Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: PUP.Optional. - Fragen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.11.2013, 14:55   #1
DDerTyp
 
PUP.Optional. - Fragen - Standard

PUP.Optional. - Fragen



Hallo,

ich bin relativ neu hier und habe gleich schonmal eine Frage. Ich habe mir mal Malwarbytes heruntergeladen & installiert. Danach gleich mal den Quick-Scan durchlaufen lassen und siehe da, gleich was gefunden. So sieht mein Log aus:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.16.03

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
NAME :: NAME [Administrator]

16.11.2013 14:46:39
MBAM-log-2013-11-16 (14-49-27).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 244109
Laufzeit: 2 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\NAME\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> 11216 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 5
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\BI (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\SOMOTO\SDP (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SDP (PUP.Optional.FilesFrog.A) -> Daten: C:\Users\NAME\AppData\Local\FilesFrog Update Checker\update_checker.exe /auto  -> Keine Aktion durchgeführt.
HKCU\Software\BI|ui_path_filesfrog (PUP.Optional.FilesFrog.A) -> Daten: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker -> Keine Aktion durchgeführt.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0S1S1T0E1J1L1H1R -> Keine Aktion durchgeführt.
HKCU\Software\Somoto\SDP|affid (PUP.Optional.Somoto.A) -> Daten: network_adworkmedia_1 -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 5
C:\Users\NAME\AppData\Local\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt.
C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt.
C:\Users\NAME\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\NAME\AppData\Local\Temp\ct3297265 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\NAME\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 18
C:\Users\NAME\AppData\Local\FilesFrog Update Checker\update_checker.exe (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt.
C:\$RECYCLE.BIN\S-1-5-21-1785374742-1032351872-2951623393-1001\$R8WLIRY.zip (PUP.Optional.BitCoinMIner) -> Keine Aktion durchgeführt.
C:\$RECYCLE.BIN\S-1-5-21-1785374742-1032351872-2951623393-1001\$RSVH2BD.zip (Backdoor.DarkComet) -> Keine Aktion durchgeführt.
C:\Users\NAME\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe (PUP.Optional.Somoto) -> Keine Aktion durchgeführt.
C:\Users\NAME\AppData\Local\Temp\UpdateCheckerSetup.exe (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt.
C:\Users\NAME\AppData\Local\Temp\ct3297265\ism.exe (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\NAME\AppData\Local\Temp\is-D2MO3.tmp\sam__2268_il140.exe (PUP.Optional.Amonetize) -> Keine Aktion durchgeführt.
C:\Users\NAME\AppData\Local\Temp\is1070216317\22644482_stp\DeltaTB.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\NAME\AppData\Local\Temp\is1070216317\22644707_stp\WebConnect.exe (PUP.Optional.WebConnect.A) -> Keine Aktion durchgeführt.
C:\Users\NAME\AppData\Local\Temp\OCS\ocs_v7f.exe (PUP.Optional.DownloadSponsor.A) -> Keine Aktion durchgeführt.
C:\Users\NAME\Downloads\Die.Tribute.Von.Panem.German.AC3.BDRiP.XViD SONS.avi.mp4__3038_i130275796_il5494742.exe (PUP.Optional.InstallMonetizer) -> Keine Aktion durchgeführt.
C:\Users\NAME\AppData\Local\FilesFrog Update Checker\uninstall.exe (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt.
C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Check for Updates.lnk (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt.
C:\Users\NAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Uninstall.lnk (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt.
C:\Users\NAME\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\NAME\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\NAME\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
C:\Users\NAME\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.

(Ende)
         
Jetzt meine Frage(n), die vielleicht zu einfach für euch sind...

1. Sind die Dateien gefährlich?
2. Kann ich die einfach über das Programm entfernen und ist dann wieder alles "clean"?

Ich habe mich leider noch nicht allzu Intensiv mit dem Themen Viren, Sicherheit und so weiter beschäftigt, wenn jemand außer Grundlegen Tipps wie "Anti Viren Programm" hat, gerne sagen!

Mit freundlichen Grüßen,
DDerTyp

Alt 16.11.2013, 15:13   #2
schrauber
/// the machine
/// TB-Ausbilder
 

PUP.Optional. - Fragen - Standard

PUP.Optional. - Fragen



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 16.11.2013, 15:22   #3
DDerTyp
 
PUP.Optional. - Fragen - Standard

PUP.Optional. - Fragen



Okay, kein Problem, hier sind die beiden Log's:

FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Jan-David (administrator) on JANPC on 16-11-2013 15:17:44
Running from C:\Users\Jan-David\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
(Microsoft Corporation) C:\WINDOWS\System32\LogonUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Somoto) C:\Users\Jan-David\AppData\Local\FilesFrog Update Checker\update_checker.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Roccat GmbH) C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee\16.0\acdIDInTouch2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(CyberLink) c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\Beats64.exe [41664 2012-10-25] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-25] (IDT, Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [SDP] - C:\Users\Jan-David\AppData\Local\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKCU\...\Runonce: [Uninstall C:\Users\Jan-David\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] - C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jan-David\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
HKCU\...\Policies\system: [EnableLUA] 1
MountPoints2: {474be2f9-46f0-11e3-be81-7054d27cbad2} - "J:\WD SmartWare.exe" autoplay=true
HKLM-x32\...\Run: [RoccatKova+] - C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\Kova[+]Monitor.exe [539688 2011-03-17] (Roccat GmbH)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ACSW16DE] - C:\Program Files (x86)\ACD Systems\ACDSee\16.0\acdIDInTouch2.exe [1344840 2013-07-15] (ACD Systems)
HKLM-x32\...\Run: [ACSW16EN] - C:\Program Files (x86)\ACD Systems\ACDSee\16.0\acdIDInTouch2.exe [1344840 2013-07-15] (ACD Systems)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2349392 2013-11-11] (LogMeIn Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {931C66A3-FD76-41CB-BA14-34D45C90AEE4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {931C66A3-FD76-41CB-BA14-34D45C90AEE4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {931C66A3-FD76-41CB-BA14-34D45C90AEE4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR HomePage: hxxp://www.golem.de/
CHR RestoreOnStartup: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=fe9a213d-f4bc-4c1d-8772-91ba97763fc0&affid=111583&searchtype=hp&babsrc=lnkry&installDate={installDate}", "hxxp://google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\JAN-DA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\JAN-DA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\JAN-DA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Google Search) - C:\Users\JAN-DA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Play Music) - C:\Users\JAN-DA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg\5.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\JAN-DA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Click&Clean App) - C:\Users\JAN-DA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0
CHR Extension: (Gmail) - C:\Users\JAN-DA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx

