| |
| |||||||
Log-Analyse und Auswertung: PUP.Optional. - FragenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.11.2013, 14:55
| #1 |
| |  PUP.Optional. - Fragen Hallo, ich bin relativ neu hier und habe gleich schonmal eine Frage. Ich habe mir mal Malwarbytes heruntergeladen & installiert. Danach gleich mal den Quick-Scan durchlaufen lassen und siehe da, gleich was gefunden. So sieht mein Log aus: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.16.03 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16736 NAME :: NAME [Administrator] 16.11.2013 14:46:39 MBAM-log-2013-11-16 (14-49-27).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 244109 Laufzeit: 2 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\NAME\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> 11216 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 5 HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\BI (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\SOMOTO\SDP (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SDP (PUP.Optional.FilesFrog.A) -> Daten: C:\Users\NAME\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto -> Keine Aktion durchgeführt. HKCU\Software\BI|ui_path_filesfrog (PUP.Optional.FilesFrog.A) -> Daten: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker -> Keine Aktion durchgeführt. HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0S1S1T0E1J1L1H1R -> Keine Aktion durchgeführt. HKCU\Software\Somoto\SDP|affid (PUP.Optional.Somoto.A) -> Daten: network_adworkmedia_1 -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 5 C:\Users\NAME\AppData\Local\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt. C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt. C:\Users\NAME\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\NAME\AppData\Local\Temp\ct3297265 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\NAME\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 18 C:\Users\NAME\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt. C:\$RECYCLE.BIN\S-1-5-21-1785374742-1032351872-2951623393-1001\$R8WLIRY.zip (PUP.Optional.BitCoinMIner) -> Keine Aktion durchgeführt. C:\$RECYCLE.BIN\S-1-5-21-1785374742-1032351872-2951623393-1001\$RSVH2BD.zip (Backdoor.DarkComet) -> Keine Aktion durchgeführt. C:\Users\NAME\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe (PUP.Optional.Somoto) -> Keine Aktion durchgeführt. C:\Users\NAME\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt. C:\Users\NAME\AppData\Local\Temp\ct3297265\ism.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\NAME\AppData\Local\Temp\is-D2MO3.tmp\sam__2268_il140.exe (PUP.Optional.Amonetize) -> Keine Aktion durchgeführt. C:\Users\NAME\AppData\Local\Temp\is1070216317\22644482_stp\DeltaTB.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\NAME\AppData\Local\Temp\is1070216317\22644707_stp\WebConnect.exe (PUP.Optional.WebConnect.A) -> Keine Aktion durchgeführt. C:\Users\NAME\AppData\Local\Temp\OCS\ocs_v7f.exe (PUP.Optional.DownloadSponsor.A) -> Keine Aktion durchgeführt. C:\Users\NAME\Downloads\Die.Tribute.Von.Panem.German.AC3.BDRiP.XViD SONS.avi.mp4__3038_i130275796_il5494742.exe (PUP.Optional.InstallMonetizer) -> Keine Aktion durchgeführt. C:\Users\NAME\AppData\Local\FilesFrog Update Checker\uninstall.exe (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt. C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Check for Updates.lnk (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt. C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Uninstall.lnk (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt. C:\Users\NAME\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\NAME\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\NAME\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\NAME\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. (Ende) 1. Sind die Dateien gefährlich? 2. Kann ich die einfach über das Programm entfernen und ist dann wieder alles "clean"? Ich habe mich leider noch nicht allzu Intensiv mit dem Themen Viren, Sicherheit und so weiter beschäftigt, wenn jemand außer Grundlegen Tipps wie "Anti Viren Programm" hat, gerne sagen! Mit freundlichen Grüßen, DDerTyp |
|
16.11.2013, 15:13
| #2 |
| /// the machine /// TB-Ausbilder    | PUP.Optional. - Fragen hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
16.11.2013, 15:22
| #3 |
| | PUP.Optional. - Fragen Okay, kein Problem, hier sind die beiden Log's:
__________________FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013 Ran by Jan-David (administrator) on JANPC on 16-11-2013 15:17:44 Running from C:\Users\Jan-David\Downloads Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe (Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\WINDOWS\SysWOW64\PnkBstrA.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe (Microsoft Corporation) C:\WINDOWS\System32\LogonUI.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Somoto) C:\Users\Jan-David\AppData\Local\FilesFrog Update Checker\update_checker.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Roccat GmbH) C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee\16.0\acdIDInTouch2.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (CyberLink) c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\Beats64.exe [41664 2012-10-25] (Hewlett-Packard ) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-25] (IDT, Inc.) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-08-27] (NVIDIA Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-06-13] (Adobe Systems Incorporated) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKCU\...\Run: [SDP] - C:\Users\Jan-David\AppData\Local\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto) HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd) HKCU\...\Runonce: [Uninstall C:\Users\Jan-David\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jan-David\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" HKCU\...\Policies\system: [EnableLUA] 1 MountPoints2: {474be2f9-46f0-11e3-be81-7054d27cbad2} - "J:\WD SmartWare.exe" autoplay=true HKLM-x32\...\Run: [RoccatKova+] - C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe [539688 2011-03-17] (Roccat GmbH) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-09-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [ACSW16DE] - C:\Program Files (x86)\ACD Systems\ACDSee\16.0\acdIDInTouch2.exe [1344840 2013-07-15] (ACD Systems) HKLM-x32\...