Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.12.2012, 17:02   #1
subking
 
ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) - Standard

ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.)



ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.)
malwarebytes durchlaufen lassen findet nichts.vorher habe ich den,mcafee labs stinger laufen lassen und er hat dieses gefunden. ist das nun ein virus .danke für die hilfe.
Malwarebytes Anti-Malware (Test) 1.65.1.1000
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.12.21.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Subking :: SUBKING-PC [limitiert]

Schutz: Aktiviert

21.12.2012 16:46:26
mbam-log-2012-12-21 (16-46-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202374
Laufzeit: 2 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

McAfee(r) Labs Stinger(tm) Version 10.2.0.927 built on Dec 21 2012
Copyright (c) 2012 McAfee, Inc. All Rights Reserved.
Virus data file v1000.0000 created on Dec 21 2012.
Ready to scan for 6068 viruses, trojans and variants.

Scan initiated on Fri Dec 21 15:58:10 2012
Rootkit scan result : Not Scanned


Master Boot Record(s):....1
Possibly Infected:.............0
Boot Sector(s):.................1
Possibly Infected: ............0

c:/\Users\Subking\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZE6ZWQIN\are-at-recognition_welcoming[1].htm
Found the JS/Exploit-Blacole.ht trojan !!!

c:/\Users\Subking\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZE6ZWQIN\are-at-recognition_welcoming[1].htm is infected with the JS/Exploit-Blacole.ht virus !!!

Number of clean files: 500094OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.12.2012 18:19:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Subking\Desktop\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,96 Gb Total Physical Memory | 13,17 Gb Available Physical Memory | 82,51% Memory free
31,92 Gb Paging File | 29,08 Gb Available in Paging File | 91,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 379,07 Gb Free Space | 81,40% Space Free | Partition Type: NTFS
 
Computer Name: SUBKING-PC | User Name: Subking | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.21 18:11:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Subking\Desktop\Downloads\OTL.exe
PRC - [2012.12.19 17:54:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.18 14:57:22 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.18 14:57:06 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.12.18 14:57:03 | 000,400,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.12.18 14:57:03 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.18 14:57:03 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.29 09:26:08 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2007.03.27 17:24:08 | 000,049,152 | ---- | M] (Vimicro) -- C:\Windows\VM301Snap.exe
PRC - [2006.07.04 14:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.29 09:26:21 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2006.07.04 14:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.02 08:36:50 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.12.02 03:14:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.19 17:54:59 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.12.18 21:49:43 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 14:57:22 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.18 14:57:06 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.12.18 14:57:03 | 000,400,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.12.18 14:57:03 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.29 16:06:12 | 002,401,632 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011.10.19 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Programme\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.01.11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.20 23:05:43 | 000,035,328 | ---- | M] (PenMount Touch Solutions) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pmserenum.sys -- (pmserenum)
DRV:64bit: - [2012.12.18 13:51:55 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.18 13:51:55 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.12.18 13:51:54 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.12.02 09:29:48 | 011,270,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.02 08:13:20 | 000,546,816 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.10.25 17:20:28 | 000,769,168 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.10.02 23:26:46 | 000,066,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.28 13:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012.08.07 15:09:00 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012.08.07 15:09:00 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012.06.05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.04 15:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.22 14:21:54 | 000,404,584 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.11.18 14:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009.06.10 21:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009.06.10 21:35:46 | 000,427,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.04.04 20:28:40 | 001,495,936 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2012.11.16 16:38:44 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F 1C 3B 42 FE DE CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Subking\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Subking\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.18 14:53:24 | 000,000,000 | ---D | M]
 