==================== Services (Whitelisted) =================

R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 PnkBstrA; C:\WINDOWS\SysWow64\PnkBstrA.exe [76888 2013-10-11] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [1524824 2013-10-23] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-10-11] (Disc Soft Ltd)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-08] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-09-08] (Symantec Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
R3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2013-07-03] (LogMeIn Inc.)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131110.003\IDSvia64.sys [521816 2013-10-29] (Symantec Corporation)
R3 KovaPlusFltr; C:\Windows\system32\drivers\KovaPlusFltr.sys [15104 2010-01-25] (ROCCAT Development, Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131110.004\ENG64.SYS [126040 2013-09-08] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131110.004\EX64.SYS [2099288 2013-09-08] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-10-11] (Duplex Secure Ltd.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-09-10] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2013-08-01] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-08-01] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-08-01] (Paragon)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
U3 a1kelhki; C:\Windows\System32\Drivers\a1kelhki.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-16 15:17 - 2013-11-16 15:18 - 00020040 _____ C:\Users\Jan-David\Downloads\FRST.txt
2013-11-16 15:17 - 2013-11-16 15:17 - 01957794 _____ (Farbar) C:\Users\Jan-David\Downloads\FRST64.exe
2013-11-16 15:17 - 2013-11-16 15:17 - 00000000 ____D C:\FRST
2013-11-16 14:55 - 2013-11-16 14:55 - 97123056 _____ C:\Users\Jan-David\Downloads\Hoh-DerSku6.rar.crdownload
2013-11-16 14:33 - 2013-11-16 14:33 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Malwarebytes
2013-11-16 14:32 - 2013-11-16 14:32 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-16 14:32 - 2013-11-16 14:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-16 14:32 - 2013-11-16 14:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-16 14:32 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-11-16 14:31 - 2013-11-16 14:31 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Jan-David\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-15 19:18 - 2013-11-15 19:18 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\openvr
2013-11-15 18:48 - 2013-11-15 18:48 - 00000219 _____ C:\Users\Jan-David\Desktop\Team Fortress 2.url
2013-11-15 18:39 - 2013-11-15 19:18 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-15 18:39 - 2013-11-15 18:39 - 00000983 _____ C:\Users\Public\Desktop\Steam.lnk
2013-11-15 18:38 - 2013-11-15 18:38 - 01123600 _____ C:\Users\Jan-David\Downloads\SteamSetup.exe
2013-11-15 17:38 - 2013-11-15 17:38 - 00000000 ___SH C:\DkHyperbootSync
2013-11-15 17:08 - 2013-11-15 17:08 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-15 17:08 - 2013-11-05 23:58 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-11-15 17:08 - 2013-11-05 23:58 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-14 15:34 - 2013-11-14 15:34 - 00006967 _____ C:\Users\Jan-David\Downloads\[1.6.2]ArmorStatusHUDv1.13.zip
2013-11-14 15:33 - 2013-11-14 15:33 - 00067806 _____ C:\Users\Jan-David\Downloads\[1.6.2]bspkrsCorev4.3.FORGE_ONLY.zip
2013-11-14 15:33 - 2013-11-14 15:33 - 00006412 _____ C:\Users\Jan-David\Downloads\[1.6.2]StatusEffectHUDv1.16.zip
2013-11-14 15:31 - 2013-11-14 15:31 - 00068160 _____ C:\Users\Jan-David\Downloads\[1.6.4]bspkrsCorev5.0.zip
2013-11-14 11:48 - 2013-11-14 11:48 - 03153999 _____ C:\Users\Jan-David\Downloads\Nova Launcher_2.2.2.apk
2013-11-12 20:37 - 2013-10-10 12:53 - 00096600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2013-11-12 20:37 - 2013-10-10 10:21 - 01160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2013-11-12 20:37 - 2013-10-10 10:20 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2013-11-12 20:37 - 2013-10-03 00:25 - 01300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-11-12 20:37 - 2013-10-02 00:37 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2013-11-12 20:37 - 2013-10-02 00:37 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2013-11-12 20:37 - 2013-10-02 00:26 - 02304512 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-11-12 20:37 - 2013-10-02 00:26 - 01890816 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2013-11-12 20:37 - 2013-10-01 23:22 - 01022976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2013-11-12 20:37 - 2013-09-23 23:30 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2013-11-12 20:37 - 2013-09-23 23:30 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2013-11-12 20:37 - 2013-09-14 02:15 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-11-12 20:37 - 2013-09-13 23:36 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2013-11-12 20:37 - 2013-09-13 23:36 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll
2013-11-12 20:37 - 2013-09-13 23:36 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2013-11-12 20:37 - 2013-09-13 23:36 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2013-11-12 20:37 - 2013-09-13 23:36 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2013-11-12 20:37 - 2013-09-13 23:34 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-11-12 20:37 - 2013-09-13 23:33 - 03279360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-11-12 20:37 - 2013-09-13 23:33 - 01622016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-11-12 20:37 - 2013-09-13 23:33 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-11-12 20:37 - 2013-09-13 23:33 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-11-12 20:37 - 2013-09-13 23:33 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-11-12 20:37 - 2013-09-13 23:33 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-11-12 20:37 - 2013-09-13 23:33 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-11-12 20:37 - 2013-09-13 23:33 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-11-12 20:37 - 2013-09-04 04:11 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2013-11-12 20:37 - 2013-08-30 06:43 - 00061784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2013-11-12 20:37 - 2013-08-30 06:20 - 01173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2013-11-12 20:37 - 2013-08-30 00:48 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2013-11-12 20:37 - 2013-08-23 08:22 - 02062848 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2013-11-12 20:37 - 2013-08-23 02:44 - 01711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2013-11-12 20:37 - 2013-08-21 07:39 - 00465240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2013-11-12 20:37 - 2013-08-10 07:30 - 00151896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2013-11-12 20:37 - 2013-08-10 06:21 - 00817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2013-11-12 20:37 - 2013-08-10 04:58 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2013-11-12 20:37 - 2013-07-25 00:10 - 10799104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-11-12 20:37 - 2013-07-25 00:07 - 13661696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-11-12 20:37 - 2013-07-12 02:38 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2013-11-12 20:37 - 2013-07-12 02:30 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2013-11-12 20:36 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-11-12 20:36 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-11-12 20:36 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-11-12 20:36 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-11-12 20:36 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-11-12 20:36 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-11-12 20:36 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-11-12 20:36 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-11-12 20:36 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-11-12 20:36 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-11-12 20:36 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-11-12 20:36 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-11-12 20:36 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-11-12 20:36 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-11-12 20:36 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-11-12 20:36 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-11-12 20:36 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-11-12 17:18 - 2013-11-12 17:18 - 00153216 _____ (Amônétízé Ltd) C:\Users\Jan-David\Downloads\Die.Tribute.Von.Panem.German.AC3.BDRiP.XViD SONS.avi.mp4__3038_i130275796_il5494742.exe