\Run: [ACSW16EN] - C:\Program Files (x86)\ACD Systems\ACDSee\16.0\acdIDInTouch2.exe [1344840 2013-07-15] (ACD Systems) HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] () HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2349392 2013-11-11] (LogMeIn Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4 SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKLM - {931C66A3-FD76-41CB-BA14-34D45C90AEE4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKLM-x32 - {931C66A3-FD76-41CB-BA14-34D45C90AEE4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS SearchScopes: HKCU - {931C66A3-FD76-41CB-BA14-34D45C90AEE4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR HomePage: hxxp://www.golem.de/ CHR RestoreOnStartup: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=fe9a213d-f4bc-4c1d-8772-91ba97763fc0&affid=111583&searchtype=hp&babsrc=lnkry&installDate={installDate}", "hxxp://google.de/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Extension: (Google Drive) - C:\Users\JAN-DA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\JAN-DA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Adblock Plus) - C:\Users\JAN-DA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0 CHR Extension: (Google Search) - C:\Users\JAN-DA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Google Play Music) - C:\Users\JAN-DA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.2_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\JAN-DA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (Click&Clean App) - C:\Users\JAN-DA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0 CHR Extension: (Gmail) - C:\Users\JAN-DA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx ==================== Services (Whitelisted) ================= R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies) R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation) S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd) R2 PnkBstrA; C:\WINDOWS\SysWow64\PnkBstrA.exe [76888 2013-10-11] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-10-11] (Disc Soft Ltd) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-08] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-09-08] (Symantec Corporation) R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies) R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies) R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131110.003\IDSvia64.sys [521816 2013-10-29] (Symantec Corporation) R3 KovaPlusFltr; C:\Windows\system32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131110.004\ENG64.SYS [126040 2013-09-08] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131110.004\EX64.SYS [2099288 2013-09-08] (Symantec Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-10-11] (Duplex Secure Ltd.) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-09-10] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2013-08-01] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-08-01] (Paragon) R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-08-01] (Paragon) S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) U3 a1kelhki; C:\Windows\System32\Drivers\a1kelhki.sys [0 ] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-16 15:17 - 2013-11-16 15:18 - 00020040 _____ C:\Users\Jan-David\Downloads\FRST.txt 2013-11-16 15:17 - 2013-11-16 15:17 - 01957794 _____ (Farbar) C:\Users\Jan-David\Downloads\FRST64.exe 2013-11-16 15:17 - 2013-11-16 15:17 - 00000000 ____D C:\FRST 2013-11-16 14:55 - 2013-11-16 14:55 - 97123056 _____ C:\Users\Jan-David\Downloads\Hoh-DerSku6.rar.crdownload 2013-11-16 14:33 - 2013-11-16 14:33 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Malwarebytes 2013-11-16 14:32 - 2013-11-16 14:32 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-11-16 14:32 - 2013-11-16 14:32 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-16 14:32 - 2013-11-16 14:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-16 14:32 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2013-11-16 14:31 - 2013-11-16 14:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jan-David\Downloads\mbam-setup-1.75.0.1300.exe 2013-11-15 19:18 - 2013-11-15 19:18 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\openvr 2013-11-15 18:48 - 2013-11-15 18:48 - 00000219 _____ C:\Users\Jan-David\Desktop\Team Fortress 2.url 2013-11-15 18:39 - 2013-11-15 19:18 - 00000000 ____D C:\Program Files (x86)\Steam 2013-11-15 18:39 - 2013-11-15 18:39 - 00000983 _____ C:\Users\Public\Desktop\Steam.lnk 2013-11-15 18:38 - 2013-11-15 18:38 - 01123600 _____ C:\Users\Jan-David\Downloads\SteamSetup.exe 2013-11-15 17:38 - 2013-11-15 17:38 - 00000000 ___SH C:\DkHyperbootSync 2013-11-15 17:08 - 2013-11-15 17:08 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2013-11-15 17:08 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2013-11-15 17:08 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2013-11-14 15:34 - 2013-11-14 15:34 - 00006967 _____ C:\Users\Jan-David\Downloads\[1.6.2]ArmorStatusHUDv1.13.zip 2013-11-14 15:33 - 2013-11-14 15:33 - 00067806 _____ C:\Users\Jan-David\Downloads\[1.6.2]bspkrsCorev4.3.FORGE_ONLY.zip 2013-11-14 15:33 - 2013-11-14 15:33 - 00006412 _____ C:\Users\Jan-David\Downloads\[1.6.2]StatusEffectHUDv1.16.zip 2013-11-14 15:31 - 2013-11-14 15:31 - 00068160 _____ C:\Users\Jan-David\Downloads\[1.6.4]bspkrsCorev5.0.zip 2013-11-14 11:48 - 2013-11-14 11:48 - 03153999 _____ C:\Users\Jan-David\Downloads\Nova Launcher_2.2.2.apk 2013-11-12 20:37 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2013-11-12 20:37 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2013-11-12 20:37 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2013-11-12 20:37 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2013-11-12 20:37 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2013-11-12 20:37 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2013-11-12 20:37 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2013-11-12 20:37 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2013-11-12 20:37 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2013-11-12 20:37 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2013-11-12 