AppData\Roaming\Mozilla\Firefox\Profiles\cjmp2tik.default\extensions\{f96ac632-94e3-40b2-b69f-e349d35973df}.xpi
FF - ExtSQL: !HIDDEN! 2013-09-17 14:31; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\users\bakoe\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-11-09  11:38:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-11-09 10:38
ComboFix2.txt  2013-11-09 09:57
.
Vor Suchlauf: 4.716.163.072 Bytes frei
Nach Suchlauf: 4.452.696.064 Bytes frei
.
- - End Of File - - 56A4D2BBB056DCA0FC8A2AB297D08F5C
A36C5E4F47E84449FF07ED3517B43A31
         
Vielen Dank!
LG


Alt 09.11.2013, 11:54   #6
Larusso
/// Selecta Jahrusso
 
Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner - Standard

Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner



Danke.

Öffne bitte folgenden Ordner.
C:\Qoobox\c\programdata\Microsoft\Windows


Hier sollte sich ein Ordner Time befinden. Rechtsklick -> Senden an --> Zip-komprimierten Ordner.


Gegebenfalls schlägt deine Anti Viren Software an. Bitte ignorieren bzw zulassen.

Lade diese Zip Datei bitte hier hoch --> Trojaner-Board Upload Channel

Lass mich wissen wenn es Probleme gibt. Danke für die Mitarbeit !!




Update bitte Malwarebytes und lass einen QuickScan laufen. Entferne alle Funde und poste die Logfile hier.


Nächster Scan kann etwas dauern.

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner

Geändert von Larusso (09.11.2013 um 11:59 Uhr)

Alt 09.11.2013, 18:40   #7
prnha
 
Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner - Standard

Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner



Entschuldige, dass meine Antwort so lange auf sich warten lassen hat. Der Test mit dem ESET Online-Scanner hat wirklich gedauert.
Ich habe den ZIP-komprimierten Ordner wie beschrieben hochgeladen. Hat das funktioniert?
Bzgl. MBAM ist mir leider ein Fehler unterlaufen. Ich habe nicht mit Malwarebytes' Anti-Malware, sondern mit Malwarebytes' Anti-Rootkit gescannt. Demzufolge ist es natürlich logisch, dass das Programm nicht angeschlagen hat, weil es sich bei dem Miner nicht um ein Rootkit handelt.
Hier ist das Logfile vom ESET Online Scanner:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=28b5d15290025c4f9795b0a6fb096080
# engine=15820
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-09 04:55:40
# local_time=2013-11-09 05:55:40 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5892 16777213 88 94 763256 12431132 0 0
# scanned=554101
# found=2
# cleaned=0
# scan_time=20652
sh=6A1720B2CF7971F5ECCF2725AFAF7EC129FED81F ft=0 fh=0000000000000000 vn="a variant of MSIL/CoinMiner.CE trojan" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Time.zip"
sh=7A676363B54B106D505260E648F257FC882021FB ft=1 fh=37756aee118a5aed vn="a variant of MSIL/CoinMiner.CE trojan" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Time\WindowsTime.exe.vir"
         
LG

Alt 09.11.2013, 18:51   #8
Larusso
/// Selecta Jahrusso
 
Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner - Standard

Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner



Zitat:
Hat das funktioniert?
Muss ich gleich mal suchen. Da werden viele Sachen hochgeladen

Hat Malwarebytes Anti Malware nichts gefunden oder hast du das Posten der Logfile vergessen oder schlichtweg folgendes überlesen
Zitat:
Update bitte Malwarebytes und lass einen QuickScan laufen. Entferne alle Funde und poste die Logfile hier.

Nur als Info. Malwarebytes Anti Rootkit ist sehr zuverlässig, wie wir es gewohnt sind von MBAM. Aber ich rate von der eigenständingen Ausführung solcher Programme dann doch ab. Das sind halt keine kleinen Tools mehr sondern gehen richtig in die Tiefe.
2. glaube ich ( müsste ich jetzt dort nachlesen ) ist es noch Beta und daher mit etwas vorsicht zu genießen
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 09.11.2013, 19:12   #9
prnha
 
Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner - Standard

Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner



Ich habe jetzt mit Malwarebytes' Anti-Malware einen QuickScan gemacht. Dabei wurden keine infizierten Objekte gefunden - wobei das evtl. der Tatsache geschuldet ist, dass mittlerweile im Ordner C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\Time nicht mehr die infizierten *.exe-Dateien, sondern nur noch dieselben Dateien mit einem angehängten .vir liegen, also z.B. TimeServer.exe.vir.
LG

