| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.12.2012, 18:02
| #1 |
| |  ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) malwarebytes durchlaufen lassen findet nichts.vorher habe ich den,mcafee labs stinger laufen lassen und er hat dieses gefunden. ist das nun ein virus .danke für die hilfe. Malwarebytes Anti-Malware (Test) 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.12.21.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Subking :: SUBKING-PC [limitiert] Schutz: Aktiviert 21.12.2012 16:46:26 mbam-log-2012-12-21 (16-46-26).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 202374 Laufzeit: 2 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) McAfee(r) Labs Stinger(tm) Version 10.2.0.927 built on Dec 21 2012 Copyright (c) 2012 McAfee, Inc. All Rights Reserved. Virus data file v1000.0000 created on Dec 21 2012. Ready to scan for 6068 viruses, trojans and variants. Scan initiated on Fri Dec 21 15:58:10 2012 Rootkit scan result : Not Scanned Master Boot Record(s):....1 Possibly Infected:.............0 Boot Sector(s):.................1 Possibly Infected: ............0 c:/\Users\Subking\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZE6ZWQIN\are-at-recognition_welcoming[1].htm Found the JS/Exploit-Blacole.ht trojan !!! c:/\Users\Subking\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZE6ZWQIN\are-at-recognition_welcoming[1].htm is infected with the JS/Exploit-Blacole.ht virus !!! Number of clean files: 500094OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.12.2012 18:19:56 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Subking\Desktop\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,96 Gb Total Physical Memory | 13,17 Gb Available Physical Memory | 82,51% Memory free 31,92 Gb Paging File | 29,08 Gb Available in Paging File | 91,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 379,07 Gb Free Space | 81,40% Space Free | Partition Type: NTFS Computer Name: SUBKING-PC | User Name: Subking | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.21 18:11:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Subking\Desktop\Downloads\OTL.exe PRC - [2012.12.19 17:54:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.12.18 14:57:22 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.18 14:57:06 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.12.18 14:57:03 | 000,400,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.12.18 14:57:03 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.18 14:57:03 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.29 09:26:08 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2007.03.27 17:24:08 | 000,049,152 | ---- | M] (Vimicro) -- C:\Windows\VM301Snap.exe PRC - [2006.07.04 14:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe ========== Modules (No Company Name) ========== MOD - [2012.11.29 09:26:21 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2006.07.04 14:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe ========== Services (SafeList) ========== SRV:64bit: - [2012.12.02 08:36:50 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.12.02 03:14:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.12.19 17:54:59 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.12.18 21:49:43 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 14:57:22 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.18 14:57:06 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.12.18 14:57:03 | 000,400,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.12.18 14:57:03 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.29 16:06:12 | 002,401,632 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2011.10.19 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Programme\ASRock\XFast LAN\spd.exe -- (cFosSpeedS) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.01.11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.20 23:05:43 | 000,035,328 | ---- | M] (PenMount Touch Solutions) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pmserenum.sys -- (pmserenum) DRV:64bit: - [2012.12.18 13:51:55 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.18 13:51:55 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.12.18 13:51:54 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.12.02 09:29:48 | 011,270,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.02 08:13:20 | 000,546,816 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.10.25 17:20:28 | 000,769,168 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.10.02 23:26:46 | 000,066,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.08.28 13:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2012.08.07 15:09:00 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2012.08.07 15:09:00 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2012.06.05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.07.04 15:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.22 14:21:54 | 000,404,584 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.11.18 14:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64) DRV:64bit: - [2009.06.10 21:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64) DRV:64bit: - [2009.06.10 21:35:46 | 000,427,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187Se.sys -- (RTL8187Se) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.04.04 20:28:40 | 001,495,936 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM31b.sys -- (ZSMC301b) DRV - [2012.11.16 16:38:44 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F 1C 3B 42 FE DE CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Subking\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Subking\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.18 14:53:24 | 000,000,000 | ---D | M] [2012.12.18 14:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Subking\AppData\Roaming\mozilla\Extensions [2012.12.18 19:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Subking\AppData\Roaming\mozilla\Firefox\Profiles\dqfidusz.default\extensions [2012.12.18 19:26:09 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Subking\AppData\Roaming\mozilla\firefox\profiles\dqfidusz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.18 14:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Subking\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Subking\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Subking\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Users\Subking\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Google Drive = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Google-Suche = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: KIDO'Z TV = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokdeafnhahffanabnbjjjjmoechjklc\2.2_0\ CHR - Extension: Into The Mist = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh\1_0\ CHR - Extension: Google Mail = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Domino] C:\Windows\Domino.exe () O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [XFast LAN] C:\Programme\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BigDogPath] C:\Windows\VM301Snap.exe (Vimicro) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [EPSON Stylus DX6000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBIE.EXE /FU "C:\Windows\TEMP\E_SF0D7.tmp" /EF "HKCU" File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E7D61F3-8921-4412-9BF3-E3B619468070}: DhcpNameServer = 192.168.178.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.21 16:42:17 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Malwarebytes [2012.12.21 16:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.21 16:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.21 16:42:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.21 16:42:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.21 15:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft [2012.12.21 15:58:55 | 002,343,968 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\White_Christmas_3D_Screensaver.scr [2012.12.21 15:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\White Christmas 3D Screensaver [2012.12.21 15:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2012.12.20 23:05:43 | 000,035,328 | ---- | C] (PenMount Touch Solutions) -- C:\Windows\SysNative\drivers\pmserenum.sys [2012.12.20 20:00:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.12.20 20:00:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.12.20 19:57:58 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sapphire TRIXX [2012.12.20 19:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sapphire TRIXX [2012.12.20 15:10:13 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2012.12.20 15:10:06 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2012.12.20 01:08:13 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2012.12.20 00:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.12.20 00:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.12.20 00:43:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.12.20 00:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2012.12.20 00:41:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.12.20 00:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2012.12.20 00:33:19 | 000,000,000 | ---D | C] -- C:\Users\Subking\SystemRequirementsLab [2012.12.19 23:04:04 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo [2012.12.19 23:03:03 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Programs [2012.12.19 22:19:05 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Ashampoo [2012.12.19 22:17:47 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\ashampoo [2012.12.19 22:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo [2012.12.19 22:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2012.12.19 22:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo [2012.12.19 17:50:27 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\PunkBuster [2012.12.19 17:42:57 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\ESN [2012.12.19 17:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins [2012.12.19 17:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2012.12.19 17:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2012.12.19 17:42:15 | 000,000,000 | ---D | C] -- C:\Users\Subking\Documents\Battlefield 3 [2012.12.19 14:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2012.12.19 14:23:53 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2012.12.19 12:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle [2012.12.19 11:48:17 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Adobe [2012.12.19 11:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.12.19 11:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.12.19 11:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.12.19 10:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2012.12.19 10:57:54 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Origin [2012.12.19 10:57:49 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Origin [2012.12.19 10:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2012.12.19 10:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2012.12.19 10:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012.12.19 10:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2012.12.19 10:31:44 | 001,495,936 | ---- | C] (Vimicro Corporation) -- C:\Windows\SysNative\drivers\usbVM31b.sys [2012.12.19 10:31:44 | 000,225,357 | ---- | C] (Vimicro) -- C:\Windows\SysWow64\VM31bPrp.Ax [2012.12.19 10:31:44 | 000,094,208 | ---- | C] (www.zsmc.com.cn) -- C:\Windows\VMCap.exe [2012.12.19 10:31:44 | 000,061,440 | ---- | C] (VM) -- C:\Windows\SysNative\VM31bSTI.dll [2012.12.19 10:31:44 | 000,049,152 | ---- | C] (Vimicro) -- C:\Windows\VM301Snap.exe [2012.12.19 10:28:19 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\ElevatedDiagnostics [2012.12.19 09:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012.12.19 09:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software [2012.12.19 09:51:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DriverGenius [2012.12.19 09:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius [2012.12.19 09:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition [2012.12.19 09:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft [2012.12.19 09:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carlton Books [2012.12.19 09:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Carlton Books [2012.12.19 00:28:16 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\EPSON [2012.12.18 22:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson [2012.12.18 22:32:28 | 000,000,000 | ---D | C] -- C:\VueScan [2012.12.18 22:27:50 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Macromedia [2012.12.18 22:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL [2012.12.18 22:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software [2012.12.18 22:11:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software [2012.12.18 22:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [2012.12.18 22:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2012.12.18 21:43:54 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.12.18 21:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.12.18 21:42:22 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\WinRAR [2012.12.18 21:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.12.18 21:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.12.18 21:38:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.12.18 21:38:12 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\JDownloader 0.9 [2012.12.18 21:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.12.18 16:08:31 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.12.18 16:08:01 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Google [2012.12.18 15:31:31 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\AMD [2012.12.18 15:31:18 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\ATI [2012.12.18 15:31:18 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\ATI [2012.12.18 15:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012.12.18 15:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.12.18 14:58:07 | 001,632,128 | ---- | C] (cFos Software GmbH) -- C:\Windows\SysNative\drivers\cfosspeed6.sys [2012.12.18 14:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast LAN [2012.12.18 14:58:07 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\cFos [2012.12.18 14:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock [2012.12.18 14:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\cFos [2012.12.18 14:53:29 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Mozilla [2012.12.18 14:53:29 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Mozilla [2012.12.18 14:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.12.18 14:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.12.18 14:53:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.18 14:37:08 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Macromedia [2012.12.18 14:37:08 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Adobe [2012.12.18 14:37:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012.12.18 14:36:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.12.18 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Logitech [2012.12.18 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Leadertech [2012.12.18 13:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2012.12.18 13:58:20 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Logitech [2012.12.18 13:58:20 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Logishrd [2012.12.18 13:57:54 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll [2012.12.18 13:57:54 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll [2012.12.18 13:57:54 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll [2012.12.18 13:57:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll [2012.12.18 13:57:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll [2012.12.18 13:57:54 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll [2012.12.18 13:57:54 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll [2012.12.18 13:57:54 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll [2012.12.18 13:57:54 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll [2012.12.18 13:57:54 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll [2012.12.18 13:57:54 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll [2012.12.18 13:57:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012.12.18 13:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2012.12.18 13:57:05 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll [2012.12.18 13:57:05 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012.12.18 13:57:05 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2012.12.18 13:57:05 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2012.12.18 13:57:05 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012.12.18 13:57:04 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll [2012.12.18 13:57:04 | 000,869,752 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2012.12.18 13:57:04 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012.12.18 13:57:04 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2012.12.18 13:57:04 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012.12.18 13:57:04 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012.12.18 13:57:04 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012.12.18 13:57:04 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012.12.18 13:57:04 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012.12.18 13:57:03 | 002,714,720 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012.12.18 13:57:03 