Win 7: keine Deinstallationen mehr möglich, eingeschränkte Rechte als Admin

nolbeltcook · 10.12.2013, 13:17

Hallo ihr Lieben Helfer.
Wahrscheinlich tummelt sich schon eine ganze Weile etwas auf meinem Rechner, gestern habe ich MBAM checken lassen und festgestellt:
8x PUP.LoadTubes, 1x Hijack.Userinit und 1x Backdoor.Agent, den ich vor lauter Schreck einfach gleich gelöscht habe.

Habe die drei ersten Schritte befolgt, bei GMER jedoch stürzte während des Laufs der Rechner einfach ab, habe also keine Gmer.txt

DEFOGGER_DISABLE.LOG

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:44 on 10/12/2013 (Hans Wurst)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Pro Agent -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

FRST.TXT

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2013
Ran by Hans Wurst (administrator) on HANS-WURSTS-PC on 10-12-2013 12:48:36
Running from C:\Users\Hans Wurst\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Users\Hans Wurst\AppData\LocalLow\Flagfox\IE\FlagfoxUpdater.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Windows\System32\PnkBstrA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BiosNotice] - C:\Program Files\BIOSTAR\BiosNotice\BiosNotice.exe [1003008 2010-10-13] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9742952 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-08] (COMODO)
HKLM\...\Run: [amd_dc_opt] - C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
MountPoints2: {907dfc48-f807-11e0-a344-003067a5bb83} - E:\Autorun.exe
MountPoints2: {d07c70e6-55e3-11e3-9d6a-003067a5bb83} - G:\LaunchU3.exe -a
AppInit_DLLs: C:\Windows\System32\guard32.dll [ 2012-11-08] (COMODO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=d79f0590-a1cf-94b4-c8d6-9483bd290512&searchtype=ds&q={searchTerms}&installDate=15/10/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=d79f0590-a1cf-94b4-c8d6-9483bd290512&searchtype=hp&installDate=15/10/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x510890D00189CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=d79f0590-a1cf-94b4-c8d6-9483bd290512&searchtype=ds&q={searchTerms}&installDate=15/10/2013
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=d79f0590-a1cf-94b4-c8d6-9483bd290512&searchtype=ds&q={searchTerms}&installDate=15/10/2013
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=d79f0590-a1cf-94b4-c8d6-9483bd290512&searchtype=ds&q={searchTerms}&installDate=15/10/2013
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=d79f0590-a1cf-94b4-c8d6-9483bd290512&searchtype=ds&q={searchTerms}&installDate=15/10/2013
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=d79f0590-a1cf-94b4-c8d6-9483bd290512&searchtype=ds&q={searchTerms}&installDate=15/10/2013
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Flagfox - {A02B5E09-122E-4A2D-B996-D997485B8C9E} - C:\Users\Hans Wurst\AppData\LocalLow\Flagfox\IE\Flagfox.dll (Dave G)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {88AC3CB6-596B-4217-964C-B6757EF9602D} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Hans Wurst\AppData\Roaming\Mozilla\Firefox\Profiles\7m9sztuk.default
FF NewTab: about:blank
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=d79f0590-a1cf-94b4-c8d6-9483bd290512&searchtype=ds&installDate=15/10/2013&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files\Ubisoft\Trials Evolution Gold Edition\datapack\orbit\npuplaypc.dll (Ubisoft)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Youtube Video and Audio Downloader - C:\Users\Hans Wurst\AppData\Roaming\Mozilla\Firefox\Profiles\7m9sztuk.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
FF Extension: tabmix - C:\Users\Hans Wurst\AppData\Roaming\Mozilla\Firefox\Profiles\7m9sztuk.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: defaults - C:\Users\Hans Wurst\AppData\Roaming\Mozilla\Firefox\Profiles\7m9sztuk.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
FF Extension: No Name - C:\Users\Hans Wurst\AppData\Roaming\Mozilla\Firefox\Profiles\7m9sztuk.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Hans Wurst\AppData\Roaming\5038
FF Extension: Java String Helper - C:\Users\Hans Wurst\AppData\Roaming\5038

Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: "browser": {
    "show_home_button"
CHR Extension: (Movie2kDownloader) - C:\Users\Hans Wurst\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0
CHR Extension: (GoPhoto.it) - C:\Users\Hans Wurst\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4
CHR HKLM\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files\Movie2KDownloader.com\Movie2KDownloader10.crx
CHR HKLM\...\Chrome\Extension: [hempmfkijmahkaddljkmchcmjbojoedl] - C:\Users\HANSWU~1\AppData\Local\Temp\crx4E0D.tmp
CHR HKLM\...\Chrome\Extension: [ildldcbkkbkhnjghnbidklpepakbepnd] - C:\Users\Hans Wurst\AppData\LocalLow\Flagfox\CHROME\Flagfox.crx
CHR HKLM\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files\Gophoto.it\gophotoit14.crx
CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.crx