[2012.12.18 14:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Subking\AppData\Roaming\mozilla\Extensions
[2012.12.18 19:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Subking\AppData\Roaming\mozilla\Firefox\Profiles\dqfidusz.default\extensions
[2012.12.18 19:26:09 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Subking\AppData\Roaming\mozilla\firefox\profiles\dqfidusz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.18 14:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Subking\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Subking\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Subking\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Subking\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Google Drive = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: KIDO'Z TV = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokdeafnhahffanabnbjjjjmoechjklc\2.2_0\
CHR - Extension: Into The Mist = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh\1_0\
CHR - Extension: Google Mail = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [XFast LAN] C:\Programme\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BigDogPath] C:\Windows\VM301Snap.exe (Vimicro)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EPSON Stylus DX6000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBIE.EXE /FU "C:\Windows\TEMP\E_SF0D7.tmp" /EF "HKCU" File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E7D61F3-8921-4412-9BF3-E3B619468070}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.21 16:42:17 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Malwarebytes
[2012.12.21 16:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.21 16:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.21 16:42:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.21 16:42:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.21 15:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft
[2012.12.21 15:58:55 | 002,343,968 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\White_Christmas_3D_Screensaver.scr
[2012.12.21 15:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\White Christmas 3D Screensaver
[2012.12.21 15:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012.12.20 23:05:43 | 000,035,328 | ---- | C] (PenMount Touch Solutions) -- C:\Windows\SysNative\drivers\pmserenum.sys
[2012.12.20 20:00:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.12.20 20:00:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.12.20 19:57:58 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sapphire TRIXX
[2012.12.20 19:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sapphire TRIXX
[2012.12.20 15:10:13 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012.12.20 15:10:06 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012.12.20 01:08:13 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012.12.20 00:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.12.20 00:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.12.20 00:43:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.12.20 00:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.12.20 00:41:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.20 00:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2012.12.20 00:33:19 | 000,000,000 | ---D | C] -- C:\Users\Subking\SystemRequirementsLab
[2012.12.19 23:04:04 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012.12.19 23:03:03 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Programs
[2012.12.19 22:19:05 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Ashampoo
[2012.12.19 22:17:47 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\ashampoo
[2012.12.19 22:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2012.12.19 22:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012.12.19 22:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2012.12.19 17:50:27 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\PunkBuster
[2012.12.19 17:42:57 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\ESN
[2012.12.19 17:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2012.12.19 17:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.12.19 17:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012.12.19 17:42:15 | 000,000,000 | ---D | C] -- C:\Users\Subking\Documents\Battlefield 3
[2012.12.19 14:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012.12.19 14:23:53 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012.12.19 12:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle
[2012.12.19 11:48:17 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Adobe
[2012.12.19 11:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.12.19 11:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.12.19 11:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.12.19 10:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012.12.19 10:57:54 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Origin
[2012.12.19 10:57:49 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Origin
[2012.12.19 10:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.12.19 10:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012.12.19 10:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.12.19 10:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012.12.19 10:31:44 | 001,495,936 | ---- | C] (Vimicro Corporation) -- C:\Windows\SysNative\drivers\usbVM31b.sys
[2012.12.19 10:31:44 | 000,225,357 | ---- | C] (Vimicro) -- C:\Windows\SysWow64\VM31bPrp.Ax
[2012.12.19 10:31:44 | 000,094,208 | ---- | C] (www.zsmc.com.cn) -- C:\Windows\VMCap.exe
[2012.12.19 10:31:44 | 000,061,440 | ---- | C] (VM) -- C:\Windows\SysNative\VM31bSTI.dll
[2012.12.19 10:31:44 | 000,049,152 | ---- | C] (Vimicro) -- C:\Windows\VM301Snap.exe
[2012.12.19 10:28:19 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\ElevatedDiagnostics
[2012.12.19 09:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012.12.19 09:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2012.12.19 09:51:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DriverGenius
[2012.12.19 09:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2012.12.19 09:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
[2012.12.19 09:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2012.12.19 09:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carlton Books
[2012.12.19 09:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Carlton Books
[2012.12.19 00:28:16 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\EPSON
[2012.12.18 22:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2012.12.18 22:32:28 | 000,000,000 | ---D | C] -- C:\VueScan
[2012.12.18 22:27:50 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Macromedia
[2012.12.18 22:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2012.12.18 22:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012.12.18 22:11:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2012.12.18 22:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012.12.18 22:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012.12.18 21:43:54 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.12.18 21:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.12.18 21:42:22 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\WinRAR
[2012.12.18 21:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.12.18 21:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.12.18 21:38:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.12.18 21:38:12 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\JDownloader 0.9
[2012.12.18 21:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.12.18 16:08:31 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.12.18 16:08:01 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Google
[2012.12.18 15:31:31 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\AMD
[2012.12.18 15:31:18 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\ATI
[2012.12.18 15:31:18 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\ATI
[2012.12.18 15:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.12.18 15:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.12.18 14:58:07 | 001,632,128 | ---- | C] (cFos Software GmbH) -- C:\Windows\SysNative\drivers\cfosspeed6.sys
[2012.12.18 14:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast LAN
[2012.12.18 14:58:07 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\cFos
[2012.12.18 14:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock
[2012.12.18 14:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\cFos
[2012.12.18 14:53:29 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Mozilla
[2012.12.18 14:53:29 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Mozilla
[2012.12.18 14:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.12.18 14:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.12.18 14:53:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.18 14:37:08 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Macromedia
[2012.12.18 14:37:08 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Adobe
[2012.12.18 14:37:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.12.18 14:36:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.12.18 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Logitech
[2012.12.18 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Leadertech
[2012.12.18 13:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012.12.18 13:58:20 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Logitech
[2012.12.18 13:58:20 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Logishrd
[2012.12.18 13:57:54 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll
[2012.12.18 13:57:54 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll
[2012.12.18 13:57:54 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll
[2012.12.18 13:57:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll
[2012.12.18 13:57:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll
[2012.12.18 13:57:54 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll
[2012.12.18 13:57:54 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll
[2012.12.18 13:57:54 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll
[2012.12.18 13:57:54 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll
[2012.12.18 13:57:54 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll
[2012.12.18 13:57:54 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll
[2012.12.18 13:57:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.12.18 13:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.12.18 13:57:05 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2012.12.18 13:57:05 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.12.18 13:57:05 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.12.18 13:57:05 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.12.18 13:57:05 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.12.18 13:57:04 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2012.12.18 13:57:04 | 000,869,752 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2012.12.18 13:57:04 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.12.18 13:57:04 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.12.18 13:57:04 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.12.18 13:57:04 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.12.18 13:57:04 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.12.18 13:57:04 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.12.18 13:57:04 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.12.18 13:57:03 | 002,714,720 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.12.18 13:57:03 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2012.12.18 13:56:33 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.12.18 13:56:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.12.18 13:55:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.12.18 13:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012.12.18 13:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.12.18 13:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.12.18 13:53:42 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Avira
[2012.12.18 13:53:24 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.18 13:53:24 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.18 13:53:24 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.12.18 13:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.12.18 13:53:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.12.18 13:51:47 | 000,088,832 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronXHCI.sys
[2012.12.18 13:51:47 | 000,065,152 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronHub3.sys
[2012.12.18 13:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Etron Technology
[2012.12.18 13:45:06 | 000,769,168 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012.12.18 13:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.12.18 13:28:08 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.12.18 12:58:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.12.18 12:32:46 | 000,000,000 | ---D | C] -- C:\Users\Subking\Documents\DriverGenius
[2012.12.18 12:31:10 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Diagnostics
[2012.12.18 12:22:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.12.18 12:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.12.18 12:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.12.18 12:18:57 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.12.18 12:18:57 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.12.18 12:18:57 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.12.18 12:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2012.12.18 12:18:49 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\TuneUp Software
[2012.12.18 12:18:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2012.12.18 12:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.12.18 12:18:30 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.12.18 12:18:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.12.18 12:18:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.12.18 12:09:39 | 000,000,000 | R--D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.12.18 12:09:39 | 000,000,000 | R--D | C] -- C:\Users\Subking\Searches
[2012.12.18 12:09:39 | 000,000,000 | R--D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.12.18 12:09:31 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Identities
[2012.12.18 12:09:29 | 000,000,000 | R--D | C] -- C:\Users\Subking\Contacts
[2012.12.18 12:09:27 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\VirtualStore
[2012.12.18 12:09:15 | 000,000,000 | --SD | C] -- C:\Users\Subking\AppData\Roaming\Microsoft
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Videos
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Saved Games
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Pictures
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Music
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Links
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Favorites
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Desktop\Downloads
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Documents
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Desktop
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Vorlagen
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\AppData\Local\Verlauf
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\AppData\Local\Temporary Internet Files
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Startmenü
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\SendTo
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Recent
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Netzwerkumgebung
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Lokale Einstellungen
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Documents\Eigene Videos
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Documents\Eigene Musik
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Eigene Dateien
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Documents\Eigene Bilder
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Druckumgebung
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Cookies
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\AppData\Local\Anwendungsdaten
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Anwendungsdaten
[2012.12.18 12:09:15 | 000,000,000 | -H-D | C] -- C:\Users\Subking\AppData
[2012.12.18 12:09:15 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Temp
[2012.12.18 12:09:15 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Microsoft
[2012.12.18 12:09:15 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Media Center Programs
[2012.12.18 12:06:17 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.12.18 12:06:13 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.12.18 12:01:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.12.18 12:01:31 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2012.12.02 08:59:56 | 000,070,144 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_9.01.8.dll
[2012.12.02 08:37:36 | 000,548,864 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012.12.02 08:36:50 | 000,240,640 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012.12.02 08:35:26 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012.12.02 08:35:10 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012.12.02 03:17:02 | 000,054,784 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.12.02 03:16:58 | 000,050,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.21 18:18:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462201253-762489413-3296892312-1000UA.job
[2012.12.21 18:10:10 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.12.21 18:07:08 | 000,000,000 | ---- | M] () -- C:\Users\Subking\defogger_reenable
[2012.12.21 18:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.21 16:42:03 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.21 16:18:04 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462201253-762489413-3296892312-1000Core.job
[2012.12.21 11:18:31 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.21 11:18:31 | 000,698,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.21 11:18:31 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.21 11:18:31 | 000,148,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.21 11:18:31 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.21 11:05:30 | 000,207,048 | ---- | M] () -- C:\Users\Subking\Desktop\anim.gif
[2012.12.21 10:53:30 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.21 10:53:30 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.21 10:48:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.21 10:47:55 | 4261,642,238 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.21 01:47:11 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.12.21 01:47:11 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.21 01:47:02 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.12.20 23:25:47 | 000,276,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.20 23:05:43 | 000,035,328 | ---- | M] (PenMount Touch Solutions) -- C:\Windows\SysNative\drivers\pmserenum.sys
[2012.12.20 20:20:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.12.20 20:20:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.12.20 19:51:56 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.12.19 18:39:32 | 000,000,636 | ---- | M] () -- C:\Users\Subking\Desktop\VueScan.lnk
[2012.12.19 18:09:01 | 000,001,381 | ---- | M] () -- C:\Users\Subking\Desktop\Dokument.rtf
[2012.12.19 17:54:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.19 14:23:54 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.12.19 09:50:54 | 000,001,207 | ---- | M] () -- C:\Users\Subking\Desktop\Driver Genius Professional Edition.lnk
[2012.12.19 09:37:01 | 000,002,391 | ---- | M] () -- C:\Users\Public\Desktop\Cars Augmented Reality.lnk
[2012.12.19 00:09:26 | 790,553,767 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.12.18 22:12:35 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2012.12.18 22:11:42 | 000,000,308 | ---- | M] () -- C:\Windows\setup.iss
[2012.12.18 15:28:41 | 001,558,224 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.18 14:58:07 | 000,000,003 | ---- | M] () -- C:\Users\Subking\AppData\Local\user_data.ini
[2012.12.18 14:04:07 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.12.18 13:51:55 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.18 13:51:55 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.12.18 13:51:54 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.18 13:24:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.12.18 12:04:38 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.12.18 12:04:38 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.12.08 14:01:16 | 002,343,968 | ---- | M] (3Planesoft) -- C:\Windows\SysWow64\White_Christmas_3D_Screensaver.scr
[2012.12.02 09:03:22 | 000,320,136 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012.12.02 09:03:22 | 000,320,136 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2012.12.02 08:59:56 | 000,070,144 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst_9.01.8.dll
[2012.12.02 08:38:16 | 003,053,056 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2012.12.02 08:37:36 | 000,548,864 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012.12.02 08:36:50 | 000,240,640 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012.12.02 08:35:26 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012.12.02 08:35:10 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012.12.02 08:27:50 | 003,084,672 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2012.12.02 03:26:50 | 000,222,720 | ---- | M] () -- C:\Windows\SysNative\clinfo.exe
[2012.12.02 03:17:02 | 000,054,784 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.12.02 03:16:58 | 000,050,176 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.11.29 16:06:14 | 000,034,656 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.11.29 16:06:08 | 000,025,952 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.11.29 16:06:08 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
 