20:37 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2013-11-12 20:37 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2013-11-12 20:37 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2013-11-12 20:37 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll 2013-11-12 20:37 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2013-11-12 20:37 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2013-11-12 20:37 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2013-11-12 20:37 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2013-11-12 20:37 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2013-11-12 20:37 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2013-11-12 20:37 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2013-11-12 20:37 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2013-11-12 20:37 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2013-11-12 20:37 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2013-11-12 20:37 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2013-11-12 20:37 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2013-11-12 20:37 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2013-11-12 20:37 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys 2013-11-12 20:37 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2013-11-12 20:37 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2013-11-12 20:37 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2013-11-12 20:37 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2013-11-12 20:37 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2013-11-12 20:37 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2013-11-12 20:37 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2013-11-12 20:37 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2013-11-12 20:37 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2013-11-12 20:37 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2013-11-12 20:37 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll 2013-11-12 20:37 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll 2013-11-12 20:36 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-11-12 20:36 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-11-12 20:36 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-11-12 20:36 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-11-12 20:36 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-11-12 20:36 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2013-11-12 20:36 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-11-12 20:36 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2013-11-12 20:36 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2013-11-12 20:36 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2013-11-12 20:36 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2013-11-12 20:36 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2013-11-12 20:36 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2013-11-12 20:36 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2013-11-12 20:36 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2013-11-12 20:36 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2013-11-12 20:36 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2013-11-12 17:18 - 2013-11-12 17:18 - 00153216 _____ (Amônétízé Ltd) C:\Users\Jan-David\Downloads\Die.Tribute.Von.Panem.German.AC3.BDRiP.XViD SONS.avi.mp4__3038_i130275796_il5494742.exe 2013-11-12 15:46 - 2013-11-12 15:46 - 00000000 ____D C:\Users\Jan-David\AppData\Local\ebesucher 2013-11-12 15:46 - 2013-11-12 15:46 - 00000000 ____D C:\Program Files (x86)\eBesucher Restarter 2013-11-12 15:45 - 2013-11-12 15:45 - 00952204 _____ (eBesucher ) C:\Users\Jan-David\Downloads\restarter-setup-x64.v1.2.04.exe 2013-11-08 16:51 - 2013-11-08 16:51 - 00732928 _____ C:\Users\Jan-David\Downloads\travelguide_1.0_de-DE.exe 2013-11-08 15:19 - 2013-11-08 15:19 - 00064332 _____ C:\Users\Jan-David\Documents\Jan-DavidC4DAnonymous.c4d 2013-11-07 13:08 - 2013-11-07 14:02 - 00000000 ____D C:\Users\Jan-David\Documents\HACKING 2013-11-06 17:21 - 2013-11-06 17:21 - 02295500 _____ () C:\Users\Jan-David\Downloads\TechnicLauncher.exe 2013-11-04 20:04 - 2013-11-04 20:38 - 00090563 _____ C:\Users\Jan-David\Documents\Jan-DavidC4D.c4d 2013-11-04 18:08 - 2013-11-04 18:08 - 00003047 _____ C:\Users\Jan-David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joulemeter.lnk 2013-11-04 18:08 - 2013-11-04 18:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Research 2013-11-04 16:20 - 2013-11-04 16:20 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z 2013-11-04 16:20 - 2013-11-04 16:20 - 00000000 ____D C:\Program Files (x86)\GPU-Z 2013-11-04 16:13 - 2013-11-04 16:13 - 01700504 _____ C:\Users\Jan-David\Downloads\cgminer-3.7.0-x86_64-built.tar.bz2 2013-11-04 15:56 - 2013-11-04 15:56 - 00000000 _____ C:\Users\Jan-David\Desktop\142mjUFsPVJZVvoNXnRaaM9ar6WPwDQkCD.txt 2013-11-04 15:55 - 2013-11-04 15:55 - 00000000 _____ C:\Users\Jan-David\Desktop\peaceful river smooth subcontracted pompano clear erections prerecorded thar dud paean hopkinton greenville interchangeable infrastructures heflin hopkinton.txt 2013-11-04 15:47 - 2013-11-04 15:53 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Bitcoin 2013-11-04 15:47 - 2013-11-04 15:47 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin 2013-11-04 15:47 - 2013-11-04 15:47 - 00000000 ____D C:\ProgramData\boost_interprocess 2013-11-04 15:47 - 2013-11-04 15:47 - 00000000 ____D C:\Program Files (x86)\Bitcoin 2013-11-02 12:30 - 2013-11-02 12:30 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_wpdcomp_01_11_00.Wdf 2013-10-31 16:30 - 2013-10-31 16:34 - 00000000 ____D C:\Users\Jan-David\Documents\Operatoren & Anforderungsbereiche Abitur 2013-10-29 16:53 - 2013-10-29 16:53 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\IDT 2013-10-29 14:50 - 2013-10-29 14:50 - 00002167 _____ C:\Users\Public\Desktop\Secure Eraser.lnk 2013-10-29 14:50 - 2013-10-29 14:50 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\ASCOMP Software 2013-10-29 14:50 - 2013-10-29 14:50 - 00000000 ____D C:\Program Files (x86)\ASCOMP Software 2013-10-28 17:22 - 2013-10-28 17:46 - 00000000 _____ C:\Users\Jan-David\Documents\TrueCrypt_Protected 2013-10-27 