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll [2012.12.18 13:56:33 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2012.12.18 13:56:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012.12.18 13:55:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.12.18 13:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2012.12.18 13:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2012.12.18 13:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2012.12.18 13:53:42 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Avira [2012.12.18 13:53:24 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.18 13:53:24 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.18 13:53:24 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.12.18 13:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.12.18 13:53:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.12.18 13:51:47 | 000,088,832 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronXHCI.sys [2012.12.18 13:51:47 | 000,065,152 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronHub3.sys [2012.12.18 13:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Etron Technology [2012.12.18 13:45:06 | 000,769,168 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2012.12.18 13:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012.12.18 13:28:08 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.12.18 12:58:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.12.18 12:32:46 | 000,000,000 | ---D | C] -- C:\Users\Subking\Documents\DriverGenius [2012.12.18 12:31:10 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Diagnostics [2012.12.18 12:22:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2012.12.18 12:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.12.18 12:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2012.12.18 12:18:57 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2012.12.18 12:18:57 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2012.12.18 12:18:57 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2012.12.18 12:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2012.12.18 12:18:49 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\TuneUp Software [2012.12.18 12:18:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013 [2012.12.18 12:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.12.18 12:18:30 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.12.18 12:18:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.12.18 12:18:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.12.18 12:09:39 | 000,000,000 | R--D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.12.18 12:09:39 | 000,000,000 | R--D | C] -- C:\Users\Subking\Searches [2012.12.18 12:09:39 | 000,000,000 | R--D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.12.18 12:09:31 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Identities [2012.12.18 12:09:29 | 000,000,000 | R--D | C] -- C:\Users\Subking\Contacts [2012.12.18 12:09:27 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\VirtualStore [2012.12.18 12:09:15 | 000,000,000 | --SD | C] -- C:\Users\Subking\AppData\Roaming\Microsoft [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Videos [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Saved Games [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Pictures [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Music [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Links [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Favorites [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Desktop\Downloads [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Documents [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Desktop [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Vorlagen [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\AppData\Local\Verlauf [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\AppData\Local\Temporary Internet Files [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Startmenü [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\SendTo [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Recent [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Netzwerkumgebung [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Lokale Einstellungen [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Documents\Eigene Videos [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Documents\Eigene Musik [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Eigene Dateien [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Documents\Eigene Bilder [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Druckumgebung [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Cookies [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\AppData\Local\Anwendungsdaten [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Anwendungsdaten [2012.12.18 12:09:15 | 000,000,000 | -H-D | C] -- C:\Users\Subking\AppData [2012.12.18 12:09:15 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Temp [2012.12.18 12:09:15 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Microsoft [2012.12.18 12:09:15 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Media Center Programs [2012.12.18 12:06:17 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Programme [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.12.18 12:06:13 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.12.18 12:01:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.12.18 12:01:31 | 000,000,000 | ---D | C] -- C:\Windows\CSC [2012.12.02 08:59:56 | 000,070,144 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_9.01.8.dll [2012.12.02 08:37:36 | 000,548,864 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2012.12.02 08:36:50 | 000,240,640 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2012.12.02 08:35:26 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2012.12.02 08:35:10 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2012.12.02 