========== Files Created - No Company Name ==========
 
[2012.12.21 18:07:08 | 000,000,000 | ---- | C] () -- C:\Users\Subking\defogger_reenable
[2012.12.21 16:42:03 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.21 11:05:29 | 000,207,048 | ---- | C] () -- C:\Users\Subking\Desktop\anim.gif
[2012.12.20 20:20:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.12.20 20:20:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.12.20 15:10:49 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2012.12.20 15:10:40 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012.12.20 15:10:01 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012.12.20 15:09:58 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012.12.20 15:09:58 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012.12.20 15:09:51 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2012.12.20 15:09:51 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012.12.19 18:09:01 | 000,001,381 | ---- | C] () -- C:\Users\Subking\Desktop\Dokument.rtf
[2012.12.19 17:50:30 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.12.19 14:23:54 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.12.19 14:23:16 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.19 14:23:16 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.12.19 14:23:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.19 11:36:56 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.12.19 10:31:44 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe
[2012.12.19 10:31:44 | 000,049,152 | ---- | C] () -- C:\Windows\amcap.exe
[2012.12.19 09:50:54 | 000,001,207 | ---- | C] () -- C:\Users\Subking\Desktop\Driver Genius Professional Edition.lnk
[2012.12.19 09:37:01 | 000,002,391 | ---- | C] () -- C:\Users\Public\Desktop\Cars Augmented Reality.lnk
[2012.12.19 01:04:45 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.19 00:50:50 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.18 22:32:31 | 000,000,648 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VueScan.lnk
[2012.12.18 22:32:31 | 000,000,636 | ---- | C] () -- C:\Users\Subking\Desktop\VueScan.lnk
[2012.12.18 22:12:35 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2012.12.18 22:11:32 | 000,000,308 | ---- | C] () -- C:\Windows\setup.iss
[2012.12.18 21:38:45 | 000,002,082 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.12.18 21:38:45 | 000,002,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.12.18 21:38:45 | 000,002,033 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.12.18 16:08:03 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462201253-762489413-3296892312-1000UA.job
[2012.12.18 16:08:02 | 000,001,076 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462201253-762489413-3296892312-1000Core.job
[2012.12.18 15:28:41 | 001,558,224 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.18 14:58:07 | 000,000,003 | ---- | C] () -- C:\Users\Subking\AppData\Local\user_data.ini
[2012.12.18 14:53:26 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.12.18 14:37:03 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.18 14:04:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.12.18 13:57:05 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2012.12.18 13:57:04 | 000,378,949 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012.12.18 13:24:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.12.18 12:58:21 | 790,553,767 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.12.18 12:18:55 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.12.18 12:18:55 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.12.18 12:18:54 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2012.12.18 12:09:46 | 000,001,405 | ---- | C] () -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.12.18 12:09:41 | 000,001,439 | ---- | C] () -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.12.18 12:01:08 | 4261,642,238 | -HS- | C] () -- C:\hiberfil.sys
[2012.12.02 09:03:22 | 000,320,136 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012.12.02 09:03:22 | 000,320,136 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2012.12.02 08:38:16 | 003,053,056 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2012.12.02 08:27:50 | 003,084,672 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2012.12.02 03:26:50 | 000,222,720 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe
[2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.19 23:05:22 | 000,000,000 | ---D | M] -- C:\Users\Subking\AppData\Roaming\Ashampoo
[2012.12.19 00:28:17 | 000,000,000 | ---D | M] -- C:\Users\Subking\AppData\Roaming\EPSON
[2012.12.18 14:00:04 | 000,000,000 | ---D | M] -- C:\Users\Subking\AppData\Roaming\Leadertech
[2012.12.20 00:47:13 | 000,000,000 | ---D | M] -- C:\Users\Subking\AppData\Roaming\Origin
[2012.12.18 12:18:49 | 000,000,000 | ---D | M] -- C:\Users\Subking\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.12.2012 18:19:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Subking\Desktop\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,96 Gb Total Physical Memory | 13,17 Gb Available Physical Memory | 82,51% Memory free
31,92 Gb Paging File | 29,08 Gb Available in Paging File | 91,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 379,07 Gb Free Space | 81,40% Space Free | Partition Type: NTFS
 