19:26 - 2013-10-27 19:29 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\TrueCrypt 2013-10-27 19:25 - 2013-10-27 19:25 - 03466248 _____ (TrueCrypt Foundation) C:\Users\Jan-David\Downloads\TrueCrypt_Setup_7.1a.exe 2013-10-27 19:25 - 2013-10-27 19:25 - 00231376 _____ (TrueCrypt Foundation) C:\WINDOWS\system32\Drivers\truecrypt.sys 2013-10-27 19:25 - 2013-10-27 19:25 - 00000877 _____ C:\Users\Public\Desktop\TrueCrypt.lnk 2013-10-27 19:25 - 2013-10-27 19:25 - 00000000 ____D C:\Program Files\TrueCrypt 2013-10-26 19:02 - 2013-11-08 14:36 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Mp3tag 2013-10-26 19:01 - 2013-10-26 19:01 - 00000000 ____D C:\Program Files (x86)\Mp3tag 2013-10-23 17:23 - 2013-10-23 17:23 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf 2013-10-23 17:23 - 2013-10-23 17:23 - 00000000 ____D C:\Program Files (x86)\Overwolf 2013-10-22 16:55 - 2013-11-06 17:22 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\.technic 2013-10-22 16:42 - 2013-10-22 16:42 - 00017624 _____ C:\Users\Jan-David\Documents\Politik KSA Marktwirtschaft etc.odt 2013-10-22 15:36 - 2013-10-22 15:36 - 00000000 ____D C:\Users\Jan-David\Documents\ROCCAT 2013-10-22 15:35 - 2013-10-22 15:35 - 00001177 _____ C:\Users\Public\Desktop\ROCCAT Power-Grid.lnk 2013-10-22 15:25 - 2013-10-22 15:25 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-10-22 15:23 - 2013-10-16 01:48 - 30344992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 25256224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 22933280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 18243632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 17560352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 15858664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 12537632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys 2013-10-22 15:23 - 2013-10-16 01:48 - 11415232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 11362672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 09516872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 09472600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 03131680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 03124512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 02946848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 02747168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 01884448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6433158.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 01511712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6433158.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 01241376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 00696096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 00655136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 00599840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 00560416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 00479520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 00405280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 00317472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 00266984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 00168616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll 2013-10-22 15:23 - 2013-10-16 01:48 - 00141336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll 2013-10-22 15:23 - 2013-06-16 13:38 - 00196384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys 2013-10-22 15:23 - 2013-06-16 13:38 - 00031520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll 2013-10-18 18:38 - 2013-10-18 18:39 - 00000000 ____D C:\Program Files (x86)\Die Erben von St.Pauli 2013-10-18 18:24 - 2013-10-18 18:24 - 00000000 ____D C:\Program Files (x86)\Hochseefischen - Die Simulation 2013-10-17 17:38 - 2013-10-17 17:38 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf ==================== One Month Modified Files and Folders ======= 2013-11-16 15:18 - 2013-11-16 15:17 - 00020040 _____ C:\Users\Jan-David\Downloads\FRST.txt 2013-11-16 15:17 - 2013-11-16 15:17 - 01957794 _____ (Farbar) C:\Users\Jan-David\Downloads\FRST64.exe 2013-11-16 15:17 - 2013-11-16 15:17 - 00000000 ____D C:\FRST 2013-11-16 15:09 - 2013-09-08 11:52 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\.minecraft 2013-11-16 15:00 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\sru 2013-11-16 14:55 - 2013-11-16 14:55 - 97123056 _____ C:\Users\Jan-David\Downloads\Hoh-DerSku6.rar.crdownload 2013-11-16 14:40 - 2013-09-08 11:29 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-16 14:33 - 2013-11-16 14:33 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Malwarebytes 2013-11-16 14:32 - 2013-11-16 14:32 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-11-16 14:32 - 2013-11-16 14:32 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-16 14:32 - 2013-11-16 14:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-16 14:31 - 2013-11-16 14:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Jan-David\Downloads\mbam-setup-1.75.0.1300.exe 2013-11-16 14:24 - 2013-09-08 11:24 - 02042137 _____ C:\WINDOWS\WindowsUpdate.log 2013-11-16 14:09 - 2013-09-08 11:30 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1785374742-1032351872-2951623393-1001 2013-11-16 14:07 - 2013-09-21 14:06 - 00000000 ____D C:\Users\Jan-David\AppData\Local\Adobe 2013-11-16 14:05 - 2013-09-20 14:17 - 00000000 ____D C:\Users\Jan-David\AppData\Local\LogMeIn Hamachi 2013-11-16 14:04 - 2013-09-08 11:29 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-15 19:53 - 2013-10-11 10:58 - 00000000 ____D C:\Program Files (x86)\Origin 2013-11-15 19:18 - 2013-11-15 19:18 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\openvr 2013-11-15 19:18 - 2013-11-15 18:39 - 00000000 ____D C:\Program Files (x86)\Steam 2013-11-15 18:48 - 2013-11-15 18:48 - 00000219 _____ C:\Users\Jan-David\Desktop\Team Fortress 2.url 2013-11-15 18:39 - 2013-11-15 18:39 - 00000983 _____ C:\Users\Public\Desktop\Steam.lnk 2013-11-15 18:38 - 2013-11-15 18:38 - 01123600 _____ C:\Users\Jan-David\Downloads\SteamSetup.exe 2013-11-15 17:38 - 2013-11-15 17:38 - 00000000 ___SH C:\DkHyperbootSync 2013-11-15 17:14 - 2013-03-26 07:57 - 00745562 _____ C:\WINDOWS\system32\perfh007.dat 2013-11-15 17:14 - 2013-03-26 07:57 - 00169488 _____ C:\WINDOWS\system32\perfc007.dat 