========================== Services (Whitelisted) =================

R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-08] (COMODO)
R2 FlagfoxUpdater; C:\Users\Hans Wurst\AppData\LocalLow\Flagfox\IE\FlagfoxUpdater.exe [18432 2012-02-28] ()
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-11-26] ()
S4 pr2agqwb; C:\Windows\system32\pr2agqwb.exe [410984 2008-02-25] (Cyanide)
S4 pr2agqwc; C:\Windows\system32\pr2agqwc.exe [410984 2007-08-02] (Cyanide)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2013-03-03] ()
R1 BIOS; C:\Windows\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group)
R1 BS_I2cIo; C:\Windows\system32\drivers\BS_I2cIo.sys [6272 2010-05-17] (BIOSTAR Group)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [19632 2012-11-08] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [36072 2012-11-08] (COMODO)
S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfo.sys [15152 2007-09-25] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [82952 2012-11-08] (COMODO)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-03-03] ()
S3 nocashio; C:\Windows\System32\drivers\nocashio.sys [4096 2012-10-29] ()
S3 OlyCamComm; C:\Windows\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-10] (OLYMPUS IMAGING CORP.)
R0 pe3agqwb; C:\Windows\System32\drivers\pe3agqwb.sys [64616 2008-02-25] (Cyanide)
R0 pe3agqwc; C:\Windows\System32\drivers\pe3agqwc.sys [64616 2007-08-02] (Cyanide)
R0 ps6agqwb; C:\Windows\System32\drivers\ps6agqwb.sys [54896 2007-07-04] (Cyanide)
R0 ps6agqwc; C:\Windows\System32\drivers\ps6agqwc.sys [68208 2007-08-02] (Cyanide)
R0 ps7agqwb; C:\Windows\System32\drivers\ps7agqwb.sys [68208 2008-02-25] (Cyanide)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-10-13] (Duplex Secure Ltd.)
R1 SSHDRV65; C:\Windows\system32\drivers\SSHDRV65.sys [120320 2012-06-29] ()
S1 ASPI32; No ImagePath
S3 PCD65X2; \??\C:\Users\HANSWU~1\AppData\Local\Temp\PCD65X2.sys [x]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-10 12:48 - 2013-12-10 12:48 - 00012880 _____ C:\Users\Hans Wurst\Desktop\FRST.txt
2013-12-10 12:48 - 2013-12-10 12:48 - 00000000 ____D C:\FRST
2013-12-10 12:47 - 2013-12-10 12:47 - 01060641 _____ (Farbar) C:\Users\Hans Wurst\Desktop\FRST.exe
2013-12-10 12:44 - 2013-12-10 12:44 - 00000672 _____ C:\Users\Hans Wurst\Desktop\defogger_disable.log
2013-12-10 12:44 - 2013-12-10 12:44 - 00000186 _____ C:\Users\Hans Wurst\defogger_reenable
2013-12-10 12:40 - 2013-12-10 12:40 - 00050477 _____ C:\Users\Hans Wurst\Desktop\Defogger.exe
2013-12-09 20:57 - 2013-01-01 01:00 - 1932853248 _____ C:\Users\Hans Wurst\Downloads\DeaPol.iso
2013-12-09 19:54 - 2011-11-24 19:30 - 00000000 ____D C:\Users\Hans Wurst\Downloads\Batman.Arkham.Asylum.GotY.Edition.MULTi2.RIP-RAF
2013-12-09 18:55 - 2013-12-10 12:45 - 00000224 _____ C:\Windows\setupact.log
2013-12-09 18:55 - 2013-12-09 18:55 - 00000000 _____ C:\Windows\setuperr.log
2013-12-06 22:54 - 2013-10-23 23:44 - 00000000 ____D C:\Users\Hans Wurst\Downloads\Breaking.Bad.S04E13.Von.Angesicht.zu.Angesicht.GERMAN.DL.BDRip.x264.iNTERNAL-TMSF
2013-12-06 22:40 - 2013-10-23 23:44 - 00000000 ____D C:\Users\Hans Wurst\Downloads\Breaking.Bad.S04E12.Endzeit.GERMAN.DL.BDRip.x264.iNTERNAL-TMSF
2013-12-05 23:33 - 2013-10-23 23:44 - 00000000 ____D C:\Users\Hans Wurst\Downloads\Breaking.Bad.S04E11.Flucht.GERMAN.DL.BDRip.x264.iNTERNAL-TMSF
2013-12-05 23:20 - 2013-10-23 23:44 - 00000000 ____D C:\Users\Hans Wurst\Downloads\Breaking.Bad.S04E10.Prost.GERMAN.DL.BDRip.x264.iNTERNAL-TMSF
2013-12-05 23:04 - 2013-10-23 23:44 - 00000000 ____D C:\Users\Hans Wurst\Downloads\Breaking.Bad.S04E09.Verwanzt.GERMAN.DL.BDRip.x264.iNTERNAL-TMSF
2013-12-05 22:49 - 2013-10-23 23:44 - 00000000 ____D C:\Users\Hans Wurst\Downloads\Breaking.Bad.S04E08.Brueder.GERMAN.DL.BDRip.x264.iNTERNAL-TMSF
2013-12-05 22:34 - 2013-10-23 23:44 - 00000000 ____D C:\Users\Hans Wurst\Downloads\Breaking.Bad.S04E07.Problemhund.GERMAN.DL.BDRip.x264.iNTERNAL-TMSF
