|
Mülltonne: ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemachtWindows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
21.12.2012, 19:30 | #1 |
| ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) malwarebytes durchlaufen lassen findet nichts.vorher habe ich den,mcafee labs stinger laufen lassen und er hat dieses gefunden. ist das nun ein virus .danke für die hilfe. Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.21.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Subking :: SUBKING-PC [limitiert] Schutz: Aktiviert 21.12.2012 16:46:26 mbam-log-2012-12-21 (16-46-26).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 202374 Laufzeit: 2 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) McAfee(r) Labs Stinger(tm) Version 10.2.0.927 built on Dec 21 2012 Copyright (c) 2012 McAfee, Inc. All Rights Reserved. Virus data file v1000.0000 created on Dec 21 2012. Ready to scan for 6068 viruses, trojans and variants. Scan initiated on Fri Dec 21 15:58:10 2012 Rootkit scan result : Not Scanned Master Boot Record(s):....1 Possibly Infected:.............0 Boot Sector(s):.................1 Possibly Infected: ............0 c:/\Users\Subking\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZE6ZWQIN\are-at-recognition_welcoming[1].htm Found the JS/Exploit-Blacole.ht trojan !!! c:/\Users\Subking\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZE6ZWQIN\are-at-recognition_welcoming[1].htm is infected with the JS/Exploit-Blacole.ht virus !!! Number of clean files: 500094 Number of infected files: 1 OTL logfile created on: 21.12.2012 18:49:36 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Subking\Desktop\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,96 Gb Total Physical Memory | 12,95 Gb Available Physical Memory | 81,17% Memory free 31,92 Gb Paging File | 28,84 Gb Available in Paging File | 90,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 378,70 Gb Free Space | 81,32% Space Free | Partition Type: NTFS Computer Name: SUBKING-PC | User Name: Subking | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.21 18:11:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Subking\Desktop\Downloads\OTL.exe PRC - [2012.12.19 17:54:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.12.18 14:57:22 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.18 14:57:06 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.12.18 14:57:03 | 000,400,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.12.18 14:57:03 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.18 14:57:03 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.29 09:26:08 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.10.24 00:49:12 | 010,500,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB2737083-x64.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.09.11 05:07:26 | 000,088,024 | ---- | M] (Microsoft Corporation) -- c:\04777b0b96cec420c32e5ba8ae\Setup.exe PRC - [2012.07.09 00:40:10 | 000,137,120 | ---- | M] (Microsoft Corporation) -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe PRC - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2007.03.27 17:24:08 | 000,049,152 | ---- | M] (Vimicro) -- C:\Windows\VM301Snap.exe PRC - [2006.07.04 14:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe ========== Modules (No Company Name) ========== MOD - [2012.11.29 09:26:21 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2006.07.04 14:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe ========== Services (SafeList) ========== SRV:64bit: - [2012.12.02 08:36:50 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.12.02 03:14:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.12.19 17:54:59 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.12.18 21:49:43 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 14:57:22 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.18 14:57:06 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.12.18 14:57:03 | 000,400,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.12.18 14:57:03 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.29 16:06:12 | 002,401,632 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2011.10.19 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Programme\ASRock\XFast LAN\spd.exe -- (cFosSpeedS) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.01.11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.20 23:05:43 | 000,035,328 | ---- | M] (PenMount Touch Solutions) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pmserenum.sys -- (pmserenum) DRV:64bit: - [2012.12.18 13:51:55 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.18 13:51:55 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.12.18 13:51:54 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.12.02 09:29:48 | 011,270,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.02 08:13:20 | 000,546,816 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.10.25 17:20:28 | 000,769,168 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.10.02 23:26:46 | 000,066,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.08.28 13:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2012.08.07 15:09:00 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2012.08.07 15:09:00 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2012.06.05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.07.04 15:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.22 14:21:54 | 000,404,584 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.11.18 14:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64) DRV:64bit: - [2009.06.10 21:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64) DRV:64bit: - [2009.06.10 21:35:46 | 000,427,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187Se.sys -- (RTL8187Se) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.04.04 20:28:40 | 001,495,936 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM31b.sys -- (ZSMC301b) DRV - [2012.11.16 16:38:44 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F 1C 3B 42 FE DE CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Subking\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Subking\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.18 14:53:24 | 000,000,000 | ---D | M] [2012.12.18 14:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Subking\AppData\Roaming\mozilla\Extensions [2012.12.18 19:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Subking\AppData\Roaming\mozilla\Firefox\Profiles\dqfidusz.default\extensions [2012.12.18 19:26:09 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Subking\AppData\Roaming\mozilla\firefox\profiles\dqfidusz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.18 14:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Subking\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Subking\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Subking\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Users\Subking\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Google Drive = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Google-Suche = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: KIDO'Z TV = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokdeafnhahffanabnbjjjjmoechjklc\2.2_0\ CHR - Extension: Into The Mist = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh\1_0\ CHR - Extension: Google Mail = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Domino] C:\Windows\Domino.exe () O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [XFast LAN] C:\Programme\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BigDogPath] C:\Windows\VM301Snap.exe (Vimicro) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [EPSON Stylus DX6000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBIE.EXE /FU "C:\Windows\TEMP\E_SF0D7.tmp" /EF "HKCU" File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E7D61F3-8921-4412-9BF3-E3B619468070}: DhcpNameServer = 192.168.178.