Computer Name: SUBKING-PC | User Name: Subking | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28A21D4E-ACBD-4362-924C-F678D980504E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{28D3511D-1B98-4310-92EB-821A0252A3C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{436A081B-4797-4F38-AA71-27A83655F058}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{479AFD82-075B-45CC-80A5-C26D31397F71}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{54386493-02BD-4FA9-B0CF-3F473D06F16B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{61519C62-0604-4F9C-A615-4FE8E0D4CAF5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{672641E3-03C3-441F-9536-B3C8AFD3369C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6AD158B2-7420-4D55-8218-F285F11A6420}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{75BD5D0C-1224-4FF5-A69D-4171335B85A8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8175270D-2B32-4916-9D5F-85C246FB3BD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{92C790FA-77EB-4E5D-A658-C00F7F8F6F31}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A0CD54ED-EFBB-4BBF-8E66-55C9203CEB40}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AE120379-8A11-4675-84CA-91C29E885683}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B69E71A7-D658-4E97-A999-B4183771FCC5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B7DC768C-6242-4819-B5DB-04087FA8BE23}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BB38DBA8-B00E-4027-B8D7-1D7EA5D7B7DF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BDA1A26D-4FA7-4DB6-AF32-E06BC5E338FB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BE5E9DA4-0C2D-47E9-954C-92A09B133D9E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CB8D552B-71CF-4BBB-BBC6-CEE4ECDA9413}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D6DEF478-AD2B-4B56-B41E-3ADF887A546C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DAB8468F-5FA8-4008-81B6-4F864E9B5C02}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DBC66C37-E0A0-4038-BC0D-8A22317DAB4F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E7E3BB6D-AB0E-4B73-9625-C72EE71DF8EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{103CD463-3EBD-4DD8-B921-CE87EDA3A545}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{17DFE101-BA4E-48DA-AB1E-6541C19F5439}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1CE324C0-520D-4A93-92F2-9F803D74DB35}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{26A0AAA2-099D-4F73-8FD8-D82E106333BA}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{2889CAB3-ABF2-4DB7-A007-F4F3160AB3D0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{36FAEC84-DB68-40C0-BAFB-1A6772F87C50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4A8F1BD4-BD1E-4105-BAD0-DED090919465}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{57DFF7F3-6E67-42AB-B91A-ABCEFD7A7C25}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{58FA284E-C34F-4DD4-8499-3665D23F2ABF}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{5A7F3E2C-7C18-4040-A22A-280A091408C3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5AF9A282-EF3B-4A17-BF3E-9B9377D8FAC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6B0436B1-0AC2-4DDB-BA0F-CEA2685CDBED}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6C76DEDB-9DE4-4E28-8294-3FACD70A719A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{6EF4EAF9-E074-4A77-B251-44692EEE98A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8873FBD4-3988-4928-9477-C83DC4372C11}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C77A4E4-46C3-4E0F-A0E7-CDA091E3F8BB}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{9A58D375-AC36-44BA-9D58-D608C42F20D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A59429B7-A5F2-4912-91A9-A05E2D58C69B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B869AE45-4ABA-4000-99A3-1CF50CFD9108}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BA1076B0-CFB6-4A92-8169-0F6E3A0E6080}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C1F656A9-AFBF-48E4-B579-C2FEF23921F9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C3F76D1F-9FDA-4E7B-94F7-739910A05E3C}" = protocol=6 | dir=out | app=system | 
"{D883A65E-8C3F-41E6-8B14-FE278C7D421C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E243D72D-8B0E-4394-84F4-97F643458AC6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E8B943C8-DA23-40D7-9FA2-30AF7AFD4A7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F124448B-83E5-4AA4-B17A-EF568370E21D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F3EC10FD-6BC9-4639-97CF-FD86DDADE68A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FAE12100-A9A1-447F-A6D8-0AE4E3C87EEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{9F996473-E669-46D2-8BE1-6FF705FC3CCB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{00FFC8E1-CC1D-4010-8969-630F00627E29}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{065B40C5-5F4C-9CF1-7A21-2B2EAA74E44D}" = AMD Fuel