2013-11-15 17:14 - 2012-07-26 08:28 - 01752784 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-11-15 17:08 - 2013-11-15 17:08 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2013-11-15 17:07 - 2013-03-25 23:02 - 00000000 ____D C:\ProgramData\NVIDIA 2013-11-15 17:07 - 2012-07-26 08:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-11-14 16:32 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\WinStore 2013-11-14 16:31 - 2012-07-26 09:12 - 00000000 ___RD C:\WINDOWS\ToastData 2013-11-14 15:34 - 2013-11-14 15:34 - 00006967 _____ C:\Users\Jan-David\Downloads\[1.6.2]ArmorStatusHUDv1.13.zip 2013-11-14 15:33 - 2013-11-14 15:33 - 00067806 _____ C:\Users\Jan-David\Downloads\[1.6.2]bspkrsCorev4.3.FORGE_ONLY.zip 2013-11-14 15:33 - 2013-11-14 15:33 - 00006412 _____ C:\Users\Jan-David\Downloads\[1.6.2]StatusEffectHUDv1.16.zip 2013-11-14 15:31 - 2013-11-14 15:31 - 00068160 _____ C:\Users\Jan-David\Downloads\[1.6.4]bspkrsCorev5.0.zip 2013-11-14 11:48 - 2013-11-14 11:48 - 03153999 _____ C:\Users\Jan-David\Downloads\Nova Launcher_2.2.2.apk 2013-11-13 16:09 - 2013-09-10 12:36 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-11-13 16:06 - 2013-09-10 12:36 - 82896128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-11-12 17:18 - 2013-11-12 17:18 - 00153216 _____ (Amônétízé Ltd) C:\Users\Jan-David\Downloads\Die.Tribute.Von.Panem.German.AC3.BDRiP.XViD SONS.avi.mp4__3038_i130275796_il5494742.exe 2013-11-12 15:46 - 2013-11-12 15:46 - 00000000 ____D C:\Users\Jan-David\AppData\Local\ebesucher 2013-11-12 15:46 - 2013-11-12 15:46 - 00000000 ____D C:\Program Files (x86)\eBesucher Restarter 2013-11-12 15:45 - 2013-11-12 15:45 - 00952204 _____ (eBesucher ) C:\Users\Jan-David\Downloads\restarter-setup-x64.v1.2.04.exe 2013-11-11 08:58 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM 2013-11-10 14:53 - 2013-09-25 14:28 - 00158208 ___SH C:\Users\Jan-David\Downloads\Thumbs.db 2013-11-10 14:16 - 2012-07-26 08:21 - 00041471 _____ C:\WINDOWS\setupact.log 2013-11-08 16:51 - 2013-11-08 16:51 - 00732928 _____ C:\Users\Jan-David\Downloads\travelguide_1.0_de-DE.exe 2013-11-08 16:26 - 2013-10-07 11:06 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\vlc 2013-11-08 15:19 - 2013-11-08 15:19 - 00064332 _____ C:\Users\Jan-David\Documents\Jan-DavidC4DAnonymous.c4d 2013-11-08 14:36 - 2013-10-26 19:02 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Mp3tag 2013-11-07 14:02 - 2013-11-07 13:08 - 00000000 ____D C:\Users\Jan-David\Documents\HACKING 2013-11-07 12:45 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent 2013-11-06 17:22 - 2013-10-22 16:55 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\.technic 2013-11-06 17:21 - 2013-11-06 17:21 - 02295500 _____ () C:\Users\Jan-David\Downloads\TechnicLauncher.exe 2013-11-05 23:58 - 2013-11-15 17:08 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2013-11-05 23:58 - 2013-11-15 17:08 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2013-11-04 20:38 - 2013-11-04 20:04 - 00090563 _____ C:\Users\Jan-David\Documents\Jan-DavidC4D.c4d 2013-11-04 18:08 - 2013-11-04 18:08 - 00003047 _____ C:\Users\Jan-David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joulemeter.lnk 2013-11-04 18:08 - 2013-11-04 18:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Research 2013-11-04 16:20 - 2013-11-04 16:20 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z 2013-11-04 16:20 - 2013-11-04 16:20 - 00000000 ____D C:\Program Files (x86)\GPU-Z 2013-11-04 16:15 - 2013-09-08 12:11 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\NVIDIA 2013-11-04 16:13 - 2013-11-04 16:13 - 01700504 _____ C:\Users\Jan-David\Downloads\cgminer-3.7.0-x86_64-built.tar.bz2 2013-11-04 15:56 - 2013-11-04 15:56 - 00000000 _____ C:\Users\Jan-David\Desktop\142mjUFsPVJZVvoNXnRaaM9ar6WPwDQkCD.txt 2013-11-04 15:55 - 2013-11-04 15:55 - 00000000 _____ C:\Users\Jan-David\Desktop\peaceful river smooth subcontracted pompano clear erections prerecorded thar dud paean hopkinton greenville interchangeable infrastructures heflin hopkinton.txt 2013-11-04 15:53 - 2013-11-04 15:47 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Bitcoin 2013-11-04 15:47 - 2013-11-04 15:47 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin 2013-11-04 15:47 - 2013-11-04 15:47 - 00000000 ____D C:\ProgramData\boost_interprocess 2013-11-04 15:47 - 2013-11-04 15:47 - 00000000 ____D C:\Program Files (x86)\Bitcoin 2013-11-03 16:20 - 2013-09-08 11:45 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Skype 2013-11-03 00:10 - 2013-10-09 10:49 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\TS3Client 2013-11-02 12:30 - 2013-11-02 12:30 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_wpdcomp_01_11_00.Wdf 2013-10-31 16:34 - 2013-10-31 16:30 - 00000000 ____D C:\Users\Jan-David\Documents\Operatoren & Anforderungsbereiche Abitur 2013-10-31 12:14 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2013-10-30 18:17 - 2013-09-25 19:11 - 00000000 ____D C:\Program Files (x86)\JDownloader 2013-10-30 15:36 - 2013-09-08 14:16 - 00109056 ___SH C:\Users\Jan-David\Desktop\Thumbs.db 2013-10-29 17:23 - 2013-10-10 16:14 - 00000000 ____D C:\WINDOWS\Minidump 2013-10-29 17:23 - 2013-09-08 11:21 - 00144832 ____N C:\WINDOWS\Minidump\102913-20750-01.dmp 2013-10-29 17:23 - 2012-08-10 16:03 - 00022960 _____ C:\WINDOWS\PFRO.log 2013-10-29 16:53 - 2013-10-29 16:53 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\IDT 2013-10-29 14:50 - 2013-10-29 14:50 - 00002167 _____ C:\Users\Public\Desktop\Secure Eraser.lnk 2013-10-29 14:50 - 2013-10-29 14:50 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\ASCOMP Software 2013-10-29 14:50 - 2013-10-29 14:50 - 00000000 ____D C:\Program Files (x86)\ASCOMP Software 2013-10-28 17:46 - 2013-10-28 17:22 - 00000000 _____ C:\Users\Jan-David\Documents\TrueCrypt_Protected 2013-10-27 19:29 - 2013-10-27 19:26 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\TrueCrypt 2013-10-27 19:25 - 2013-10-27 19:25 - 03466248 _____ (TrueCrypt Foundation) C:\Users\Jan-David\Downloads\TrueCrypt_Setup_7.1a.exe 2013-10-27 19:25 - 2013-10-27 19:25 - 00231376 _____ (TrueCrypt Foundation) C:\WINDOWS\system32\Drivers\truecrypt.sys 2013-10-27 19:25 - 2013-10-27 19:25 - 00000877 _____ C:\Users\Public\Desktop\TrueCrypt.lnk 2013-10-27 19:25 - 2013-10-27 19:25 - 