2013-11-12 15:46 - 2013-11-12 15:46 - 00000000 ____D C:\Users\Jan-David\AppData\Local\ebesucher
2013-11-12 15:46 - 2013-11-12 15:46 - 00000000 ____D C:\Program Files (x86)\eBesucher Restarter
2013-11-12 15:45 - 2013-11-12 15:45 - 00952204 _____ (eBesucher                                                   ) C:\Users\Jan-David\Downloads\restarter-setup-x64.v1.2.04.exe
2013-11-08 16:51 - 2013-11-08 16:51 - 00732928 _____ C:\Users\Jan-David\Downloads\travelguide_1.0_de-DE.exe
2013-11-08 15:19 - 2013-11-08 15:19 - 00064332 _____ C:\Users\Jan-David\Documents\Jan-DavidC4DAnonymous.c4d
2013-11-07 13:08 - 2013-11-07 14:02 - 00000000 ____D C:\Users\Jan-David\Documents\HACKING
2013-11-06 17:21 - 2013-11-06 17:21 - 02295500 _____ () C:\Users\Jan-David\Downloads\TechnicLauncher.exe
2013-11-04 20:04 - 2013-11-04 20:38 - 00090563 _____ C:\Users\Jan-David\Documents\Jan-DavidC4D.c4d
2013-11-04 18:08 - 2013-11-04 18:08 - 00003047 _____ C:\Users\Jan-David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joulemeter.lnk
2013-11-04 18:08 - 2013-11-04 18:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Research
2013-11-04 16:20 - 2013-11-04 16:20 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2013-11-04 16:20 - 2013-11-04 16:20 - 00000000 ____D C:\Program Files (x86)\GPU-Z
2013-11-04 16:13 - 2013-11-04 16:13 - 01700504 _____ C:\Users\Jan-David\Downloads\cgminer-3.7.0-x86_64-built.tar.bz2
2013-11-04 15:56 - 2013-11-04 15:56 - 00000000 _____ C:\Users\Jan-David\Desktop\142mjUFsPVJZVvoNXnRaaM9ar6WPwDQkCD.txt
2013-11-04 15:55 - 2013-11-04 15:55 - 00000000 _____ C:\Users\Jan-David\Desktop\peaceful river smooth subcontracted pompano clear erections prerecorded thar dud paean hopkinton greenville interchangeable infrastructures heflin hopkinton.txt
2013-11-04 15:47 - 2013-11-04 15:53 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Bitcoin
2013-11-04 15:47 - 2013-11-04 15:47 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin
2013-11-04 15:47 - 2013-11-04 15:47 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-11-04 15:47 - 2013-11-04 15:47 - 00000000 ____D C:\Program Files (x86)\Bitcoin
2013-11-02 12:30 - 2013-11-02 12:30 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_wpdcomp_01_11_00.Wdf
2013-10-31 16:30 - 2013-10-31 16:34 - 00000000 ____D C:\Users\Jan-David\Documents\Operatoren & Anforderungsbereiche Abitur
2013-10-29 16:53 - 2013-10-29 16:53 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\IDT
2013-10-29 14:50 - 2013-10-29 14:50 - 00002167 _____ C:\Users\Public\Desktop\Secure Eraser.lnk
2013-10-29 14:50 - 2013-10-29 14:50 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\ASCOMP Software
2013-10-29 14:50 - 2013-10-29 14:50 - 00000000 ____D C:\Program Files (x86)\ASCOMP Software
2013-10-28 17:22 - 2013-10-28 17:46 - 00000000 _____ C:\Users\Jan-David\Documents\TrueCrypt_Protected
2013-10-27 19:26 - 2013-10-27 19:29 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\TrueCrypt
2013-10-27 19:25 - 2013-10-27 19:25 - 03466248 _____ (TrueCrypt Foundation) C:\Users\Jan-David\Downloads\TrueCrypt_Setup_7.1a.exe
2013-10-27 19:25 - 2013-10-27 19:25 - 00231376 _____ (TrueCrypt Foundation) C:\WINDOWS\system32\Drivers\truecrypt.sys
2013-10-27 19:25 - 2013-10-27 19:25 - 00000877 _____ C:\Users\Public\Desktop\TrueCrypt.lnk
2013-10-27 19:25 - 2013-10-27 19:25 - 00000000 ____D C:\Program Files\TrueCrypt
2013-10-26 19:02 - 2013-11-08 14:36 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Mp3tag
2013-10-26 19:01 - 2013-10-26 19:01 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-10-23 17:23 - 2013-10-23 17:23 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2013-10-23 17:23 - 2013-10-23 17:23 - 00000000 ____D C:\Program Files (x86)\Overwolf
2013-10-22 16:55 - 2013-11-06 17:22 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\.technic
2013-10-22 16:42 - 2013-10-22 16:42 - 00017624 _____ C:\Users\Jan-David\Documents\Politik KSA Marktwirtschaft etc.odt
2013-10-22 15:36 - 2013-10-22 15:36 - 00000000 ____D C:\Users\Jan-David\Documents\ROCCAT
2013-10-22 15:35 - 2013-10-22 15:35 - 00001177 _____ C:\Users\Public\Desktop\ROCCAT Power-Grid.lnk
2013-10-22 15:25 - 2013-10-22 15:25 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-22 15:23 - 2013-10-16 01:48 - 30344992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 25256224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 22933280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 18243632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 17560352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 15858664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 12537632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2013-10-22 15:23 - 2013-10-16 01:48 - 11415232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 11362672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 09516872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 09472600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 03131680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 03124512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 02946848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 02747168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 01884448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6433158.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 01511712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6433158.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 01241376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 00696096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 00655136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 00599840 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 00560416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 00479520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 00405280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 00317472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 00266984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 00168616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2013-10-22 15:23 - 2013-10-16 01:48 - 00141336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2013-10-22 15:23 - 2013-06-16 13:38 - 00196384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2013-10-22 15:23 - 2013-06-16 13:38 - 00031520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2013-10-18 18:38 - 2013-10-18 18:39 - 00000000 ____D C:\Program Files (x86)\Die Erben von St.Pauli
2013-10-18 18:24 - 2013-10-18 18:24 - 00000000 ____D C:\Program Files (x86)\Hochseefischen - Die Simulation
2013-10-17 17:38 - 2013-10-17 17:38 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf

==================== One Month Modified Files and Folders =======

2013-11-16 15:18 - 2013-11-16 15:17 - 00020040 _____ C:\Users\Jan-David\Downloads\FRST.txt
2013-11-16 15:17 - 2013-11-16 15:17 - 01957794 _____ (Farbar) C:\Users\Jan-David\Downloads\FRST64.exe
2013-11-16 15:17 - 2013-11-16 15:17 - 00000000 ____D C:\FRST
2013-11-16 15:09 - 2013-09-08 11:52 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\.minecraft
2013-11-16 15:00 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-11-16 14:55 - 2013-11-16 14:55 - 97123056 _____ C:\Users\Jan-David\Downloads\Hoh-DerSku6.rar.crdownload
2013-11-16 14:40 - 2013-09-08 11:29 - 00001128 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-16 14:33 - 2013-11-16 14:33 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Malwarebytes
2013-11-16 14:32 - 2013-11-16 14:32 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-16 14:32 - 2013-11-16 14:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-16 14:32 - 2013-11-16 14:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-16 14:31 - 2013-11-16 14:31 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Jan-David\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-16 14:24 - 2013-09-08 11:24 - 02042137 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-16 14:09 - 2013-09-08 11:30 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1785374742-1032351872-2951623393-1001
2013-11-16 14:07 - 2013-09-21 14:06 - 00000000 ____D C:\Users\Jan-David\AppData\Local\Adobe
2013-11-16 14:05 - 2013-09-20 14:17 - 00000000 ____D C:\Users\Jan-David\AppData\Local\LogMeIn Hamachi
2013-11-16 14:04 - 2013-09-08 11:29 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-15 19:53 - 2013-10-11 10:58 - 00000000 ____D C:\Program Files (x86)\Origin
2013-11-15 19:18 - 2013-11-15 19:18 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\openvr
2013-11-15 19:18 - 2013-11-15 18:39 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-15 18:48 - 2013-11-15 18:48 - 00000219 _____ C:\Users\Jan-David\Desktop\Team Fortress 2.url
2013-11-15 18:39 - 2013-11-15 18:39 - 00000983 _____ C:\Users\Public\Desktop\Steam.lnk
2013-11-15 18:38 - 2013-11-15 18:38 - 01123600 _____ C:\Users\Jan-David\Downloads\SteamSetup.exe
2013-11-15 17:38 - 2013-11-15 17:38 - 00000000 ___SH C:\DkHyperbootSync
2013-11-15 17:14 - 2013-03-26 07:57 - 00745562 _____ C:\WINDOWS\system32\perfh007.dat
2013-11-15 17:14 - 2013-03-26 07:57 - 00169488 _____ C:\WINDOWS\system32\perfc007.dat
2013-11-15 17:14 - 2012-07-26 08:28 - 01752784 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-15 17:08 - 2013-11-15 17:08 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-15 17:07 - 2013-03-25 23:02 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-15 17:07 - 2012-07-26 08:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-14 16:32 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\WinStore
2013-11-14 16:31 - 2012-07-26 09:12 - 00000000 ___RD C:\WINDOWS\ToastData
2013-11-14 15:34 - 2013-11-14 15:34 - 00006967 _____ C:\Users\Jan-David\Downloads\[1.6.2]ArmorStatusHUDv1.13.zip
2013-11-14 15:33 - 2013-11-14 15:33 - 00067806 _____ C:\Users\Jan-David\Downloads\[1.6.2]bspkrsCorev4.3.FORGE_ONLY.zip
2013-11-14 15:33 - 2013-11-14 15:33 - 00006412 _____ C:\Users\Jan-David\Downloads\[1.6.2]StatusEffectHUDv1.16.zip
2013-11-14 15:31 - 2013-11-14 15:31 - 00068160 _____ C:\Users\Jan-David\Downloads\[1.6.4]bspkrsCorev5.0.zip
2013-11-14 11:48 - 2013-11-14 11:48 - 03153999 _____ C:\Users\Jan-David\Downloads\Nova Launcher_2.2.2.apk
2013-11-13 16:09 - 2013-09-10 12:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-13 16:06 - 2013-09-10 12:36 - 82896128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-12 17:18 - 2013-11-12 17:18 - 00153216 _____ (Amônétízé Ltd) C:\Users\Jan-David\Downloads\Die.Tribute.Von.Panem.German.AC3.BDRiP.XViD SONS.avi.mp4__3038_i130275796_il5494742.exe
2013-11-12 15:46 - 2013-11-12 15:46 - 00000000 ____D C:\Users\Jan-David\AppData\Local\ebesucher
2013-11-12 15:46 - 2013-11-12 15:46 - 00000000 ____D C:\Program Files (x86)\eBesucher Restarter
2013-11-12 15:45 - 2013-11-12 15:45 - 00952204 _____ (eBesucher                                                   ) C:\Users\Jan-David\Downloads\restarter-setup-x64.v1.2.04.exe
2013-11-11 08:58 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-11-10 14:53 - 2013-09-25 14:28 - 00158208 ___SH C:\Users\Jan-David\Downloads\Thumbs.db
2013-11-10 14:16 - 2012-07-26 08:21 - 00041471 _____ C:\WINDOWS\setupact.log
2013-11-08 16:51 - 2013-11-08 16:51 - 00732928 _____ C:\Users\Jan-David\Downloads\travelguide_1.0_de-DE.exe
2013-11-08 16:26 - 2013-10-07 11:06 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\vlc
2013-11-08 15:19 - 2013-11-08 15:19 - 00064332 _____ C:\Users\Jan-David\Documents\Jan-DavidC4DAnonymous.c4d
2013-11-08 14:36 - 2013-10-26 19:02 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Mp3tag
2013-11-07 14:02 - 2013-11-07 13:08 - 00000000 ____D C:\Users\Jan-David\Documents\HACKING
2013-11-07 12:45 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-11-06 17:22 - 2013-10-22 16:55 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\.technic
2013-11-06 17:21 - 2013-11-06 17:21 - 02295500 _____ () C:\Users\Jan-David\Downloads\TechnicLauncher.exe