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5BA8D4F0-C15F-57FE-2B6C-C4AF214833CE}" = AMD Accelerated Video Transcoding
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9064F37C-66B4-BAF2-E8A7-EDE5E72BB16D}" = AMD Media Foundation Decoders
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{BECAA3A9-CC5A-615C-5FF5-F5261E153CF0}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F436A08B-63BB-72A2-17C0-6D8E5182CA49}" = AMD Catalyst Install Manager
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"VueScan" = VueScan
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
"XFast LAN" = XFast LAN v6.61
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12E777A1-74B6-AD5A-D2CD-C792464E425B}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{2B8D8529-DA80-74D8-4898-DAA028746E08}" = CCC Help Korean
"{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
"{34E7E124-7AA8-1274-1BA2-90CBD7F6B708}" = CCC Help Thai
"{3C912BF1-73FE-B493-C7D6-04EBF14F57A2}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{549FACD7-A5F5-6EA8-7A19-8F7E8CE282A7}" = Catalyst Control Center Localization All
"{5753C527-E2AA-2B8B-AFD1-D4325A0A44B4}" = CCC Help Chinese Standard
"{613C67FF-E71D-124A-6380-E0E77F9438F7}" = CCC Help Polish
"{632B73D1-C23A-0BD4-FBE2-175B680876A9}" = CCC Help Norwegian
"{659F48FB-0A8A-49A1-3FD2-C6F069C10893}" = Catalyst Control Center Graphics Previews Common
"{70CEC2B6-BE72-E9B1-D6B8-C1A3CA170D1F}" = Catalyst Control Center InstallProxy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A3C7EE-10A4-EA61-AC31-335E0500DE48}" = CCC Help English
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77F94BE8-A504-352B-E873-FC78E5FA9CD7}" = CCC Help Japanese
"{79AAA7A5-6917-2C53-7FCB-C00B54602149}" = CCC Help Chinese Traditional
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{91B33C97-93EB-244C-F687-71D85E45A206}_is1" = Ashampoo Burning Studio 12 v.12.0.3
"{926E4789-8065-6F3B-9D9A-5E6AABA000BC}" = CCC Help Czech
"{92F39985-0DA5-4CC4-869F-2A3048C182E6}" = System Requirements Lab
"{9700C74F-1D07-FD53-6430-A858B34E30B7}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0E64741-5C93-FCCD-6A90-248D3C92CAFA}" = CCC Help Greek
"{A8D4FFA9-94CA-B0E4-7ED0-A7FD4DEDB106}" = CCC Help Hungarian
"{A9D5BCE3-6D8B-95B0-925F-F39BFAAB4177}" = CCC Help French
"{ABA15F5D-057C-2677-3C90-04838682F66B}" = CCC Help Dutch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACC88BAA-D748-E9D9-3F72-B359EFD11912}" = CCC Help Swedish
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{D33CE733-2DE9-D582-9D35-323F9F79A1EB}" = CCC Help Italian
"{D67A9023-307F-B5A0-8621-5258D3FA9813}" = CCC Help German
"{D7D6CCD3-D9BD-EA92-288E-EFCBDE939FF5}" = AMD VISION Engine Control Center
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EF666029-2EDF-C792-D438-34940ED13A46}" = CCC Help Finnish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38EF546-DCE4-E290-AB73-4C57A3AC70A0}" = CCC Help Danish
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{FE6A55DF-D79E-7469-37CC-3E7F08098FCA}" = CCC Help Spanish
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v10.0.15
"Avira AntiVir Desktop" = Avira Antivirus Premium
"Battlelog Web Plugins" = Battlelog Web Plugins
"Cars Augmented Reality" = Cars Augmented Reality
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ESN Sonar-0.70.4" = ESN Sonar
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"jdownloader09" = JDownloader 0.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Sapphire TRIXX" = Sapphire TRIXX
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Veetle TV" = Veetle TV
"White Christmas 3D Screensaver and Animated Wallpaper_is1" = White Christmas 3D Screensaver and Animated Wallpaper 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.12.2012 14:23:10 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.12.2012 14:23:11 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.12.2012 14:23:11 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.12.2012 14:23:12 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.12.2012 14:23:12 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.12.2012 15:13:41 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.12.2012 15:13:42 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.12.2012 17:11:31 | Computer Name = Subking-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version:
 16.0.0.400, Zeitstempel: 0x4ab84bb7  Name des fehlerhaften Moduls: ISSetup.dll, Version:
 16.0.0.400, Zeitstempel: 0x4ab84b70  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000a7a6f
ID
 des fehlerhaften Prozesses: 0x14b4  Startzeit der fehlerhaften Anwendung: 0x01cddd642453e209
Pfad
 der fehlerhaften Anwendung: C:\Users\Subking\AppData\Local\Temp\WZSE0.TMP\setup.exe
Pfad
 des fehlerhaften Moduls: C:\Users\Subking\AppData\Local\Temp\WZSE0.TMP\ISSetup.dll
Berichtskennung:
 7e6154a7-4957-11e2-b852-bc5ff4220308
 