03:17:02 | 000,054,784 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.12.02 03:16:58 | 000,050,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll ========== Files - Modified Within 30 Days ========== [2012.12.21 18:18:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462201253-762489413-3296892312-1000UA.job [2012.12.21 18:10:10 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.12.21 18:07:08 | 000,000,000 | ---- | M] () -- C:\Users\Subking\defogger_reenable [2012.12.21 18:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.21 16:42:03 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.21 16:18:04 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462201253-762489413-3296892312-1000Core.job [2012.12.21 11:18:31 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.21 11:18:31 | 000,698,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.21 11:18:31 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.21 11:18:31 | 000,148,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.21 11:18:31 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.21 11:05:30 | 000,207,048 | ---- | M] () -- C:\Users\Subking\Desktop\anim.gif [2012.12.21 10:53:30 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.21 10:53:30 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.21 10:48:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.21 10:47:55 | 4261,642,238 | -HS- | M] () -- C:\hiberfil.sys [2012.12.21 01:47:11 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.12.21 01:47:11 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.21 01:47:02 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.12.20 23:25:47 | 000,276,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.20 23:05:43 | 000,035,328 | ---- | M] (PenMount Touch Solutions) -- C:\Windows\SysNative\drivers\pmserenum.sys [2012.12.20 20:20:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.12.20 20:20:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.12.20 19:51:56 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.12.19 18:39:32 | 000,000,636 | ---- | M] () -- C:\Users\Subking\Desktop\VueScan.lnk [2012.12.19 18:09:01 | 000,001,381 | ---- | M] () -- C:\Users\Subking\Desktop\Dokument.rtf [2012.12.19 17:54:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.19 14:23:54 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2012.12.19 09:50:54 | 000,001,207 | ---- | M] () -- C:\Users\Subking\Desktop\Driver Genius Professional Edition.lnk [2012.12.19 09:37:01 | 000,002,391 | ---- | M] () -- C:\Users\Public\Desktop\Cars Augmented Reality.lnk [2012.12.19 00:09:26 | 790,553,767 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.12.18 22:12:35 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk [2012.12.18 22:11:42 | 000,000,308 | ---- | M] () -- C:\Windows\setup.iss [2012.12.18 15:28:41 | 001,558,224 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.18 14:58:07 | 000,000,003 | ---- | M] () -- C:\Users\Subking\AppData\Local\user_data.ini [2012.12.18 14:04:07 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2012.12.18 13:51:55 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.18 13:51:55 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.12.18 13:51:54 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.18 13:24:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.12.18 12:04:38 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.12.18 12:04:38 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.12.08 14:01:16 | 002,343,968 | ---- | M] (3Planesoft) -- C:\Windows\SysWow64\White_Christmas_3D_Screensaver.scr [2012.12.02 09:03:22 | 000,320,136 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb [2012.12.02 09:03:22 | 000,320,136 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb [2012.12.02 08:59:56 | 000,070,144 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst_9.01.8.dll [2012.12.02 08:38:16 | 003,053,056 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap [2012.12.02 08:37:36 | 000,548,864 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2012.12.02 08:36:50 | 000,240,640 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2012.12.02 08:35:26 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2012.12.02 08:35:10 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2012.12.02 08:27:50 | 003,084,672 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap [2012.12.02 03:26:50 | 000,222,720 | ---- | M] () -- C:\Windows\SysNative\clinfo.exe [2012.12.02 03:17:02 | 000,054,784 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.12.02 03:16:58 | 000,050,176 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.11.29 16:06:14 | 000,034,656 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2012.11.29 16:06:08 | 000,025,952 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2012.11.29 16:06:08 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll ========== Files Created - No Company Name ========== [2012.12.21 18:07:08 | 000,000,000 | ---- | C] () -- C:\Users\Subking\defogger_reenable [2012.12.21 16:42:03 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.21 11:05:29 | 000,207,048 | ---- | C] () -- C:\Users\Subking\Desktop\anim.gif [2012.12.20 20:20:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.12.20 20:20:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.12.20 15:10:49 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe [2012.12.20 15:10:40 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2012.12.20 15:10:01 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2012.12.20 15:09:58 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2012.12.20 15:09:58 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2012.12.20 15:09:51 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc [2012.12.20 15:09:51 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2012.12.19 18:09:01 | 000,001,381 | ---- | C] () -- C:\Users\Subking\Desktop\Dokument.rtf [2012.12.19 17:50:30 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.12.19 14:23:54 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2012.12.19 14:23:16 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.19 14:23:16 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.12.19 14:23:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.19 11:36:56 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.12.19 10:31:44 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe [2012.12.19 10:31:44 | 000,049,152 | ---- | C] () -- C:\Windows\amcap.exe [2012.12.19 09:50:54 | 000,001,207 | ---- | C] () -- C:\Users\Subking\Desktop\Driver Genius Professional Edition.lnk [2012.12.19 09:37:01 | 000,002,391 | ---- | C] () -- C:\Users\Public\Desktop\Cars Augmented Reality.lnk [2012.12.19 01:04:45 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.12.19 00:50:50 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.18 22:32:31 | 000,000,648 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VueScan.lnk [2012.12.18 22:32:31 | 000,000,636 | ---- | C] () -- C:\Users\Subking\Desktop\VueScan.lnk [2012.12.18 22:12:35 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk [2012.12.18 22:11:32 | 000,000,308 | ---- | C] () -- C:\Windows\setup.iss [2012.12.18 21:38:45 | 000,002,082 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.12.18 21:38:45 | 000,002,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012.12.18 21:38:45 | 000,002,033 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012.12.18 16:08:03 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462201253-762489413-3296892312-1000UA.job [2012.12.18 16:08:02 | 000,001,076 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462201253-762489413-3296892312-1000Core.job [2012.12.18 15:28:41 | 001,558,224 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.18 14:58:07 | 000,000,003 | ---- | C] () -- C:\Users\Subking\AppData\Local\user_data.ini [2012.12.18 14:53:26 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.12.18 14:37:03 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.18 14:04:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.12.18 13:57:05 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat [2012.12.18 13:57:04 | 000,378,949 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2012.12.18 13:24:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.12.18 12:58:21 | 790,553,767 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.12.18 12:18:55 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.12.18 12:18:55 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.12.18 12:18:54 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2012.12.18 12:09:46 | 000,001,405 | ---- | C] () -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.12.18 12:09:41 | 000,001,439 | ---- | C] () -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.12.18 12:01:08 | 4261,642,238 | -HS- | C] () -- C:\hiberfil.sys [2012.12.02 09:03:22 | 000,320,136 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb [2012.12.02 09:03:22 | 000,320,136 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb [2012.12.02 08:38:16 | 003,053,056 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap [2012.12.02 08:27:50 | 003,084,672 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap [2012.12.02 03:26:50 | 000,222,720 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe [2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.19 23:05:22 | 000,000,000 | ---D | M] -- C:\Users\Subking\AppData\Roaming\Ashampoo [2012.12.19 00:28:17 | 000,000,000 | ---D | M] -- C:\Users\Subking\AppData\Roaming\EPSON [2012.12.18 14:00:04 | 000,000,000 | ---D | M] -- C:\Users\Subking\AppData\Roaming\Leadertech [2012.12.20 00:47:13 | 000,000,000 | ---D | M] -- C:\Users\Subking\AppData\Roaming\Origin [2012.12.18 12:18:49 | 000,000,000 | ---D | M] -- C:\Users\Subking\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.12.2012 18:19:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Subking\Desktop\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,96 Gb Total Physical Memory | 13,17 Gb Available Physical Memory | 82,51% Memory free
31,92 Gb Paging File | 29,08 Gb Available in Paging File | 91,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 379,07 Gb Free Space | 81,40% Space Free | Partition Type: NTFS
Computer Name: SUBKING-PC | User Name: Subking | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28A21D4E-ACBD-4362-924C-F678D980504E}" = lport=138 | protocol=17 | dir=in | app=system |
"{28D3511D-1B98-4310-92EB-821A0252A3C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{436A081B-4797-4F38-AA71-27A83655F058}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{479AFD82-075B-45CC-80A5-C26D31397F71}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54386493-02BD-4FA9-B0CF-3F473D06F16B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{61519C62-0604-4F9C-A615-4FE8E0D4CAF5}" = lport=139 | protocol=6 | dir=in | app=system |
"{672641E3-03C3-441F-9536-B3C8AFD3369C}" = lport=445 | protocol=6 | dir=in | app=system |
"{6AD158B2-7420-4D55-8218-F285F11A6420}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75BD5D0C-1224-4FF5-A69D-4171335B85A8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8175270D-2B32-4916-9D5F-85C246FB3BD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{92C790FA-77EB-4E5D-A658-C00F7F8F6F31}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0CD54ED-EFBB-4BBF-8E66-55C9203CEB40}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AE120379-8A11-4675-84CA-91C29E885683}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B69E71A7-D658-4E97-A999-B4183771FCC5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B7DC768C-6242-4819-B5DB-04087FA8BE23}" = rport=445 | protocol=6 | dir=out | app=system |
"{BB38DBA8-B00E-4027-B8D7-1D7EA5D7B7DF}" = rport=138 | protocol=17 | dir=out | app=system |
"{BDA1A26D-4FA7-4DB6-AF32-E06BC5E338FB}" = rport=139 | protocol=6 | dir=out | app=system |