Alt 09.11.2013, 19:42   #10
Larusso
/// Selecta Jahrusso
 
Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner - Standard

Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner



Gut, sonst noch irgendwelche Probleme ?
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 09.11.2013, 21:01   #11
prnha
 
Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner - Standard

Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner



Nein, jetzt läuft alles wieder hervorragend. Kann ich die Tools, Logfiles sowie die Dateien im Qoobox-Ordner wieder löschen? Danke für die schnelle und effektive Hilfe!
LG

Alt 10.11.2013, 08:41   #12
Larusso
/// Selecta Jahrusso
 
Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner - Standard

Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner



Sorry, musste gestern spontan weg. Freut,mich, dass alles wieder läuft



Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
ATTFilter
Combofix /Uninstall
         
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren.


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.




Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren. Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.
Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.
Zusätzlicher Schutz
  • MalwareBytes Anti Malware Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter. Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.
Sicheres Browsen
  • SpywareBlaster Eine kurze Einführung findest du Hier
  • MVPs hosts file Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust) Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen. Es spart ausserdem Downloadkapazität.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Antwort

Themen zu Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner
adblock, adobe, avira, bitcoinminer, bonjour, branding, browser, device driver, entfernen, excel, explorer, farbar, farbar recovery scan tool, firefox, flash player, ftp, grafikkarte, iexplore.exe, minidump, mozilla, neustart, officejet, port, prozesse, realtek, registry, scan, security, services.exe, system, usb, windows, windows 7 64 bit, winlogon.exe



Ähnliche Themen: Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner


  1. Passwörter ausgepäht; Ständige Captcha Abfragen bei Google Suche; Bitcoin-Miner
    Log-Analyse und Auswertung - 27.04.2015 (7)
  2. Bitcoin Miner c:\windows\logs\logonui.exe
    Plagegeister aller Art und deren Bekämpfung - 20.11.2014 (8)
  3. Anscheinend Trojaner auf Windows 7/64 bit
    Plagegeister aller Art und deren Bekämpfung - 19.10.2014 (11)
  4. ~ 3 BitCoin Miner, Avira + Malwarebytes finden nichts. Beim Start startet sich Browser "unsichtbar"
    Plagegeister aller Art und deren Bekämpfung - 18.09.2014 (13)
  5. TimeServer.exe
    Plagegeister aller Art und deren Bekämpfung - 05.06.2014 (26)
  6. Synology-NAS-Geräte als Bitcoin-Miner missbraucht
    Nachrichten - 14.02.2014 (0)
  7. Windows 7: Bit Coin Miner "Befall"
    Log-Analyse und Auswertung - 01.01.2014 (9)
  8. TimeServer.exe - System seitdem laaaangsam
    Log-Analyse und Auswertung - 27.11.2013 (4)
  9. Windows 7: Ständige Grafikkarten-Treiber Abstürze, Freezes & Bluescreen... Verdacht auf Bitcoin-Miner o.ä!
    Log-Analyse und Auswertung - 31.10.2013 (10)
  10. Bitcoin Miner in svhost.exe erscheint nach Neustart wieder
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (27)
  11. TimeServer.exe hohe CPU Auslastung
    Plagegeister aller Art und deren Bekämpfung - 05.09.2013 (15)
  12. Windows 7 (64bit) - hyperaktive timeserver.exe - Malwarebytes kann Befall nicht dauerhaft entfernen
    Log-Analyse und Auswertung - 15.08.2013 (5)
  13. GVU Trojaner, Windows neu aufgesetzt, anscheinend nicht ausreichend
    Plagegeister aller Art und deren Bekämpfung - 19.05.2013 (11)
  14. Bitcoin: Diebstahl bei Bitcoin-Central und Ozcoin
    Nachrichten - 25.04.2013 (0)
  15. Firewall deaktiviert, Windows Defender anscheinend gelöscht?
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  16. Windows Firewall und das Sicherheitscenter anscheinend von selber abgeschaltet
    Plagegeister aller Art und deren Bekämpfung - 25.01.2010 (5)
  17. Data Miner
    Antiviren-, Firewall- und andere Schutzprogramme - 04.04.2005 (12)

Zum Thema Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner - Hallo allerseits! Anscheinend habe ich mir irgendwie einen Bitcoin-Miner zugezogen, der meine Grafikkarte nutzt. Ich vermute dies aus dem Grund, dass seit einigen Tagen mein Laptop-Lüfter, der für die GPU - Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner...
Archiv
Du betrachtest: Windows 7: TimeServer.exe und WindowsTime.exe anscheinend GPU-Bitcoin-Miner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.