00000000 ____D C:\Program Files\TrueCrypt 2013-10-26 19:01 - 2013-10-26 19:01 - 00000000 ____D C:\Program Files (x86)\Mp3tag 2013-10-24 10:39 - 2013-10-09 10:48 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2013-10-23 17:23 - 2013-10-23 17:23 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf 2013-10-23 17:23 - 2013-10-23 17:23 - 00000000 ____D C:\Program Files (x86)\Overwolf 2013-10-23 17:23 - 2013-10-09 10:49 - 00000000 ____D C:\Users\Jan-David\AppData\Local\Overwolf 2013-10-22 16:42 - 2013-10-22 16:42 - 00017624 _____ C:\Users\Jan-David\Documents\Politik KSA Marktwirtschaft etc.odt 2013-10-22 16:27 - 2013-03-25 23:00 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-10-22 15:49 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2013-10-22 15:36 - 2013-10-22 15:36 - 00000000 ____D C:\Users\Jan-David\Documents\ROCCAT 2013-10-22 15:35 - 2013-10-22 15:35 - 00001177 _____ C:\Users\Public\Desktop\ROCCAT Power-Grid.lnk 2013-10-22 15:35 - 2013-09-08 11:58 - 00000000 ____D C:\Program Files (x86)\ROCCAT 2013-10-22 15:25 - 2013-10-22 15:25 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-10-22 15:25 - 2013-03-25 23:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-10-18 18:39 - 2013-10-18 18:38 - 00000000 ____D C:\Program Files (x86)\Die Erben von St.Pauli 2013-10-18 18:24 - 2013-10-18 18:24 - 00000000 ____D C:\Program Files (x86)\Hochseefischen - Die Simulation 2013-10-18 12:35 - 2013-09-08 11:29 - 00004100 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-18 12:35 - 2013-09-08 11:29 - 00003864 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2013-10-17 17:38 - 2013-10-17 17:38 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf 2013-10-17 17:33 - 2013-10-11 14:15 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Apple Computer 2013-10-17 14:44 - 2013-10-16 11:30 - 00132219 _____ C:\Users\Jan-David\Documents\Ohne Titel 1.c4d Some content of TEMP: ==================== C:\Users\Jan-David\AppData\Local\Temp\Creative Cloud Helper.exe C:\Users\Jan-David\AppData\Local\Temp\drm_dyndata_7370014.dll C:\Users\Jan-David\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe C:\Users\Jan-David\AppData\Local\Temp\i4jdel0.exe C:\Users\Jan-David\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Jan-David\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Jan-David\AppData\Local\Temp\nvSCPAPISvr.exe C:\Users\Jan-David\AppData\Local\Temp\nvStInst.exe C:\Users\Jan-David\AppData\Local\Temp\OnlineWeatherSetup.exe C:\Users\Jan-David\AppData\Local\Temp\sonarinst.exe C:\Users\Jan-David\AppData\Local\Temp\UpdateCheckerSetup.exe C:\Users\Jan-David\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-08 14:00 ==================== End Of Log ============================ [/CODE] Addition: Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2013
Ran by Jan-David at 2013-11-16 15:19:47
Running from C:\Users\Jan-David\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
8500A909_eDocs (x32 Version: 1.00.0000)
8500A909_Help (x32 Version: 1.00.0000)
8500A909g (x32 Version: 140.0.001.000)
ACDSee 16 (x32 Version: 16.1.88)
Adobe Creative Cloud (x32 Version: 2.1.2.232)
Adobe Photoshop CC (x32 Version: 14.0)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
ANNO 2070 (x32 Version: 1.0.0.0)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
ASIO4ALL (x32 Version: 2.11 Beta1)
Audacity 2.0.4 (x32 Version: 2.0.4)
Battlefield 4™ Beta (x32 Version: 1.0.0.0)
Battlelog Web Plugins (x32 Version: 2.3.0)
Bing Bar (x32 Version: 7.2.241.0)
Bitcoin (HKCU Version: 0.8.1)
Blender (Version: 2.68a)
Bonjour (Version: 3.0.0.10)
Borderlands 2 Game of the Year Edition MULTI-2 1.6.0 (x32)
BPD_DSWizards (x32 Version: 1.00.0000)
bpd_scan (x32 Version: 3.00.0000)
BPDSoftware (x32 Version: 140.0.001.000)
BPDSoftware_Ini (x32 Version: 1.00.0000)
BufferChm (x32 Version: 140.0.298.000)
Bundled software uninstaller (x32)
Cinema 4D version R12 (x32 Version: R12)
Connected Music powered by Universal Music Group version 1.0 (x32 Version: 1.0)
Craften Terminal 3.4.5011.37604 (x32 Version: 3.4.5011.37604)
CyberLink LabelPrint (x32 Version: 2.5.2.5630)
CyberLink Media Suite 10 (x32 Version: 10.0.2.2114)
CyberLink PhotoDirector (x32 Version: 2.0.2.3317)
CyberLink Power2Go 8 (x32 Version: 8.0.2.2126)
CyberLink PowerDirector 10 (x32 Version: 10.0.2.2126)
CyberLink PowerDVD (x32 Version: 10.0.7.4605)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.47.1.0337)
Destinations (x32 Version: 140.0.253.000)
DeviceDiscovery (x32 Version: 140.0.298.000)
Die Erben von St.Pauli (x32)
Die Siedler - Aufbruch der Kulturen (x32)
DivX-Setup (x32 Version: 2.6.1.84)
DocProc (x32 Version: 140.0.185.000)
eBesucher Restarter 1.2 (x32 Version: 1.2.04.0)
ESN Sonar (x32 Version: 0.70.4)
ExpressCache (Version: 1.0.94)
Fax (x32 Version: 140.0.307.000)
FilesFrog Update Checker (x32)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.31.0)
FL Studio 11 (x32)
FlowStone FL 3.0 (x32)
Fotogalerie (x32 Version: 16.4.3503.0728)
Fraps (remove only) (x32)
Free Studio version 2013 (x32 Version: 6.1.11.0827)
GeForce Experience NvStream Client Components (Version: 0.1.87)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
GPBaseService2 (x32 Version: 140.0.297.000)
Grand Theft Auto San Andreas (x32 Version: v1.0/1.1)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
Hochseefischen - Die Simulation (x32)
HP Connected Music (Meridian - installer) (x32 Version: v1.0)
HP Connected Remote (x32 Version: 1.0.1218)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet Pro 8500 A909 Series (Version: 14.0)
HP Postscript Converter (Version: 3.1.3591)
HP Registration Service (Version: 1.1.6232.4245)
HP Solution Center 14.0 (Version: 14.0)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Support Information (x32 Version: 12.00.0000)
HP Update (x32 Version: 5.002.006.003)
HPProductAssistant (x32 Version: 140.0.298.000)
HPSSupply (x32 Version: 140.0.297.000)
IDT Audio (x32 Version: 1.0.6429.0)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
iTunes (Version: 11.1.1.11)
Java 7 Update 40 (64-bit) (Version: 7.0.400)
JDownloader 0.9 (x32 Version: 0.9)
Joulemeter (x32 Version: 1.2.0)
LAME v3.99.3 (for Windows) (x32)
LogMeIn Hamachi (x32 Version: 2.2.0.105)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.2.6)