2013-12-04 17:03 - 2013-12-04 22:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-03 16:27 - 2013-12-03 16:27 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-03 16:27 - 2013-12-03 16:27 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-03 16:27 - 2013-12-03 16:27 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 16:27 - 2013-12-03 16:27 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 16:27 - 2013-12-03 16:27 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 16:27 - 2013-12-03 16:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-03 16:27 - 2013-12-03 16:27 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 16:27 - 2013-12-03 16:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 16:27 - 2013-12-03 16:27 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-03 16:27 - 2013-12-03 16:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-03 16:27 - 2013-12-03 16:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 16:27 - 2013-12-03 16:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 16:27 - 2013-12-03 16:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 16:27 - 2013-12-03 16:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 16:27 - 2013-12-03 16:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 16:27 - 2013-12-03 16:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-03 16:26 - 2013-12-03 16:26 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-12-03 16:26 - 2013-12-03 16:26 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-12-03 16:26 - 2013-12-03 16:26 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-03 16:26 - 2013-12-03 16:26 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-12-03 16:26 - 2013-12-03 16:26 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-12-03 16:26 - 2013-12-03 16:26 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-12-03 16:26 - 2013-12-03 16:26 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-12-03 16:26 - 2013-12-03 16:26 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-12-03 16:25 - 2013-12-03 16:25 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-26 15:10 - 2013-11-26 15:10 - 00000240 _____ C:\Users\Hans Wurst\AppData\Roaming\MPUI.ini
2013-11-26 15:00 - 2013-11-26 15:00 - 00000989 _____ C:\Users\Hans Wurst\Desktop\MediaCoder.lnk
2013-11-26 15:00 - 2013-11-26 15:00 - 00000000 ____D C:\Users\Hans Wurst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCoder
2013-11-26 14:59 - 2013-11-26 15:00 - 00000000 ____D C:\Program Files\MediaCoder
2013-11-26 14:59 - 2013-11-26 14:59 - 00000000 ____D C:\Users\Hans Wurst\AppData\Roaming\Broad Intelligence
2013-11-26 14:51 - 1995-01-01 01:00 - 00000044 _____ C:\Users\Hans Wurst\Desktop\Track01.cda
2013-11-26 09:12 - 2013-11-26 09:12 - 00000000 ____D C:\Users\Hans Wurst\AppData\Local\FalloutNV
2013-11-25 17:02 - 2013-11-25 17:02 - 00000000 ____D C:\Program Files\PopCap Games
2013-11-25 16:32 - 2013-11-25 16:32 - 00001818 _____ C:\Users\UpdatusUser\Desktop\Peggle Extreme.lnk
2013-11-25 16:32 - 2013-11-25 16:32 - 00001818 _____ C:\Users\Administrator\Desktop\Peggle Extreme.lnk
2013-11-25 16:32 - 2013-11-25 16:32 - 00000000 ____D C:\Users\Hans Wurst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Peggle Extreme
2013-11-22 22:08 - 2013-12-09 10:16 - 00000000 ____D C:\Users\Hans Wurst\Desktop\AnnaBew
2013-11-20 11:18 - 2013-11-20 11:18 - 00103600 ____H C:\Windows\system32\mlfcache.dat
2013-11-20 10:59 - 2013-11-20 10:59 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-20 10:59 - 2013-11-20 10:59 - 00000000 ____D C:\Program Files\iTunes
2013-11-20 10:59 - 2013-11-20 10:59 - 00000000 ____D C:\Program Files\iPod
2013-11-18 20:41 - 2013-11-18 20:41 - 00005351 _____ C:\Users\Hans Wurst\.recently-used.xbel
2013-11-13 18:18 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 18:18 - 2013-10-12 03:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 18:18 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 18:18 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 18:18 - 2013-10-03 02:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 18:18 - 2013-09-25 03:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 18:18 - 2013-09-25 03:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 18:18 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 18:18 - 2013-09-25 02:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 18:18 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 18:18 - 2013-09-25 02:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 18:18 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 18:18 - 2013-09-25 01:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 18:18 - 2013-09-25 01:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 18:18 - 2013-07-04 13:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-12-10 12:48 - 2013-12-10 12:48 - 00012880 _____ C:\Users\Hans Wurst\Desktop\FRST.txt