2013-11-05 23:58 - 2013-11-15 17:08 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-11-05 23:58 - 2013-11-15 17:08 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-04 20:38 - 2013-11-04 20:04 - 00090563 _____ C:\Users\Jan-David\Documents\Jan-DavidC4D.c4d
2013-11-04 18:08 - 2013-11-04 18:08 - 00003047 _____ C:\Users\Jan-David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joulemeter.lnk
2013-11-04 18:08 - 2013-11-04 18:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Research
2013-11-04 16:20 - 2013-11-04 16:20 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2013-11-04 16:20 - 2013-11-04 16:20 - 00000000 ____D C:\Program Files (x86)\GPU-Z
2013-11-04 16:15 - 2013-09-08 12:11 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\NVIDIA
2013-11-04 16:13 - 2013-11-04 16:13 - 01700504 _____ C:\Users\Jan-David\Downloads\cgminer-3.7.0-x86_64-built.tar.bz2
2013-11-04 15:56 - 2013-11-04 15:56 - 00000000 _____ C:\Users\Jan-David\Desktop\142mjUFsPVJZVvoNXnRaaM9ar6WPwDQkCD.txt
2013-11-04 15:55 - 2013-11-04 15:55 - 00000000 _____ C:\Users\Jan-David\Desktop\peaceful river smooth subcontracted pompano clear erections prerecorded thar dud paean hopkinton greenville interchangeable infrastructures heflin hopkinton.txt
2013-11-04 15:53 - 2013-11-04 15:47 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Bitcoin
2013-11-04 15:47 - 2013-11-04 15:47 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin
2013-11-04 15:47 - 2013-11-04 15:47 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-11-04 15:47 - 2013-11-04 15:47 - 00000000 ____D C:\Program Files (x86)\Bitcoin
2013-11-03 16:20 - 2013-09-08 11:45 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Skype
2013-11-03 00:10 - 2013-10-09 10:49 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\TS3Client
2013-11-02 12:30 - 2013-11-02 12:30 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_wpdcomp_01_11_00.Wdf
2013-10-31 16:34 - 2013-10-31 16:30 - 00000000 ____D C:\Users\Jan-David\Documents\Operatoren & Anforderungsbereiche Abitur
2013-10-31 12:14 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-10-30 18:17 - 2013-09-25 19:11 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-10-30 15:36 - 2013-09-08 14:16 - 00109056 ___SH C:\Users\Jan-David\Desktop\Thumbs.db
2013-10-29 17:23 - 2013-10-10 16:14 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-29 17:23 - 2013-09-08 11:21 - 00144832 ____N C:\WINDOWS\Minidump\102913-20750-01.dmp
2013-10-29 17:23 - 2012-08-10 16:03 - 00022960 _____ C:\WINDOWS\PFRO.log
2013-10-29 16:53 - 2013-10-29 16:53 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\IDT
2013-10-29 14:50 - 2013-10-29 14:50 - 00002167 _____ C:\Users\Public\Desktop\Secure Eraser.lnk
2013-10-29 14:50 - 2013-10-29 14:50 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\ASCOMP Software
2013-10-29 14:50 - 2013-10-29 14:50 - 00000000 ____D C:\Program Files (x86)\ASCOMP Software
2013-10-28 17:46 - 2013-10-28 17:22 - 00000000 _____ C:\Users\Jan-David\Documents\TrueCrypt_Protected
2013-10-27 19:29 - 2013-10-27 19:26 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\TrueCrypt
2013-10-27 19:25 - 2013-10-27 19:25 - 03466248 _____ (TrueCrypt Foundation) C:\Users\Jan-David\Downloads\TrueCrypt_Setup_7.1a.exe
2013-10-27 19:25 - 2013-10-27 19:25 - 00231376 _____ (TrueCrypt Foundation) C:\WINDOWS\system32\Drivers\truecrypt.sys
2013-10-27 19:25 - 2013-10-27 19:25 - 00000877 _____ C:\Users\Public\Desktop\TrueCrypt.lnk
2013-10-27 19:25 - 2013-10-27 19:25 - 00000000 ____D C:\Program Files\TrueCrypt
2013-10-26 19:01 - 2013-10-26 19:01 - 00000000 ____D C:\Program Files (x86)\Mp3tag
2013-10-24 10:39 - 2013-10-09 10:48 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-10-23 17:23 - 2013-10-23 17:23 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2013-10-23 17:23 - 2013-10-23 17:23 - 00000000 ____D C:\Program Files (x86)\Overwolf
2013-10-23 17:23 - 2013-10-09 10:49 - 00000000 ____D C:\Users\Jan-David\AppData\Local\Overwolf
2013-10-22 16:42 - 2013-10-22 16:42 - 00017624 _____ C:\Users\Jan-David\Documents\Politik KSA Marktwirtschaft etc.odt
2013-10-22 16:27 - 2013-03-25 23:00 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-22 15:49 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2013-10-22 15:36 - 2013-10-22 15:36 - 00000000 ____D C:\Users\Jan-David\Documents\ROCCAT
2013-10-22 15:35 - 2013-10-22 15:35 - 00001177 _____ C:\Users\Public\Desktop\ROCCAT Power-Grid.lnk
2013-10-22 15:35 - 2013-09-08 11:58 - 00000000 ____D C:\Program Files (x86)\ROCCAT
2013-10-22 15:25 - 2013-10-22 15:25 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-22 15:25 - 2013-03-25 23:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-18 18:39 - 2013-10-18 18:38 - 00000000 ____D C:\Program Files (x86)\Die Erben von St.Pauli
2013-10-18 18:24 - 2013-10-18 18:24 - 00000000 ____D C:\Program Files (x86)\Hochseefischen - Die Simulation
2013-10-18 12:35 - 2013-09-08 11:29 - 00004100 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-18 12:35 - 2013-09-08 11:29 - 00003864 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-17 17:38 - 2013-10-17 17:38 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2013-10-17 17:33 - 2013-10-11 14:15 - 00000000 ____D C:\Users\Jan-David\AppData\Roaming\Apple Computer
2013-10-17 14:44 - 2013-10-16 11:30 - 00132219 _____ C:\Users\Jan-David\Documents\Ohne Titel 1.c4d