MAGIX Video deluxe 2013 (Version: 12.0.0.32)
MAGIX Video deluxe 2013 (x32 Version: 12.0.0.32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 140.0.212.000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Silverlight (x32 Version: 5.1.10411.0)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Movie Maker (x32 Version: 16.4.3503.0728)
Mp3tag v2.58 (x32 Version: v2.58)
MPM (x32 Version: 1.00.0000)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Network64 (Version: 140.0.306.000)
Norton Internet Security (x32 Version: 20.4.0.40)
Notepad++ (x32 Version: 6.4.5)
NVIDIA 3D Vision Controller-Treiber 331.58 (Version: 331.58)
NVIDIA 3D Vision Treiber 331.58 (Version: 331.58)
NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1)
NVIDIA Grafiktreiber 331.58 (Version: 331.58)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.133.902)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3158)
NVIDIA Systemsteuerung 331.58 (Version: 331.58)
NVIDIA Update 8.3.14 (Version: 8.3.14)
NVIDIA Update Components (Version: 8.3.14)
NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
Origin (x32 Version: 9.3.7.2735)
Overwolf (x32 Version: 0.44.256)
Paragon Festplatten Manager™ 2013 Kompakt (x32 Version: 90.00.0003)
PDF Settings CC (x32 Version: 12.0)
Photo Common (x32 Version: 16.4.3503.0728)
Photo Gallery (x32 Version: 16.4.3503.0728)
ProductContext (x32 Version: 140.0.001.000)
PS3 Media Server (x32 Version: 1.90.1)
PS3Muxer 1.30 (x32)
PunkBuster Services (x32 Version: 0.993)
Recovery Manager (x32 Version: 5.5.0.5826)
ROCCAT Kova[+] Mouse Driver (x32 Version: 1.10)
ROCCAT Power-Grid Version 0.458 (x32 Version: 0.458)
Scan (x32 Version: 140.0.253.000)
Scratch (x32 Version: 1.4.0.0)
Secure Eraser (x32 Version: 4.2.0.1)
SHIELD Streaming (Version: 1.05.28)
Shop for HP Supplies (Version: 14.0)
Sigil 0.7.3 (x32)
Skype™ 6.7 (x32 Version: 6.7.102)
SolutionCenter (x32 Version: 140.0.299.000)
Status (x32 Version: 140.0.342.000)
Steam (x32)
SUPER © v2013.build.57+Recorder (2013/07/13) Version v2013.buil (x32 Version: v2013.build.57+Recorder)
Team Fortress 2 (x32)
TeamSpeak 3 Client (Version: 3.0.13.1)
TechPowerUp GPU-Z (x32)
Tom Clancy's Splinter Cell Blacklist The 5th Freedom Edition 1.01 (x32)
Toolbox (x32 Version: 140.0.596.000)
TrayApp (x32 Version: 140.0.297.000)
TrueCrypt (x32 Version: 7.1a)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VLC media player 2.1.0 (Version: 2.1.0)
WebReg (x32 Version: 140.0.297.017)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)
==================== Restore Points =========================
04-11-2013 17:08:31 Installed Joulemeter
12-11-2013 17:03:48 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0101FECA-E442-424B-B7A5-C69032BFE1E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-08] (Google Inc.)
Task: {2CDF4736-56B7-414D-B2E3-A40200ABE0D5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3004B50A-2F19-452E-8925-FB9C437D6A01} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-04] (Symantec Corporation)
Task: {5FA7FF8B-A343-4AE3-91C8-5D40E85E0829} - System32\Tasks\AdobeAAMUpdater-1.0-JanPC-Jan-David => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {6E98B86A-56BD-4DE1-84C7-A6BA553A8329} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {7AEC86E6-7449-4F89-B3E4-A9B5FE616D2D} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {87F81755-F735-4198-8C56-7C7F820D2FB5} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-10-12] (Microsoft Corporation)
Task: {919EE860-9E59-4293-BCF1-B054F16D5E7A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {98B3C912-F064-4FCB-A6BC-07327172AB08} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {9B246F4A-9A10-4D6F-B570-5BCA30655414} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {9E618D9D-49E7-4555-9CE1-A68BE402820E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A102A09E-1AF1-4E2A-B931-E27066C0935D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {AA773A37-1D29-46E8-B377-1B7DAC6C60EF} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {E8968DD5-E506-40B6-80E8-050B5BA34212} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-08] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-08-30 09:01 - 2013-08-30 09:01 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2013-11-16 14:56 - 2013-11-16 14:56 - 00306176 _____ () C:\Users\Jan-David\AppData\Roaming\.minecraft\versions\1.6.4-Forge9.11.0.883\1.6.4-Forge9.11.0.883-natives-78588060738248\lwjgl64.dll
2013-11-16 14:56 - 2013-11-16 14:56 - 00382464 _____ () C:\Users\Jan-David\AppData\Roaming\.minecraft\versions\1.6.4-Forge9.11.0.883\1.6.4-Forge9.11.0.883-natives-78588060738248\OpenAL64.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-25 23:04 - 2012-07-18 09:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-10 10:48 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2013-09-08 11:59 - 2010-05-29 13:57 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\hiddriver.dll
2013-09-03 14:25 - 2013-09-03 14:25 - 32726528 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2013-03-13 12:42 - 2013-06-05 13:21 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
2013-08-29 01:25 - 2013-08-29 01:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-08-30 09:00 - 2013-08-30 09:00 - 00381808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CCInvokeAAM.dll
2013-03-25 23:10 - 2012-06-08 04:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-10-18 12:50 - 2013-10-09 01:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-18 12:50 - 2013-10-09 01:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-18 12:50 - 2013-10-09 01:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-18 12:50 - 2013-10-09 01:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-18 12:50 - 2013-10-09 01:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-10-18 12:50 - 2013-10-09 01:02 - 13584336 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== Faulty Device Manager Devices =============
Name: Officejet Pro 8500 A909g
Description: Officejet Pro 8500 A909g
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/15/2013 05:11:43 PM) (Source: Perflib) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8
Error: (11/15/2013 05:08:25 PM) (Source: Windows Search Service) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet. 0x0.