2013-12-10 12:48 - 2013-12-10 12:48 - 00000000 ____D C:\FRST
2013-12-10 12:48 - 2011-10-12 18:05 - 01106646 _____ C:\Windows\WindowsUpdate.log
2013-12-10 12:47 - 2013-12-10 12:47 - 01060641 _____ (Farbar) C:\Users\Hans Wurst\Desktop\FRST.exe
2013-12-10 12:45 - 2013-12-09 18:55 - 00000224 _____ C:\Windows\setupact.log
2013-12-10 12:45 - 2012-12-05 18:20 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-10 12:45 - 2011-10-12 19:17 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-10 12:45 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-10 12:44 - 2013-12-10 12:44 - 00000672 _____ C:\Users\Hans Wurst\Desktop\defogger_disable.log
2013-12-10 12:44 - 2013-12-10 12:44 - 00000186 _____ C:\Users\Hans Wurst\defogger_reenable
2013-12-10 12:44 - 2011-12-07 10:13 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-12-10 12:44 - 2011-10-12 18:05 - 00000000 ____D C:\Users\Hans Wurst
2013-12-10 12:44 - 2009-07-14 05:34 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-10 12:44 - 2009-07-14 05:34 - 00021248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-10 12:42 - 2010-11-20 22:01 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-10 12:40 - 2013-12-10 12:40 - 00050477 _____ C:\Users\Hans Wurst\Desktop\Defogger.exe
2013-12-10 09:51 - 2012-12-05 18:20 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-10 09:17 - 2012-09-24 16:54 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-09 18:55 - 2013-12-09 18:55 - 00000000 _____ C:\Windows\setuperr.log
2013-12-09 18:55 - 2012-11-27 19:03 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-09 18:54 - 2012-11-27 19:03 - 00001067 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-09 18:31 - 2012-10-22 20:03 - 00000000 ____D C:\Program Files\Steam
2013-12-09 18:31 - 2011-10-16 19:26 - 00000000 ____D C:\Users\Hans Wurst\AppData\Roaming\DAEMON Tools Pro
2013-12-09 18:30 - 2011-07-15 16:46 - 00000000 ____D C:\Windows\Panther
2013-12-09 18:17 - 2013-01-11 17:16 - 00000000 ____D C:\Users\Hans Wurst\Desktop\Spiele
2013-12-09 18:16 - 2011-10-13 21:05 - 00000000 ____D C:\Users\Hans Wurst\Documents\Square Enix
2013-12-09 17:56 - 2011-10-12 19:25 - 00000000 ____D C:\Spiele
2013-12-09 10:16 - 2013-11-22 22:08 - 00000000 ____D C:\Users\Hans Wurst\Desktop\AnnaBew
2013-12-09 00:55 - 2011-10-13 13:51 - 00000000 ____D C:\Users\Hans Wurst\AppData\Roaming\vlc
2013-12-08 19:21 - 2011-10-13 23:39 - 00000000 ____D C:\Users\Hans Wurst\Documents\Wichtiges
2013-12-05 21:19 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-12-04 22:28 - 2013-12-04 17:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-03 20:07 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-12-03 16:27 - 2013-12-03 16:27 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-03 16:27 - 2013-12-03 16:27 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-03 16:27 - 2013-12-03 16:27 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 16:27 - 2013-12-03 16:27 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 16:27 - 2013-12-03 16:27 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 16:27 - 2013-12-03 16:27 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-03 16:27 - 2013-12-03 16:27 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 16:27 - 2013-12-03 16:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 16:27 - 2013-12-03 16:27 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-03 16:27 - 2013-12-03 16:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-03 16:27 - 2013-12-03 16:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 16:27 - 2013-12-03 16:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 16:27 - 2013-12-03 16:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 16:27 - 2013-12-03 16:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 16:27 - 2013-12-03 16:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 16:27 - 2013-12-03 16:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 16:27 - 2013-12-03 16:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-03 16:26 - 2013-12-03 16:26 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-12-03 