"{BE5E9DA4-0C2D-47E9-954C-92A09B133D9E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB8D552B-71CF-4BBB-BBC6-CEE4ECDA9413}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D6DEF478-AD2B-4B56-B41E-3ADF887A546C}" = rport=137 | protocol=17 | dir=out | app=system |
"{DAB8468F-5FA8-4008-81B6-4F864E9B5C02}" = lport=137 | protocol=17 | dir=in | app=system |
"{DBC66C37-E0A0-4038-BC0D-8A22317DAB4F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E7E3BB6D-AB0E-4B73-9625-C72EE71DF8EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{103CD463-3EBD-4DD8-B921-CE87EDA3A545}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{17DFE101-BA4E-48DA-AB1E-6541C19F5439}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1CE324C0-520D-4A93-92F2-9F803D74DB35}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{26A0AAA2-099D-4F73-8FD8-D82E106333BA}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{2889CAB3-ABF2-4DB7-A007-F4F3160AB3D0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{36FAEC84-DB68-40C0-BAFB-1A6772F87C50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A8F1BD4-BD1E-4105-BAD0-DED090919465}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{57DFF7F3-6E67-42AB-B91A-ABCEFD7A7C25}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58FA284E-C34F-4DD4-8499-3665D23F2ABF}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{5A7F3E2C-7C18-4040-A22A-280A091408C3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5AF9A282-EF3B-4A17-BF3E-9B9377D8FAC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B0436B1-0AC2-4DDB-BA0F-CEA2685CDBED}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6C76DEDB-9DE4-4E28-8294-3FACD70A719A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{6EF4EAF9-E074-4A77-B251-44692EEE98A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8873FBD4-3988-4928-9477-C83DC4372C11}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C77A4E4-46C3-4E0F-A0E7-CDA091E3F8BB}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{9A58D375-AC36-44BA-9D58-D608C42F20D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A59429B7-A5F2-4912-91A9-A05E2D58C69B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B869AE45-4ABA-4000-99A3-1CF50CFD9108}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA1076B0-CFB6-4A92-8169-0F6E3A0E6080}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1F656A9-AFBF-48E4-B579-C2FEF23921F9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C3F76D1F-9FDA-4E7B-94F7-739910A05E3C}" = protocol=6 | dir=out | app=system |
"{D883A65E-8C3F-41E6-8B14-FE278C7D421C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E243D72D-8B0E-4394-84F4-97F643458AC6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8B943C8-DA23-40D7-9FA2-30AF7AFD4A7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F124448B-83E5-4AA4-B17A-EF568370E21D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F3EC10FD-6BC9-4639-97CF-FD86DDADE68A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FAE12100-A9A1-447F-A6D8-0AE4E3C87EEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{9F996473-E669-46D2-8BE1-6FF705FC3CCB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{00FFC8E1-CC1D-4010-8969-630F00627E29}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{065B40C5-5F4C-9CF1-7A21-2B2EAA74E44D}" = AMD Fuel
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5BA8D4F0-C15F-57FE-2B6C-C4AF214833CE}" = AMD Accelerated Video Transcoding
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9064F37C-66B4-BAF2-E8A7-EDE5E72BB16D}" = AMD Media Foundation Decoders
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{BECAA3A9-CC5A-615C-5FF5-F5261E153CF0}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F436A08B-63BB-72A2-17C0-6D8E5182CA49}" = AMD Catalyst Install Manager
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"VueScan" = VueScan
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
"XFast LAN" = XFast LAN v6.61
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12E777A1-74B6-AD5A-D2CD-C792464E425B}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{2B8D8529-DA80-74D8-4898-DAA028746E08}" = CCC Help Korean
"{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
"{34E7E124-7AA8-1274-1BA2-90CBD7F6B708}" = CCC Help Thai
"{3C912BF1-73FE-B493-C7D6-04EBF14F57A2}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{549FACD7-A5F5-6EA8-7A19-8F7E8CE282A7}" = Catalyst Control Center Localization All
"{5753C527-E2AA-2B8B-AFD1-D4325A0A44B4}" = CCC Help Chinese Standard
"{613C67FF-E71D-124A-6380-E0E77F9438F7}" = CCC Help Polish
"{632B73D1-C23A-0BD4-FBE2-175B680876A9}" = CCC Help Norwegian
"{659F48FB-0A8A-49A1-3FD2-C6F069C10893}" = Catalyst Control Center Graphics Previews Common
"{70CEC2B6-BE72-E9B1-D6B8-C1A3CA170D1F}" = Catalyst Control Center InstallProxy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A3C7EE-10A4-EA61-AC31-335E0500DE48}" = CCC Help English
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77F94BE8-A504-352B-E873-FC78E5FA9CD7}" = CCC Help Japanese
"{79AAA7A5-6917-2C53-7FCB-C00B54602149}" = CCC Help Chinese Traditional
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{91B33C97-93EB-244C-F687-71D85E45A206}_is1" = Ashampoo Burning Studio 12 v.12.0.3
"{926E4789-8065-6F3B-9D9A-5E6AABA000BC}" = CCC Help Czech
"{92F39985-0DA5-4CC4-869F-2A3048C182E6}" = System Requirements Lab
"{9700C74F-1D07-FD53-6430-A858B34E30B7}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0E64741-5C93-FCCD-6A90-248D3C92CAFA}" = CCC Help Greek
"{A8D4FFA9-94CA-B0E4-7ED0-A7FD4DEDB106}" = CCC Help Hungarian
"{A9D5BCE3-6D8B-95B0-925F-F39BFAAB4177}" = CCC Help French
"{ABA15F5D-057C-2677-3C90-04838682F66B}" = CCC Help Dutch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACC88BAA-D748-E9D9-3F72-B359EFD11912}" = CCC Help Swedish
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{D33CE733-2DE9-D582-9D35-323F9F79A1EB}" = CCC Help Italian
"{D67A9023-307F-B5A0-8621-5258D3FA9813}" = CCC Help German