Error - 19.12.2012 13:00:59 | Computer Name = Subking-PC | Source = Application Hang | ID = 1002
Description = Programm bf3.exe, Version 1.5.0.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: d54    Startzeit: 
01cdde08eaf998c6    Endzeit: 658    Anwendungspfad: C:\Program Files (x86)\Origin Games\Battlefield
 3\bf3.exe    Berichts-ID:   
 
Error - 19.12.2012 13:05:24 | Computer Name = Subking-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel:
 0x508b5457  Name des fehlerhaften Moduls: bf3.exe, Version: 1.5.0.0, Zeitstempel:
 0x508b5457  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00a908b7  ID des fehlerhaften Prozesses:
 0x12c0  Startzeit der fehlerhaften Anwendung: 0x01cdde0ab37728af  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe  Berichtskennung:
 46ff2b4d-49fe-11e2-8a20-bc5ff4220308
 
[ System Events ]
Error - 19.12.2012 04:29:24 | Computer Name = Subking-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%109
 
Error - 19.12.2012 04:29:24 | Computer Name = Subking-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%109
 
Error - 19.12.2012 04:31:46 | Computer Name = Subking-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 
beendet:   %%16405
 
Error - 19.12.2012 10:19:48 | Computer Name = Subking-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 19.12.2012 15:22:19 | Computer Name = Subking-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 19.12.2012 20:07:52 | Computer Name = Subking-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
 (KB2454826)
 
Error - 19.12.2012 20:08:10 | Computer Name = Subking-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Windows Internet Explorer 9 für Windows 7 für
 x64-basierte Systeme
 
Error - 19.12.2012 20:08:11 | Computer Name = Subking-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
 (KB2484033)
 
Error - 20.12.2012 16:35:04 | Computer Name = Subking-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:   %%-2147467243
 
Error - 20.12.2012 16:45:12 | Computer Name = Subking-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80242016 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
 (KB2454826)
 
 
< End of report >
         
--- --- ---

Geändert von subking (21.12.2012 um 17:37 Uhr) Grund: hatte windows 8 drauf habe aber wieder gewechselt zu win 7 .