Some content of TEMP:
====================
C:\Users\Jan-David\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Jan-David\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Jan-David\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\Jan-David\AppData\Local\Temp\i4jdel0.exe
C:\Users\Jan-David\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Jan-David\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Jan-David\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Jan-David\AppData\Local\Temp\nvStInst.exe
C:\Users\Jan-David\AppData\Local\Temp\OnlineWeatherSetup.exe
C:\Users\Jan-David\AppData\Local\Temp\sonarinst.exe
C:\Users\Jan-David\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Jan-David\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-08 14:00

==================== End Of Log ============================
         
--- --- ---

[/CODE]


Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2013
Ran by Jan-David at 2013-11-16 15:19:47
Running from C:\Users\Jan-David\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
8500A909_eDocs (x32 Version: 1.00.0000)
8500A909_Help (x32 Version: 1.00.0000)
8500A909g (x32 Version: 140.0.001.000)
ACDSee 16 (x32 Version: 16.1.88)
Adobe Creative Cloud (x32 Version: 2.1.2.232)
Adobe Photoshop CC (x32 Version: 14.0)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
ANNO 2070 (x32 Version: 1.0.0.0)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
ASIO4ALL (x32 Version: 2.11 Beta1)
Audacity 2.0.4 (x32 Version: 2.0.4)
Battlefield 4™ Beta (x32 Version: 1.0.0.0)
Battlelog Web Plugins (x32 Version: 2.3.0)
Bing Bar (x32 Version: 7.2.241.0)
Bitcoin (HKCU Version: 0.8.1)
Blender (Version: 2.68a)
Bonjour (Version: 3.0.0.10)
Borderlands 2 Game of the Year Edition MULTI-2 1.6.0 (x32)
BPD_DSWizards (x32 Version: 1.00.0000)
bpd_scan (x32 Version: 3.00.0000)
BPDSoftware (x32 Version: 140.0.001.000)
BPDSoftware_Ini (x32 Version: 1.00.0000)
BufferChm (x32 Version: 140.0.298.000)
Bundled software uninstaller (x32)
Cinema 4D version R12 (x32 Version: R12)
Connected Music powered by Universal Music Group version 1.0 (x32 Version: 1.0)
Craften Terminal 3.4.5011.37604 (x32 Version: 3.4.5011.37604)
CyberLink LabelPrint (x32 Version: 2.5.2.5630)
CyberLink Media Suite 10 (x32 Version: 10.0.2.2114)
CyberLink PhotoDirector (x32 Version: 2.0.2.3317)
CyberLink Power2Go 8 (x32 Version: 8.0.2.2126)
CyberLink PowerDirector 10 (x32 Version: 10.0.2.2126)
CyberLink PowerDVD (x32 Version: 10.0.7.4605)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.47.1.0337)
Destinations (x32 Version: 140.0.253.000)
DeviceDiscovery (x32 Version: 140.0.298.000)
Die Erben von St.Pauli (x32)
Die Siedler - Aufbruch der Kulturen (x32)
DivX-Setup (x32 Version: 2.6.1.84)
DocProc (x32 Version: 140.0.185.000)
eBesucher Restarter 1.2 (x32 Version: 1.2.04.0)
ESN Sonar (x32 Version: 0.70.4)
ExpressCache (Version: 1.0.94)
Fax (x32 Version: 140.0.307.000)
FilesFrog Update Checker (x32)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.31.0)
FL Studio 11 (x32)
FlowStone FL 3.0 (x32)
Fotogalerie (x32 Version: 16.4.3503.0728)
Fraps (remove only) (x32)
Free Studio version 2013 (x32 Version: 6.1.11.0827)
GeForce Experience NvStream Client Components (Version: 0.1.87)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
GPBaseService2 (x32 Version: 140.0.297.000)
Grand Theft Auto San Andreas (x32 Version: v1.0/1.1)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
Hochseefischen - Die Simulation (x32)
HP Connected Music (Meridian - installer) (x32 Version: v1.0)
HP Connected Remote (x32 Version: 1.0.1218)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet Pro 8500 A909 Series (Version: 14.0)
HP Postscript Converter (Version: 3.1.3591)
HP Registration Service (Version: 1.1.6232.4245)
HP Solution Center 14.0 (Version: 14.0)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Support Information (x32 Version: 12.00.0000)
HP Update (x32 Version: 5.002.006.003)
HPProductAssistant (x32 Version: 140.0.298.000)
HPSSupply (x32 Version: 140.0.297.000)
IDT Audio (x32 Version: 1.0.6429.0)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
iTunes (Version: 11.1.1.11)
Java 7 Update 40 (64-bit) (Version: 7.0.400)
JDownloader 0.9 (x32 Version: 0.9)
Joulemeter (x32 Version: 1.2.0)
LAME v3.99.3 (for Windows) (x32)
LogMeIn Hamachi (x32 Version: 2.2.0.105)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6)
MAGIX Speed burnR (MSI) (x32 Version: 7.0.2.6)
MAGIX Video deluxe 2013 (Version: 12.0.0.32)
MAGIX Video deluxe 2013 (x32 Version: 12.0.0.32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 140.0.212.000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft Silverlight (x32 Version: 5.1.10411.0)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Movie Maker (x32 Version: 16.4.3503.0728)
Mp3tag v2.58 (x32 Version: v2.58)
MPM (x32 Version: 1.00.0000)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Network64 (Version: 140.0.306.000)
Norton Internet Security (x32 Version: 20.4.0.40)
Notepad++ (x32 Version: 6.4.5)
NVIDIA 3D Vision Controller-Treiber 331.58 (Version: 331.58)
NVIDIA 3D Vision Treiber 331.58 (Version: 331.58)
NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1)
NVIDIA Grafiktreiber 331.58 (Version: 331.58)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.133.902)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3158)
NVIDIA Systemsteuerung 331.58 (Version: 331.58)
NVIDIA Update 8.3.14 (Version: 8.3.14)
NVIDIA Update Components (Version: 8.3.14)
NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
Origin (x32 Version: 9.3.7.2735)
Overwolf (x32 Version: 0.44.256)
Paragon Festplatten Manager™ 2013 Kompakt (x32 Version: 90.00.0003)
PDF Settings CC (x32 Version: 12.0)
Photo Common (x32 Version: 16.4.3503.0728)
Photo Gallery (x32 Version: 16.4.3503.0728)
ProductContext (x32 Version: 140.0.001.000)
PS3 Media Server (x32 Version: 1.90.1)
PS3Muxer 1.30 (x32)
PunkBuster Services (x32 Version: 0.993)
Recovery Manager (x32 Version: 5.5.0.5826)
ROCCAT Kova[+] Mouse Driver (x32 Version: 1.10)
ROCCAT Power-Grid Version 0.458 (x32 Version: 0.458)
Scan (x32 Version: 140.0.253.000)
Scratch (x32 Version: 1.4.0.0)
Secure Eraser (x32 Version: 4.2.0.1)
SHIELD Streaming (Version: 1.05.28)
Shop for HP Supplies (Version: 14.0)
Sigil 0.7.3 (x32)
Skype™ 6.7 (x32 Version: 6.7.102)
SolutionCenter (x32 Version: 140.0.299.000)
Status (x32 Version: 140.0.342.000)
Steam (x32)
SUPER © v2013.build.57+Recorder (2013/07/13) Version v2013.buil (x32 Version: v2013.build.57+Recorder)
Team Fortress 2 (x32)
TeamSpeak 3 Client (Version: 3.0.13.1)
TechPowerUp GPU-Z (x32)
Tom Clancy's Splinter Cell Blacklist The 5th Freedom Edition 1.01 (x32)
Toolbox (x32 Version: 140.0.596.000)
TrayApp (x32 Version: 140.0.297.000)
TrueCrypt (x32 Version: 7.1a)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VLC media player 2.1.0 (Version: 2.1.0)
WebReg (x32 Version: 140.0.297.017)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)