16:26 - 2013-12-03 16:26 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-12-03 16:26 - 2013-12-03 16:26 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-03 16:26 - 2013-12-03 16:26 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-12-03 16:26 - 2013-12-03 16:26 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-12-03 16:26 - 2013-12-03 16:26 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-12-03 16:26 - 2013-12-03 16:26 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-12-03 16:26 - 2013-12-03 16:26 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-12-03 16:25 - 2013-12-03 16:25 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-12-03 16:23 - 2012-03-08 18:54 - 00000000 ____D C:\Users\Hans Wurst\Desktop\WWE AllStars PS2
2013-12-03 15:55 - 2011-10-17 16:53 - 00000000 ____D C:\Users\Hans Wurst\AppData\Roaming\dvdcss
2013-12-01 14:58 - 2011-11-15 23:12 - 00000000 ____D C:\Program Files\JDownloader
2013-11-28 13:21 - 2012-10-21 11:17 - 00000000 ____D C:\Users\Hans Wurst\Documents\WB Games
2013-11-28 13:06 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-27 17:16 - 2011-10-13 13:51 - 00000000 ____D C:\Users\Hans Wurst\Documents\My Games
2013-11-26 15:21 - 2012-12-21 17:02 - 00000000 ____D C:\Users\Hans Wurst\Desktop\Norbert
2013-11-26 15:10 - 2013-11-26 15:10 - 00000240 _____ C:\Users\Hans Wurst\AppData\Roaming\MPUI.ini
2013-11-26 15:00 - 2013-11-26 15:00 - 00000989 _____ C:\Users\Hans Wurst\Desktop\MediaCoder.lnk
2013-11-26 15:00 - 2013-11-26 15:00 - 00000000 ____D C:\Users\Hans Wurst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCoder
2013-11-26 15:00 - 2013-11-26 14:59 - 00000000 ____D C:\Program Files\MediaCoder
2013-11-26 14:59 - 2013-11-26 14:59 - 00000000 ____D C:\Users\Hans Wurst\AppData\Roaming\Broad Intelligence
2013-11-26 09:51 - 2013-04-16 21:20 - 00139848 _____ C:\Windows\system32\Drivers\PnkBstrK.sys
2013-11-26 09:50 - 2013-04-16 21:20 - 00282696 _____ C:\Windows\system32\PnkBstrB.exe
2013-11-26 09:50 - 2013-02-26 15:01 - 00282696 _____ C:\Windows\system32\PnkBstrB.xtr
2013-11-26 09:49 - 2013-04-16 21:20 - 00282696 _____ C:\Windows\system32\PnkBstrB.ex0
2013-11-26 09:49 - 2013-02-28 16:15 - 00076888 _____ C:\Windows\system32\PnkBstrA.exe
2013-11-26 09:12 - 2013-11-26 09:12 - 00000000 ____D C:\Users\Hans Wurst\AppData\Local\FalloutNV
2013-11-25 17:02 - 2013-11-25 17:02 - 00000000 ____D C:\Program Files\PopCap Games
2013-11-25 17:02 - 2012-11-24 19:09 - 00000000 ____D C:\ProgramData\PopCap Games
2013-11-25 16:34 - 2012-11-24 19:09 - 00000000 ____D C:\ProgramData\Steam
2013-11-25 16:32 - 2013-11-25 16:32 - 00001818 _____ C:\Users\UpdatusUser\Desktop\Peggle Extreme.lnk
2013-11-25 16:32 - 2013-11-25 16:32 - 00001818 _____ C:\Users\Administrator\Desktop\Peggle Extreme.lnk
2013-11-25 16:32 - 2013-11-25 16:32 - 00000000 ____D C:\Users\Hans Wurst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Peggle Extreme
2013-11-20 11:18 - 2013-11-20 11:18 - 00103600 ____H C:\Windows\system32\mlfcache.dat
2013-11-20 11:17 - 2013-10-15 20:18 - 00000000 ____D C:\Users\Hans Wurst\AppData\Roaming\Apple Computer
2013-11-20 10:59 - 2013-11-20 10:59 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-20 10:59 - 2013-11-20 10:59 - 00000000 ____D C:\Program Files\iTunes
2013-11-20 10:59 - 2013-11-20 10:59 - 00000000 ____D C:\Program Files\iPod
2013-11-20 10:59 - 2013-10-15 20:18 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-20 10:59 - 2013-10-15 20:15 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-11-18 20:44 - 2013-01-05 22:51 - 00000000 ____D C:\Program Files\SpeedFan
2013-11-18 20:42 - 2012-02-18 13:48 - 00000000 ____D C:\Users\Hans Wurst\.gimp-2.6
2013-11-18 20:41 - 2013-11-18 20:41 - 00005351 _____ C:\Users\Hans Wurst\.recently-used.xbel
2013-11-18 20:41 - 2012-02-18 13:53 - 00000000 ____D C:\Users\Hans Wurst\AppData\Roaming\gtk-2.0
2013-11-17 22:30 - 2011-10-25 20:21 - 00000000 ____D C:\Program Files\DivX
2013-11-17 22:30 - 2011-10-25 20:20 - 00000000 ____D C:\ProgramData\DivX
2013-11-17 22:25 - 2013-05-31 14:40 - 00000000 _____ C:\END
2013-11-13 18:28 - 2013-07-22 13:41 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 18:26 - 2011-07-15 16:04 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Windows\Tasks\At1.job