"{D7D6CCD3-D9BD-EA92-288E-EFCBDE939FF5}" = AMD VISION Engine Control Center
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EF666029-2EDF-C792-D438-34940ED13A46}" = CCC Help Finnish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38EF546-DCE4-E290-AB73-4C57A3AC70A0}" = CCC Help Danish
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{FE6A55DF-D79E-7469-37CC-3E7F08098FCA}" = CCC Help Spanish
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v10.0.15
"Avira AntiVir Desktop" = Avira Antivirus Premium
"Battlelog Web Plugins" = Battlelog Web Plugins
"Cars Augmented Reality" = Cars Augmented Reality
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ESN Sonar-0.70.4" = ESN Sonar
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"jdownloader09" = JDownloader 0.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Sapphire TRIXX" = Sapphire TRIXX
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Veetle TV" = Veetle TV
"White Christmas 3D Screensaver and Animated Wallpaper_is1" = White Christmas 3D Screensaver and Animated Wallpaper 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.12.2012 14:23:10 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.12.2012 14:23:11 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.12.2012 14:23:11 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.12.2012 14:23:12 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.12.2012 14:23:12 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.12.2012 15:13:41 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.12.2012 15:13:42 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.12.2012 17:11:31 | Computer Name = Subking-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version:
16.0.0.400, Zeitstempel: 0x4ab84bb7 Name des fehlerhaften Moduls: ISSetup.dll, Version:
16.0.0.400, Zeitstempel: 0x4ab84b70 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a7a6f
ID
des fehlerhaften Prozesses: 0x14b4 Startzeit der fehlerhaften Anwendung: 0x01cddd642453e209
Pfad
der fehlerhaften Anwendung: C:\Users\Subking\AppData\Local\Temp\WZSE0.TMP\setup.exe
Pfad
des fehlerhaften Moduls: C:\Users\Subking\AppData\Local\Temp\WZSE0.TMP\ISSetup.dll
Berichtskennung:
7e6154a7-4957-11e2-b852-bc5ff4220308
Error - 19.12.2012 13:00:59 | Computer Name = Subking-PC | Source = Application Hang | ID = 1002
Description = Programm bf3.exe, Version 1.5.0.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d54 Startzeit:
01cdde08eaf998c6 Endzeit: 658 Anwendungspfad: C:\Program Files (x86)\Origin Games\Battlefield
3\bf3.exe Berichts-ID:
Error - 19.12.2012 13:05:24 | Computer Name = Subking-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel:
0x508b5457 Name des fehlerhaften Moduls: bf3.exe, Version: 1.5.0.0, Zeitstempel:
0x508b5457 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00a908b7 ID des fehlerhaften Prozesses:
0x12c0 Startzeit der fehlerhaften Anwendung: 0x01cdde0ab37728af Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Berichtskennung:
46ff2b4d-49fe-11e2-8a20-bc5ff4220308
[ System Events ]
Error - 19.12.2012 04:29:24 | Computer Name = Subking-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%109
Error - 19.12.2012 04:29:24 | Computer Name = Subking-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%109
Error - 19.12.2012 04:31:46 | Computer Name = Subking-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%16405
Error - 19.12.2012 10:19:48 | Computer Name = Subking-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 19.12.2012 15:22:19 | Computer Name = Subking-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 19.12.2012 20:07:52 | Computer Name = Subking-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
(KB2454826)
Error - 19.12.2012 20:08:10 | Computer Name = Subking-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Windows Internet Explorer 9 für Windows 7 für
x64-basierte Systeme
Error - 19.12.2012 20:08:11 | Computer Name = Subking-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
(KB2484033)
Error - 20.12.2012 16:35:04 | Computer Name = Subking-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147467243
Error - 20.12.2012 16:45:12 | Computer Name = Subking-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
(KB2454826)
< End of report >
Geändert von subking (21.12.2012 um 18:37 Uhr) Grund: hatte windows 8 drauf habe aber wieder gewechselt zu win 7 . |
|
21.12.2012, 18:03
| #2 |
| /// Malware-holic   | ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) Hi
__________________gibt es einen Grund, aus dem du geprüft hast? Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
21.12.2012, 21:44
| #3 |
| /// Malware-holic | ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) Hi,
__________________download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ |
|
21.12.2012, 22:28
| #4 |
| | ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) nabend hoffe das es so richtig ist |
|
25.12.2012, 13:35
| #5 | |
| /// Helfer-Team   | ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.)Zitat:
 - bitte keine Bilder/screenshots in Wordpad quälen plain text - reiner Text ist erwünscht ! Rajo nachtrag: das Utility schreibt außerdem das Log Datei in das RootVerzeichniss also C:\ in der form Utility Name.version_Datum_Zeit_log.txt | E.g. C:\TDSSKiller.2.4.17.0_10.02.2011_11.20.55_log.txt; |
|
27.12.2012, 15:19
| #6 |
| /// Malware-holic | ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) Hi genau wie angegeben, Log posten bitte.
__________________ --> ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) |
|
| Themen zu ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) |
| adblock, anti-malware, appdata, autostart, boot, clean, data, dateien, driver genius, echtzeit-scanner, explorer, file, files, found, free, gen, infected, install.exe, jdownloader, launch, mas, mcafee, microsoft, not, plug-in, service, speicher, stinger, test, trojaner, version, virus, windows internet |