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.21 18:50:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.12.21 18:50:27 | 000,000,000 | ---D | C] -- C:\aa9fcd72967658aa4a4e05 [2012.12.21 16:42:17 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Malwarebytes [2012.12.21 16:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.21 16:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.21 16:42:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.21 16:42:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.21 15:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft [2012.12.21 15:58:55 | 002,343,968 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\White_Christmas_3D_Screensaver.scr [2012.12.21 15:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\White Christmas 3D Screensaver [2012.12.21 15:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2012.12.20 23:05:43 | 000,035,328 | ---- | C] (PenMount Touch Solutions) -- C:\Windows\SysNative\drivers\pmserenum.sys [2012.12.20 20:00:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.12.20 20:00:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.12.20 19:57:58 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sapphire TRIXX [2012.12.20 19:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sapphire TRIXX [2012.12.20 15:10:13 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2012.12.20 15:10:06 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2012.12.20 01:08:13 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2012.12.20 00:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.12.20 00:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.12.20 00:43:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.12.20 00:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2012.12.20 00:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2012.12.20 00:33:19 | 000,000,000 | ---D | C] -- C:\Users\Subking\SystemRequirementsLab [2012.12.19 23:04:04 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo [2012.12.19 23:03:03 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Programs [2012.12.19 22:19:05 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Ashampoo [2012.12.19 22:17:47 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\ashampoo [2012.12.19 22:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo [2012.12.19 22:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2012.12.19 22:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo [2012.12.19 17:50:27 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\PunkBuster [2012.12.19 17:42:57 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\ESN [2012.12.19 17:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins [2012.12.19 17:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2012.12.19 17:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2012.12.19 17:42:15 | 000,000,000 | ---D | C] -- C:\Users\Subking\Documents\Battlefield 3 [2012.12.19 14:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2012.12.19 14:23:53 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2012.12.19 12:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle [2012.12.19 11:48:17 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Adobe [2012.12.19 11:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.12.19 11:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.12.19 11:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.12.19 10:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2012.12.19 10:57:54 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Origin [2012.12.19 10:57:49 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Origin [2012.12.19 10:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2012.12.19 10:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2012.12.19 10:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2012.12.19 10:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2012.12.19 10:31:44 | 001,495,936 | ---- | C] (Vimicro Corporation) -- C:\Windows\SysNative\drivers\usbVM31b.sys [2012.12.19 10:31:44 | 000,225,357 | ---- | C] (Vimicro) -- C:\Windows\SysWow64\VM31bPrp.Ax [2012.12.19 10:31:44 | 000,094,208 | ---- | C] (www.zsmc.com.cn) -- C:\Windows\VMCap.exe [2012.12.19 10:31:44 | 000,061,440 | ---- | C] (VM) -- C:\Windows\SysNative\VM31bSTI.dll [2012.12.19 10:31:44 | 000,049,152 | ---- | C] (Vimicro) -- C:\Windows\VM301Snap.exe [2012.12.19 10:28:19 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\ElevatedDiagnostics [2012.12.19 09:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012.12.19 09:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software [2012.12.19 09:51:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DriverGenius [2012.12.19 09:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius [2012.12.19 09:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition [2012.12.19 09:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft [2012.12.19 09:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carlton Books [2012.12.19 09:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Carlton Books [2012.12.19 00:28:16 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\EPSON [2012.12.18 22:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson [2012.12.18 22:32:28 | 000,000,000 | ---D | C] -- C:\VueScan [2012.12.18 22:27:50 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Macromedia [2012.12.18 22:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL [2012.12.18 22:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software [2012.12.18 22:11:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software [2012.12.18 22:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [2012.12.18 22:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2012.12.18 21:43:54 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.12.18 21:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.12.18 21:42:22 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\WinRAR [2012.12.18 21:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.12.18 21:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.12.18 21:38:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.12.18 21:38:12 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\JDownloader 0.9 [2012.12.18 21:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.12.18 16:08:31 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.12.18 16:08:01 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Google [2012.12.18 15:31:31 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\AMD [2012.12.18 15:31:18 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\ATI [2012.12.18 15:31:18 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\ATI [2012.12.18 15:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012.12.18 15:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.12.18 14:58:07 | 001,632,128 | ---- | C] (cFos Software GmbH) -- C:\Windows\SysNative\drivers\cfosspeed6.sys [2012.12.18 14:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast LAN [2012.12.18 14:58:07 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\cFos [2012.12.18 14:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock [2012.12.18 14:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\cFos [2012.12.18 14:53:29 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Mozilla [2012.12.18 14:53:29 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Mozilla [2012.12.18 14:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.12.18 14:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.12.18 14:53:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.18 14:37:08 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Macromedia [2012.12.18 14:37:08 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Adobe [2012.12.18 14:37:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012.12.18 14:36:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.12.18 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Logitech [2012.12.18 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Leadertech [2012.12.18 13:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2012.12.18 13:58:20 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Logitech [2012.12.18 13:58:20 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Logishrd [2012.12.18 13:57:54 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll [2012.12.18 13:57:54 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll [2012.12.18 13:57:54 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll [2012.12.18 13:57:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll [2012.12.18 13:57:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll [2012.12.18 13:57:54 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll [2012.12.18 13:57:54 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll [2012.12.18 13:57:54 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll [2012.12.18 13:57:54 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll [2012.12.18 13:57:54 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll [2012.12.18 13:57:54 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll [2012.12.18 13:57:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012.12.18 13:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2012.12.18 13:57:05 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll [2012.12.18 13:57:05 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012.12.18 13:57:05 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2012.12.18 13:57:05 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2012.12.18 13:57:05 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012.12.18 13:57:04 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll [2012.12.18 13:57:04 | 000,869,752 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2012.12.18 13:57:04 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012.12.18 13:57:04 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2012.12.18 13:57:04 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012.12.18 13:57:04 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012.12.18 13:57:04 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012.12.18 13:57:04 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012.12.18 13:57:04 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012.12.18 13:57:03 | 002,714,720 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012.12.18 13:57:03 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll [2012.12.18 13:56:33 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2012.12.18 13:56:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012.12.18 13:55:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.12.18 13:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2012.12.18 13:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2012.12.18 13:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2012.12.18 13:53:42 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Avira [2012.12.18 13:53:24 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.18 13:53:24 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.18 13:53:24 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.12.18 13:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.12.18 13:53:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.12.18 13:51:47 | 000,088,832 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronXHCI.sys [2012.12.18 13:51:47 | 000,065,152 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronHub3.sys [2012.12.18 13:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Etron Technology [2012.12.18 13:45:06 | 000,769,168 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2012.12.18 13:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012.12.18 13:28:08 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.12.18 12:58:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.12.18 12:32:46 | 000,000,000 | ---D | C] -- C:\Users\Subking\Documents\DriverGenius [2012.12.18 12:31:10 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Diagnostics [2012.12.18 12:22:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2012.12.18 12:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.12.18 12:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2012.12.18 12:18:57 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2012.12.18 12:18:57 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2012.12.18 12:18:57 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2012.12.18 12:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2012.12.18 12:18:49 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\TuneUp Software [2012.12.18 12:18:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013 [2012.12.18 12:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.12.18 12:18:30 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.12.18 12:18:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.12.18 12:18:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.12.18 12:09:39 | 