==================== Restore Points  =========================

04-11-2013 17:08:31 Installed Joulemeter
12-11-2013 17:03:48 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0101FECA-E442-424B-B7A5-C69032BFE1E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-08] (Google Inc.)
Task: {2CDF4736-56B7-414D-B2E3-A40200ABE0D5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3004B50A-2F19-452E-8925-FB9C437D6A01} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-04] (Symantec Corporation)
Task: {5FA7FF8B-A343-4AE3-91C8-5D40E85E0829} - System32\Tasks\AdobeAAMUpdater-1.0-JanPC-Jan-David => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {6E98B86A-56BD-4DE1-84C7-A6BA553A8329} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {7AEC86E6-7449-4F89-B3E4-A9B5FE616D2D} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {87F81755-F735-4198-8C56-7C7F820D2FB5} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-10-12] (Microsoft Corporation)
Task: {919EE860-9E59-4293-BCF1-B054F16D5E7A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {98B3C912-F064-4FCB-A6BC-07327172AB08} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {9B246F4A-9A10-4D6F-B570-5BCA30655414} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {9E618D9D-49E7-4555-9CE1-A68BE402820E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A102A09E-1AF1-4E2A-B931-E27066C0935D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {AA773A37-1D29-46E8-B377-1B7DAC6C60EF} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {E8968DD5-E506-40B6-80E8-050B5BA34212} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-08] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-30 09:01 - 2013-08-30 09:01 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2013-11-16 14:56 - 2013-11-16 14:56 - 00306176 _____ () C:\Users\Jan-David\AppData\Roaming\.minecraft\versions\1.6.4-Forge9.11.0.883\1.6.4-Forge9.11.0.883-natives-78588060738248\lwjgl64.dll
2013-11-16 14:56 - 2013-11-16 14:56 - 00382464 _____ () C:\Users\Jan-David\AppData\Roaming\.minecraft\versions\1.6.4-Forge9.11.0.883\1.6.4-Forge9.11.0.883-natives-78588060738248\OpenAL64.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 18:51 - 2013-09-13 18:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-25 23:04 - 2012-07-18 09:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-09-10 10:48 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2013-09-08 11:59 - 2010-05-29 13:57 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kova[+] Mouse\hiddriver.dll
2013-09-03 14:25 - 2013-09-03 14:25 - 32726528 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2013-03-13 12:42 - 2013-06-05 13:21 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
2013-08-29 01:25 - 2013-08-29 01:25 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-08-30 09:00 - 2013-08-30 09:00 - 00381808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CCInvokeAAM.dll
2013-03-25 23:10 - 2012-06-08 04:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-10-18 12:50 - 2013-10-09 01:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-18 12:50 - 2013-10-09 01:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-18 12:50 - 2013-10-09 01:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-18 12:50 - 2013-10-09 01:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-18 12:50 - 2013-10-09 01:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-10-18 12:50 - 2013-10-09 01:02 - 13584336 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8500 A909g
Description: Officejet Pro 8500 A909g
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2013 05:11:43 PM) (Source: Perflib) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8

Error: (11/15/2013 05:08:25 PM) (Source: Windows Search Service) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz   konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet.   0x0.

Error: (11/15/2013 05:08:25 PM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog

Error: (11/15/2013 05:08:24 PM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Error: (11/14/2013 00:40:10 PM) (Source: Perflib) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8

Error: (11/12/2013 06:20:19 PM) (Source: Perflib) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8

Error: (11/11/2013 04:29:45 PM) (Source: Perflib) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8

Error: (11/09/2013 05:40:28 PM) (Source: Perflib) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8

Error: (11/08/2013 01:29:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ccSvcHst.exe, Version: 12.3.3.2, Zeitstempel: 0x519ab0d3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001d73b
ID des fehlerhaften Prozesses: 0x2300
Startzeit der fehlerhaften Anwendung: 0xccSvcHst.exe0
Pfad der fehlerhaften Anwendung: ccSvcHst.exe1
Pfad des fehlerhaften Moduls: ccSvcHst.exe2
Berichtskennung: ccSvcHst.exe3
Vollständiger Name des fehlerhaften Pakets: ccSvcHst.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ccSvcHst.exe5

Error: (11/08/2013 01:29:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ccSvcHst.exe, Version: 12.3.3.2, Zeitstempel: 0x519ab0d3
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001d73b
ID des fehlerhaften Prozesses: 0x16f0
Startzeit der fehlerhaften Anwendung: 0xccSvcHst.exe0
Pfad der fehlerhaften Anwendung: ccSvcHst.exe1
Pfad des fehlerhaften Moduls: ccSvcHst.exe2
Berichtskennung: ccSvcHst.exe3
Vollständiger Name des fehlerhaften Pakets: ccSvcHst.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ccSvcHst.exe5


System errors:
=============
Error: (11/16/2013 03:13:44 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 1203.

Error: (11/16/2013 03:13:14 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 1203.

Error: (11/16/2013 03:12:44 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 1203.