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-01 11:08

==================== End Of Log ============================

--- --- ---

ADDITION.TXT

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-12-2013
Ran by Hans Wurst at 2013-12-10 12:49:22
Running from C:\Users\Hans Wurst\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: COMODO Antivirus (Enabled - Up to date) {458BB331-2324-0753-3D5F-1472EB102AC0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Defense+ (Enabled - Up to date) {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall (Enabled) {7DB03214-694B-060B-1600-BD4715C36DBB}

==================== Installed Programs ======================

7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Assassin's Creed (R) III (Version: 1.01)
AviSynth 2.5
AVStoDVD 2.4.2 (Version: 2.4.2)
Baldur's Gate(TM) II - Shadows of Amn(TM)
Batman Arkham Asylum - Game of the Year Edition
Batman: Arkham City™ GOTY (Version: 1.0.0000.133)
Batman: Arkham Origins
BiosNotice
Bonjour (Version: 3.0.0.10)
Braid (Version: 1.1.0.0)
Brothers - A Tale of Two Sons
Burnout(TM) Paradise The Ultimate Box (Version: 1.0.0.0)
CCleaner (Version: 3.26)
CDBurnerXP (Version: 4.4.0.2968)
COMODO Internet Security (Version: 5.8.15089.2124)
CPUID CPU-Z 1.62
Cthulhu Saves the World 
DAEMON Tools Pro (Version: 5.3.0.0359)
DeepBurner v1.9.0.228
Desperados 1.0
Die Schlacht um Mittelerde™ II
DivX-Setup (Version: 2.6.1.87)
Dual-Core Optimizer (Version: 1.1.4.0169)
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
EAX Unified
Fable III (Version: 1.0.0001.131)
Fable The Lost Chapters (Version: v1.0)
Fallout New Vegas Ultimate Edition
Far Cry (Patch 1.3) (Version: 1.00.0000)
Far Cry (Version: 1.00.0000)
ffdshow v1.2.4422 [2012-04-09] (Version: 1.2.4422.0)
Free YouTube to MP3 Converter version 3.11.26.706 (Version: 3.11.26.706)
GIMP 2.6.12 (Version: 2.6.12)
Google Earth Plug-in (Version: 7.1.1.1888)
Google Update Helper (Version: 1.3.22.3)
Heroes of Might and Magic® IV
ImgBurn (Version: 2.5.5.0)
ISO Creator 1.0 (Version: 1.0.0)
iTunes (Version: 11.1.3.8)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
Java 7 Update 40 (Version: 7.0.400)
Java Auto Updater (Version: 2.1.9.8)
Java(TM) 6 Update 29 (Version: 6.0.290)
JDownloader 0.9 (Version: 0.9)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Marvel(TM) - Ultimate Alliance (Version: 1.00.0000)
MediaCoder 0.8.27.5570 (Version: 0.8.27.5570)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Virtual PC 2007 (Version: 6.0.156.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Mirror's Edge™ (Version: 1.0.1.0)
Mozilla Firefox 25.0 (x86 de) (Version: 25.0)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nero ControlCenter (Version: 11.0.15500)
Nero ControlCenter Help (CHM) (Version: 12.0.7000)
Nero Core Components (Version: 11.0.18900)
Nero Update (Version: 11.0.11800.31.0)
Nero WaveEditor (Version: 12.0.01000)
Nero WaveEditor (Version: 12.0.7000)
Nero WaveEditor Help (CHM) (Version: 12.0.7000)
NVIDIA 3D Vision Controller Driver (Version: 270.61)
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Display Control Panel (Version: 6.14.12.5856)
NVIDIA Drivers (Version: 1.10.61.39)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA HD-Audiotreiber 1.2.24.0 (Version: 1.2.24.0)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OLYMPUS Digital Camera Updater (Version: 1.0.3)
OpenAL
OpenOffice 4.0.1 (Version: 4.01.9714)
Orcs Must Die! 2
Pcsx2 0.9.6 (Version: 1.0.0)
Peggle Deluxe
Peggle Extreme
Peggle World of Warcraft Edition
Prerequisite installer (Version: 12.0.0003)
Project64 1.6 (Version: 1.6)
PunkBuster Services (Version: 0.991)
Rayman Origins (Version: 1.02)
Realtek Ethernet Controller Driver For Windows 7 (Version: 7.18.322.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6215)
Revo Uninstaller 1.94 (Version: 1.94)
RTPatch Update
Saints Row IV (Version: 1)
SpeedFan (remove only)
Steam (Version: 1.0.0.0)
SUPER © v2012.build.52 (July 7, 2012) Version v2012.build.52 (Version: v2012.build.52)
Super Street Fighter IV: Arcade Edition (Version: 1.0.0000.129)
swMSM (Version: 12.0.0.1)
The Battle for Middle-earth (tm)
The Cave (c) SEGA version 1 (Version: 1)
The Walking Dead (Version: 1.0.0.15)
The Walking Dead 400 Days (Version: 1)
The Wolf Among Us (Version: 1)
Tom Clancy's Ghost Recon Future Soldier
Trials 2 Second Edition v1.08
Trials Construction Yard (remove only)
Trials Evolution Gold Edition (Version: 1.0.0.1)
Ubisoft Game Launcher (Version: 1.0.0.0)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Uplay (Version: 2.0)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 2.0.8 (Version: 2.0.8)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (Version: 09/09/2009 1.0.0.0)
WinRAR 4.01 (32-Bit) (Version: 4.01.0)
Worms Reloaded
xrecode II 1.0.0.192