Error: (11/15/2013 05:08:25 PM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Kontext: Anwendung, SystemIndex Katalog
Error: (11/15/2013 05:08:24 PM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.
Error: (11/14/2013 00:40:10 PM) (Source: Perflib) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8
Error: (11/12/2013 06:20:19 PM) (Source: Perflib) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8
Error: (11/11/2013 04:29:45 PM) (Source: Perflib) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8
Error: (11/09/2013 05:40:28 PM) (Source: Perflib) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8
Error: (11/08/2013 01:29:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ccSvcHst.exe, Version: 12.3.3.2, Zeitstempel: 0x519ab0d3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001d73b
ID des fehlerhaften Prozesses: 0x2300
Startzeit der fehlerhaften Anwendung: 0xccSvcHst.exe0
Pfad der fehlerhaften Anwendung: ccSvcHst.exe1
Pfad des fehlerhaften Moduls: ccSvcHst.exe2
Berichtskennung: ccSvcHst.exe3
Vollständiger Name des fehlerhaften Pakets: ccSvcHst.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ccSvcHst.exe5
Error: (11/08/2013 01:29:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ccSvcHst.exe, Version: 12.3.3.2, Zeitstempel: 0x519ab0d3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001d73b
ID des fehlerhaften Prozesses: 0x16f0
Startzeit der fehlerhaften Anwendung: 0xccSvcHst.exe0
Pfad der fehlerhaften Anwendung: ccSvcHst.exe1
Pfad des fehlerhaften Moduls: ccSvcHst.exe2
Berichtskennung: ccSvcHst.exe3
Vollständiger Name des fehlerhaften Pakets: ccSvcHst.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ccSvcHst.exe5
System errors:
=============
Error: (11/16/2013 03:13:44 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 1203.
Error: (11/16/2013 03:13:14 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 1203.
Error: (11/16/2013 03:12:44 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 1203.
Error: (11/15/2013 06:44:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/15/2013 06:44:45 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (11/15/2013 05:08:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (11/15/2013 05:08:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2147942405
Error: (11/15/2013 05:08:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%2147942405
Error: (11/15/2013 05:08:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2147942405
Error: (11/15/2013 05:08:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%2147942405
Microsoft Office Sessions:
=========================
Error: (11/15/2013 05:11:43 PM) (Source: Perflib)(User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8
Error: (11/15/2013 05:08:25 PM) (Source: Windows Search Service)(User: )
Description: WSearchIdxPiDer Vorgang wurde erfolgreich beendet. 0x0
Error: (11/15/2013 05:08:25 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Error: (11/15/2013 05:08:24 PM) (Source: Windows Search Service)(User: )
Description:
Error: (11/14/2013 00:40:10 PM) (Source: Perflib)(User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8
Error: (11/12/2013 06:20:19 PM) (Source: Perflib)(User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8
Error: (11/11/2013 04:29:45 PM) (Source: Perflib)(User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8
Error: (11/09/2013 05:40:28 PM) (Source: Perflib)(User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8
Error: (11/08/2013 01:29:04 PM) (Source: Application Error)(User: )
Description: ccSvcHst.exe12.3.3.2519ab0d3ntdll.dll6.2.9200.16578515fac6ec00000050001d73b230001cedc7e1ce524e2C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exeC:\WINDOWS\SYSTEM32\ntdll.dll5a91b0e3-4871-11e3-be81-7054d27cbad2
Error: (11/08/2013 01:29:01 PM) (Source: Application Error)(User: )
Description: ccSvcHst.exe12.3.3.2519ab0d3ntdll.dll6.2.9200.16578515fac6ec00000050001d73b16f001cedc7e1a981083C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exeC:\WINDOWS\SYSTEM32\ntdll.dll58449c6b-4871-11e3-be81-7054d27cbad2
==================== Memory info ===========================
Percentage of memory in use: 60%
Total physical RAM: 8131.55 MB
Available physical RAM: 3199.5 MB
Total Pagefile: 8595.55 MB
Available Pagefile: 2358.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:918.07 GB) (Free:564.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.63 GB) (Free:1.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:1.85 GB) (Free:1.85 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: D44840C3)
Partition: GPT Partition Type
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 3CAE5427)
Partition 1: (Not Active) - (Size=15 GB) - (Type=73)
========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)
==================== End Of Log ============================
Mit freundlichen Grüßen, DDerTyp |
|
17.11.2013, 07:01
| #4 |
| /// the machine /// TB-Ausbilder | PUP.Optional. - Fragen MBAM alles löschen lassen. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