Error: (11/15/2013 06:44:45 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (11/15/2013 06:44:45 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (11/15/2013 05:08:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (11/15/2013 05:08:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%2147942405

Error: (11/15/2013 05:08:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%2147942405

Error: (11/15/2013 05:08:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%2147942405

Error: (11/15/2013 05:08:01 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet: 
%%2147942405


Microsoft Office Sessions:
=========================
Error: (11/15/2013 05:11:43 PM) (Source: Perflib)(User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8

Error: (11/15/2013 05:08:25 PM) (Source: Windows Search Service)(User: )
Description: WSearchIdxPiDer Vorgang wurde erfolgreich beendet.   0x0

Error: (11/15/2013 05:08:25 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog

Error: (11/15/2013 05:08:24 PM) (Source: Windows Search Service)(User: )
Description: 

Error: (11/14/2013 00:40:10 PM) (Source: Perflib)(User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8

Error: (11/12/2013 06:20:19 PM) (Source: Perflib)(User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8

Error: (11/11/2013 04:29:45 PM) (Source: Perflib)(User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8

Error: (11/09/2013 05:40:28 PM) (Source: Perflib)(User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8

Error: (11/08/2013 01:29:04 PM) (Source: Application Error)(User: )
Description: ccSvcHst.exe12.3.3.2519ab0d3ntdll.dll6.2.9200.16578515fac6ec00000050001d73b230001cedc7e1ce524e2C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exeC:\WINDOWS\SYSTEM32\ntdll.dll5a91b0e3-4871-11e3-be81-7054d27cbad2

Error: (11/08/2013 01:29:01 PM) (Source: Application Error)(User: )
Description: ccSvcHst.exe12.3.3.2519ab0d3ntdll.dll6.2.9200.16578515fac6ec00000050001d73b16f001cedc7e1a981083C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exeC:\WINDOWS\SYSTEM32\ntdll.dll58449c6b-4871-11e3-be81-7054d27cbad2


==================== Memory info =========================== 

Percentage of memory in use: 60%
Total physical RAM: 8131.55 MB
Available physical RAM: 3199.5 MB
Total Pagefile: 8595.55 MB
Available Pagefile: 2358.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.07 GB) (Free:564.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.63 GB) (Free:1.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:1.85 GB) (Free:1.85 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: D44840C3)

Partition: GPT Partition Type
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 3CAE5427)
Partition 1: (Not Active) - (Size=15 GB) - (Type=73)

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)

==================== End Of Log ============================
         

Mit freundlichen Grüßen,
DDerTyp
__________________

Alt 17.11.2013, 07:01   #4
schrauber
/// the machine
/// TB-Ausbilder
 

PUP.Optional. - Fragen - Standard

PUP.Optional. - Fragen



MBAM alles löschen lassen.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu PUP.Optional. - Fragen
administrator, anti-malware, autostart, backdoor.darkcomet, coinminer, downloader, entfernen, gefährlich, install.exe, pup.optional, pup.optional., pup.optional.amonetize, pup.optional.babylon.a, pup.optional.bitcoinminer, pup.optional.browsefox.a, pup.optional.conduit.a, pup.optional.downloadsponsor.a, pup.optional.filesfrog.a, pup.optional.installcore.a, pup.optional.installmonetizer, pup.optional.somoto, pup.optional.somoto.a, pup.optional.webconnect.a, software, tipps, uninstall.exe, viren



Ähnliche Themen: PUP.Optional. - Fragen


  1. GMER stürzt ab - MBAM erkennt PUP.Optional.Agent, PUP.Optional.IEBho.A, PUP.Optional.MyFreeze.A
    Plagegeister aller Art und deren Bekämpfung - 07.02.2015 (13)
  2. WIN7: Fund PUP.Optional.DigitalSites.A, PUP.Optional.OpenCandy, PUP.Optional.Softonic.A, PUP.Optional.Updater.A. Weitere Vorgehensweise
    Log-Analyse und Auswertung - 08.10.2014 (11)
  3. Trojaner: PUP.Optional.CrossRider.A, PUP.Optional.MySearchDial.A, PUP.Optional.Babylon.A, PUP.Optional.BuenoSearch
    Plagegeister aller Art und deren Bekämpfung - 17.07.2014 (3)
  4. Security.Hijack, PUP.Optional.OpenCandy, PUP.Optional.Somoto, PUP.Optional.MoviesToolBar etc gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (1)
  5. PUP.Optional.DomalQ / PUP.Optional.BProtector / PUP.Optional.InstallMonetizer.A
    Plagegeister aller Art und deren Bekämpfung - 11.03.2014 (9)
  6. Windows 8: Fund von TR/Dropper.gen, PUP.Optional.Iminent.A, PUP.Optional.BizzyBolt, PUP.Optional.DigitalSites.A
    Log-Analyse und Auswertung - 10.12.2013 (13)
  7. PC läuft langsam Adware Agent,Pup Optional B..,Pup Optional S..,wurde von Malewarebytes gefunden
    Log-Analyse und Auswertung - 04.10.2013 (41)
  8. Malwarebytes und Avira finden PUP.Optional.OpenCandy, PUP.Optional.Softonic, ADWARE/InstallCo.HF
    Log-Analyse und Auswertung - 14.09.2013 (9)
  9. Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Plagegeister aller Art und deren Bekämpfung - 11.09.2013 (13)
  10. 2x Windows Vista: PUP.Optional.Tarma.A PUP.Optional.OpenCandy PUP.Optional.InstallCore.A
    Mülltonne - 08.09.2013 (1)
  11. PUP.Optional.BrowserDefender.A, PUP.Optional.Babylon.A, PUP.Optional.Delta
    Log-Analyse und Auswertung - 25.08.2013 (8)
  12. PC neu aufgesetzt! Fragen über Fragen.
    Alles rund um Windows - 03.03.2013 (10)
  13. PC neu aufgesetzt! Fragen über Fragen.
    Log-Analyse und Auswertung - 26.02.2013 (3)
  14. Trojan.Iframe.SL auf Homepage - Fragen über Fragen
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (11)
  15. Fragen über fragen zum thema Kaspersky !
    Antiviren-, Firewall- und andere Schutzprogramme - 31.08.2005 (14)
  16. hallo meine erste posting und fragen über fragen !!!!
    Log-Analyse und Auswertung - 06.02.2005 (7)

Zum Thema PUP.Optional. - Fragen - Hallo, ich bin relativ neu hier und habe gleich schonmal eine Frage. Ich habe mir mal Malwarbytes heruntergeladen & installiert. Danach gleich mal den Quick-Scan durchlaufen lassen und siehe da, - PUP.Optional. - Fragen...
Archiv
Du betrachtest: PUP.Optional. - Fragen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.