==================== Restore Points  =========================


==================== Hosts content: ==========================

2012-06-19 23:01 - 2012-06-19 23:01 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {09DA004B-EDA5-4A85-87F7-65F906084B91} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe
Task: {115A56A3-8989-4F5F-8011-46907466D8D7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-05] (Google Inc.)
Task: {278BCE78-FBA7-47F6-9498-938596278C2F} - System32\Tasks\{41DF6917-4195-430A-A81A-9BE7E66E877C} => C:\Spiele\Jagged Alliance 2\ja2.exe
Task: {2A12EEFE-1EDD-4105-ADA3-E9F5440F70F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {334B7F71-17A5-46BC-862B-AE09E8D04969} - System32\Tasks\{3A42AEE4-1222-46EC-B38F-4FBE78FB7747} => C:\Spiele\Black &amp; White 2\white.exe
Task: {445EF7F0-F2BC-4D45-B447-A02C9C9B637B} - System32\Tasks\{F88783B7-AEAF-49B0-86DD-B0D184202D2E} => E:\_setup.exe
Task: {4955E841-252E-4DB9-A341-87CD91C2E057} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4E31C3E0-3EE7-4A39-AA5B-4EFCB95EC903} - System32\Tasks\{08860BF6-6A83-4155-A823-8A339D5D91E6} => E:\_setup.exe
Task: {5BA5EDD1-FF28-4CC9-BC5A-590764F030EB} - System32\Tasks\Express Files Updater => C:\Program Files\ExpressFiles\EFupdater.exe
Task: {62D564E8-330B-4D1B-92C4-0A4406A01C08} - System32\Tasks\{B3C461D3-5C9A-4E1C-A64B-D3925D90F6EA} => E:\_setup.exe
Task: {E3060863-7286-4C06-8D2F-82DC5C627C82} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-05] (Google Inc.)
Task: {FE28D0CE-973E-40CA-B735-1EE1D0FD8F80} - System32\Tasks\At1 => cmd.exe /c del /F /Q "C:\Users\Hans Wurst\Downloads\black-and-white-2-crack.exe"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => C:\Users\Hans Wurst\Downloads\black-and-white-2-crack.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-10-15 15:58 - 2011-05-28 21:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2013-12-04 17:03 - 2013-12-04 17:03 - 03554928 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:33D7490A
AlternateDataStreams: C:\ProgramData\TEMP:88050731
AlternateDataStreams: C:\Users\Hans Wurst\Desktop\BAFöG.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Hans Wurst\Desktop\BAFöG.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Hans Wurst\Desktop\bafög1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Hans Wurst\Desktop\bafög1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Hans Wurst\Desktop\bafög2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Hans Wurst\Desktop\bafög2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/10/2013 00:47:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2013 00:39:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2013 08:59:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2013 06:57:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2013 04:27:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2013 09:44:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2013 06:56:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2013 09:50:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2013 03:48:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2013 11:10:31 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/10/2013 00:47:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (12/10/2013 00:47:53 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (12/10/2013 00:45:51 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
ASPI32

Error: (12/10/2013 00:39:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (12/10/2013 00:39:59 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (12/10/2013 00:37:57 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
ASPI32

Error: (12/10/2013 08:59:31 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (12/10/2013 08:59:31 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (12/10/2013 08:57:29 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
ASPI32

Error: (12/09/2013 09:44:02 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.


Microsoft Office Sessions:
=========================
Error: (12/10/2013 00:47:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2013 00:39:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2013 08:59:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2013 06:57:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2013 04:27:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2013 09:44:43 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2013 06:56:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2013 09:50:02 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2013 03:48:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2013 11:10:31 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 3071.24 MB
Available physical RAM: 1928.84 MB
Total Pagefile: 10746.53 MB
Available Pagefile: 9506.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:278.82 GB) NTFS
Drive e: () (Fixed) (Total:232.88 GB) (Free:172.03 GB) NTFS
Drive g: (INTENSO) (Fixed) (Total:931.51 GB) (Free:716.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 3D958B5B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 3BBFD950)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: 0654707D)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Ich hoffe, bisher habe ich alles richtig gemacht?
Achja, beim Deinstallieren heißt es, es wäre nicht genügend Temporärer Speicher vorhanden...