Alt 21.12.2012, 17:03   #2
markusg
/// Malware-holic
 
ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) - Standard

ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.)



Hi
gibt es einen Grund, aus dem du geprüft hast?
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 21.12.2012, 20:44   #3
markusg
/// Malware-holic
 
ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) - Standard

ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.)



Hi,
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
__________________

Alt 21.12.2012, 21:28   #4
subking
 
ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) - Standard

ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.)



nabend hoffe das es so richtig ist

Alt 25.12.2012, 12:35   #5
rajo
/// Helfer-Team
 
ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) - Standard

ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.)



Zitat:
Zitat von subking Beitrag anzeigen
nabend hoffe das es so richtig ist
Leider wenig brauchbar - bitte keine Bilder/screenshots in Wordpad quälen
plain text - reiner Text ist erwünscht !

Rajo

nachtrag:
das Utility schreibt außerdem das Log Datei in das RootVerzeichniss also C:\
in der form Utility Name.version_Datum_Zeit_log.txt | E.g. C:\TDSSKiller.2.4.17.0_10.02.2011_11.20.55_log.txt;


Alt 27.12.2012, 14:19   #6
markusg
/// Malware-holic
 
ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) - Standard

ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.)



Hi
genau wie angegeben, Log posten bitte.
__________________
--> ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.)

Antwort

Themen zu ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.)
adblock, anti-malware, appdata, autostart, boot, clean, data, dateien, driver genius, echtzeit-scanner, explorer, file, files, found, free, gen, infected, install.exe, jdownloader, launch, mas, mcafee, microsoft, not, service, speicher, stinger, test, trojaner, version, virus, windows internet



Ähnliche Themen: ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.)


  1. Habe möglicherweise einen Virus / Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.06.2015 (3)
  2. ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht
    Mülltonne - 21.12.2012 (4)
  3. Habe ich einen Trojaner / Virus?
    Log-Analyse und Auswertung - 07.10.2012 (9)
  4. Exploit-CVE2012-1723.f und Exploit-PDF!Blacole.o gefunden
    Log-Analyse und Auswertung - 02.10.2012 (11)
  5. Java/Exploit.Blacole.AN Trojaner ? Gelöscht, was nu Sys clr oder nicht ?
    Log-Analyse und Auswertung - 23.03.2012 (7)
  6. ich, hab, einen, virus, ich, glaub, das, ist ein trojana
    Log-Analyse und Auswertung - 09.02.2012 (1)
  7. ich glaub ich hab einen keylogger virus
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (27)
  8. Habe ich einen Hacker/Virus/Trojaner?
    Log-Analyse und Auswertung - 01.06.2010 (5)
  9. Hab ein Virus glaub aber keine ahnung was für einen
    Plagegeister aller Art und deren Bekämpfung - 18.01.2010 (1)
  10. Guten Morgen ich habe ein Gefühl ich habe nun einen Virus/Trojaner
    Log-Analyse und Auswertung - 23.12.2009 (1)
  11. Habe ich einen Virus/Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 31.08.2009 (3)
  12. ich glaub ich habe einen trojaner...:-(
    Log-Analyse und Auswertung - 04.07.2007 (1)
  13. HILFE! Ich glaub ich hab einen Trojaner.
    Log-Analyse und Auswertung - 25.06.2007 (6)
  14. Hab mir glaub ich einen trojaner eingefangen :(
    Log-Analyse und Auswertung - 15.08.2006 (8)
  15. Hilfe! Ich habe einen Virus/Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.11.2004 (6)
  16. Ich habe glaub ich einen Virus
    Antiviren-, Firewall- und andere Schutzprogramme - 17.10.2004 (19)
  17. Hüülfääää,ich glaub ich hab einen Virus drauf,Riesenprobleme
    Plagegeister aller Art und deren Bekämpfung - 08.03.2004 (4)

Zum Thema ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) - ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) malwarebytes durchlaufen lassen findet nichts.vorher habe ich den,mcafee labs stinger laufen lassen und er hat dieses gefunden. ist das nun ein virus - ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.)...
Archiv
Du betrachtest: ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.