Psychotic · 10.12.2013, 13:19

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

...und ganz wichtig:
Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).

Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.

Schritt 1: MBAM log

Ich sehe, dass du Malwarebytes´ Antimalware installiert hast - es legt bei jedem Scan eine Logdatei an. Öffne das Programm, klicke auf den Reiter Logfiles und exportiere alle dort gespeicherten logdateien. Zippe sie und hänge das Archiv mit an deine Antwort an!

Schritt 2: aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

nolbeltcook · 10.12.2013, 14:00

MBAM LOG ist im Anhang.

aswMBR.exe

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-10 13:30:30
-----------------------------
13:30:30.750    OS Version: Windows 6.1.7601 Service Pack 1
13:30:30.750    Number of processors: 4 586 0xF0B
13:30:30.750    ComputerName: HANS-WURSTS-PC  UserName: Hans Wurst
13:30:35.703    Initialize success
13:35:09.224    AVAST engine defs: 13120902
13:35:13.583    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
13:35:13.583    Disk 0 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 3
13:35:13.583    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-4
13:35:13.583    Disk 1 Vendor: WDC_WD2500BEVS-22UST0 01.01A01 Size: 238475MB BusType: 3
13:35:13.662    Disk 0 MBR read successfully
13:35:13.677    Disk 0 MBR scan
13:35:13.677    Disk 0 Windows 7 default MBR code
13:35:13.677    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:35:13.693    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       953767 MB offset 206848
13:35:13.693    Disk 0 scanning sectors +1953521664
13:35:13.755    Disk 0 scanning C:\Windows\system32\drivers
13:35:35.045    Service scanning
13:36:08.355    Modules scanning
13:36:17.730    Disk 0 trace - called modules:
13:36:17.746    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 
13:36:17.746    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c05030]
13:36:17.761    3 CLASSPNP.SYS[83bd659e] -> nt!IofCallDriver -> [0x866f4848]
13:36:17.761    5 ACPI.sys[8b8b03d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x8670d908]
13:36:18.964    AVAST engine scan C:\Windows
13:36:21.560    AVAST engine scan C:\Windows\system32
13:42:12.629    AVAST engine scan C:\Windows\system32\drivers
13:42:36.822    AVAST engine scan C:\Users\Hans Wurst
13:57:06.671    AVAST engine scan C:\ProgramData
13:59:16.314    Scan finished successfully
14:00:25.299    Disk 0 MBR has been saved successfully to "C:\Users\Hans Wurst\Desktop\MBR.dat"
14:00:25.315    The log file has been saved successfully to "C:\Users\Hans Wurst\Desktop\aswMBR.txt"

Psychotic · 10.12.2013, 14:16

Cracks/Keygens o.ä.

Die Logdateien belegen, dass du gecrackte/illegale Software auf deinem Rechner nutzt.
Alleine der Besuch auf Seiten, welche diese Dateien zum Download anbieten, beinhaltet ein hohes Risiko sich zu infizieren.
Wenn Du den Crack startest, startest du eine ausführbare Datei aus einer sehr dubiosen Quelle. Im Quellcode der Datei kann alles mögliche stehen. ( z.B downloaden und ausführen von Malware-Dateien)
Dies ist einer der Hauptgründe wie man sich infiziert.

Wir tolerieren Software-Diebstahl nicht.

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen, bis jegliche Art von illegaler Software vom Rechner entfernt wurde.

Wir sind nicht die Internetpolizei und werden bestimmt nicht explizit danach suchen.
Darum entferne und lösche alle Cracks, Keygens, usw. und halte dich in Zukunft davon fern.

nolbeltcook · 10.12.2013, 14:26

Danke Marius.
Wir können dann jetzt den Thread schließen.
Eh ich alle Cracks gefunden habe kann ich auch das System neu aufsetzen.

Psychotic · 10.12.2013, 14:28

Dieses Thema scheint erledigt und wurde aus meinen Abos gelöscht.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen!

10.12.2013, 14:28	#6
Psychotic /// Malwareteam	Win 7: keine Deinstallationen mehr möglich, eingeschränkte Rechte als Admin Dieses Thema scheint erledigt und wurde aus meinen Abos gelöscht. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und ein eigenes Thema erstellen! __________________ --> Win 7: keine Deinstallationen mehr möglich, eingeschränkte Rechte als Admin

Win 7: keine Deinstallationen mehr möglich, eingeschränkte Rechte als Admin

Log-Analyse und Auswertung: Win 7: keine Deinstallationen mehr möglich, eingeschränkte Rechte als Admin