000,000,000 | R--D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.12.18 12:09:39 | 000,000,000 | R--D | C] -- C:\Users\Subking\Searches [2012.12.18 12:09:39 | 000,000,000 | R--D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.12.18 12:09:31 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Identities [2012.12.18 12:09:29 | 000,000,000 | R--D | C] -- C:\Users\Subking\Contacts [2012.12.18 12:09:27 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\VirtualStore [2012.12.18 12:09:15 | 000,000,000 | --SD | C] -- C:\Users\Subking\AppData\Roaming\Microsoft [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Videos [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Saved Games [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Pictures [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Music [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Links [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Favorites [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Desktop\Downloads [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Documents [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Desktop [2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Vorlagen [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\AppData\Local\Verlauf [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\AppData\Local\Temporary Internet Files [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Startmenü [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\SendTo [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Recent [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Netzwerkumgebung [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Lokale Einstellungen [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Documents\Eigene Videos [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Documents\Eigene Musik [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Eigene Dateien [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Documents\Eigene Bilder [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Druckumgebung [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Cookies [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\AppData\Local\Anwendungsdaten [2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Anwendungsdaten [2012.12.18 12:09:15 | 000,000,000 | -H-D | C] -- C:\Users\Subking\AppData [2012.12.18 12:09:15 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Temp [2012.12.18 12:09:15 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Microsoft [2012.12.18 12:09:15 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Media Center Programs [2012.12.18 12:06:17 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Programme [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop [2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.12.18 12:06:13 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.12.18 12:01:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.12.18 12:01:31 | 000,000,000 | ---D | C] -- C:\Windows\CSC [2012.12.02 08:59:56 | 000,070,144 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_9.01.8.dll [2012.12.02 08:37:36 | 000,548,864 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2012.12.02 08:36:50 | 000,240,640 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2012.12.02 08:35:26 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2012.12.02 08:35:10 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2012.12.02 03:17:02 | 000,054,784 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.12.02 03:16:58 | 000,050,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll ========== Files - Modified Within 30 Days ========== [2012.12.21 18:49:46 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.21 18:49:46 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.21 18:18:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462201253-762489413-3296892312-1000UA.job [2012.12.21 18:10:10 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.12.21 18:07:08 | 000,000,000 | ---- | M] () -- C:\Users\Subking\defogger_reenable [2012.12.21 18:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.21 16:42:03 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.21 16:18:04 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462201253-762489413-3296892312-1000Core.job [2012.12.21 11:18:31 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.21 11:18:31 | 000,698,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.21 11:18:31 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.21 11:18:31 | 000,148,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.21 11:18:31 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.21 11:05:30 | 000,207,048 | ---- | M] () -- C:\Users\Subking\Desktop\anim.gif [2012.12.21 10:48:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.21 10:47:55 | 4261,642,238 | -HS- | M] () -- C:\hiberfil.sys [2012.12.21 01:47:11 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.12.21 01:47:11 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.21 01:47:02 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.12.20 23:25:47 | 000,276,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.20 23:05:43 | 000,035,328 | ---- | M] (PenMount Touch Solutions) -- C:\Windows\SysNative\drivers\pmserenum.sys [2012.12.20 20:20:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.12.20 20:20:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.12.20 19:51:56 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.12.19 18:39:32 | 000,000,636 | ---- | M] () -- C:\Users\Subking\Desktop\VueScan.lnk [2012.12.19 18:09:01 | 000,001,381 | ---- | M] () -- C:\Users\Subking\Desktop\Dokument.rtf [2012.12.19 17:54:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.19 14:23:54 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2012.12.19 09:50:54 | 000,001,207 | ---- | M] () -- C:\Users\Subking\Desktop\Driver Genius Professional Edition.lnk [2012.12.19 09:37:01 | 000,002,391 | ---- | M] () -- C:\Users\Public\Desktop\Cars Augmented Reality.lnk [2012.12.19 00:09:26 | 790,553,767 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.12.18 22:12:35 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk [2012.12.18 22:11:42 | 000,000,308 | ---- | M] () -- C:\Windows\setup.iss [2012.12.18 15:28:41 | 001,558,224 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.18 14:58:07 | 000,000,003 | ---- | M] () -- C:\Users\Subking\AppData\Local\user_data.ini [2012.12.18 14:04:07 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2012.12.18 13:51:55 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.18 13:51:55 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.12.18 13:51:54 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.18 13:24:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.12.18 12:04:38 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.12.18 12:04:38 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.12.08 14:01:16 | 002,343,968 | ---- | M] (3Planesoft) -- C:\Windows\SysWow64\White_Christmas_3D_Screensaver.scr [2012.12.02 09:03:22 | 000,320,136 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb [2012.12.02 09:03:22 | 000,320,136 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb [2012.12.02 08:59:56 | 000,070,144 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst_9.01.8.dll [2012.12.02 08:38:16 | 003,053,056 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap [2012.12.02 08:37:36 | 000,548,864 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2012.12.02 08:36:50 | 000,240,640 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2012.12.02 08:35:26 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2012.12.02 08:35:10 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2012.12.02 08:27:50 | 003,084,672 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap [2012.12.02 03:26:50 | 000,222,720 | ---- | M] () -- C:\Windows\SysNative\clinfo.exe [2012.12.02 03:17:02 | 000,054,784 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.12.02 03:16:58 | 000,050,176 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.11.29 16:06:14 | 000,034,656 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2012.11.29 16:06:08 | 000,025,952 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2012.11.29 16:06:08 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll ========== Files Created - No Company Name ========== [2012.12.21 18:07:08 | 000,000,000 | ---- | C] () -- C:\Users\Subking\defogger_reenable [2012.12.21 16:42:03 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.21 11:05:29 | 000,207,048 | ---- | C] () -- C:\Users\Subking\Desktop\anim.gif [2012.12.20 20:20:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.12.20 20:20:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.12.20 15:10:49 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe [2012.12.20 15:10:40 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2012.12.20 15:10:01 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2012.12.20 15:09:58 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2012.12.20 15:09:58 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2012.12.20 15:09:51 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc [2012.12.20 15:09:51 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2012.12.19 18:09:01 | 000,001,381 | ---- | C] () -- C:\Users\Subking\Desktop\Dokument.rtf [2012.12.19 17:50:30 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.12.19 14:23:54 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2012.12.19 14:23:16 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.19 14:23:16 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.12.19 14:23:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.19 11:36:56 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.12.19 10:31:44 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe [2012.12.19 10:31:44 | 000,049,152 | ---- | C] () -- C:\Windows\amcap.exe [2012.12.19 09:50:54 | 000,001,207 | ---- | C] () -- C:\Users\Subking\Desktop\Driver Genius Professional Edition.lnk [2012.12.19 09:37:01 | 000,002,391 | ---- | C] () -- C:\Users\Public\Desktop\Cars Augmented Reality.lnk [2012.12.19 01:04:45 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.12.19 00:50:50 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.18 22:32:31 | 000,000,648 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VueScan.lnk [2012.12.18 22:32:31 | 000,000,636 | ---- | C] () -- C:\Users\Subking\Desktop\VueScan.lnk [2012.12.18 22:12:35 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk [2012.12.18 22:11:32 | 000,000,308 | ---- | C] () -- C:\Windows\setup.iss [2012.12.18 21:38:45 | 000,002,082 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.12.18 21:38:45 | 000,002,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012.12.18 21:38:45 | 000,002,033 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012.12.18 16:08:03 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462201253-762489413-3296892312-1000UA.job [2012.12.18 16:08:02 | 000,001,076 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462201253-762489413-3296892312-1000Core.job [2012.12.18 15:28:41 | 001,558,224 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.18 14:58:07 | 000,000,003 | ---- | C] () -- C:\Users\Subking\AppData\Local\user_data.ini [2012.12.18 14:53:26 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.12.18 14:37:03 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.18 14:04:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.12.18 13:57:05 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat [2012.12.18 13:57:04 | 000,378,949 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2012.12.18 13:24:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.12.18 12:58:21 | 790,553,767 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.12.18 12:18:55 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.12.18 12:18:55 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.12.18 12:18:54 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2012.12.18 12:09:46 | 000,001,405 | ---- | C] () -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.12.18 12:09:41 | 000,001,439 | ---- | C] () -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.12.18 12:01:08 | 4261,642,238 | -HS- | C] () -- C:\hiberfil.sys [2012.12.02 09:03:22 | 000,320,136 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb [2012.12.02 09:03:22 | 000,320,136 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb [2012.12.02 08:38:16 | 003,053,056 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap [2012.12.02 08:27:50 | 003,084,672 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap [2012.12.02 03:26:50 | 000,222,720 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe [2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.19 23:05:22 | 000,000,000 | ---D | M] -- C:\Users\Subking\AppData\Roaming\Ashampoo [2012.12.19 00:28:17 | 000,000,000 | ---D | M] -- C:\Users\Subking\AppData\Roaming\EPSON [2012.12.18 14:00:04 | 000,000,000 | ---D | M] -- C:\Users\Subking\AppData\Roaming\Leadertech [2012.12.20 00:47:13 | 000,000,000 | ---D | M] -- C:\Users\Subking\AppData\Roaming\Origin [2012.12.18 12:18:49 | 000,000,000 | ---D | M] -- C:\Users\Subking\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.12.20 00:41:56 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.12.18 12:06:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.19 09:58:48 | 000,000,000 | R--D | M] -- C:\Program Files [2012.12.21 17:02:30 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.12.21 17:02:29 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.12.18 12:06:16 | 000,000,000 | -HSD | M] -- C:\Programme [2012.12.18 12:06:17 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.12.21 18:45:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.12.18 12:09:14 | 000,000,000 | R--D | M] -- C:\Users [2012.12.19 19:29:15 | 000,000,000 | ---D | M] -- C:\VueScan [2012.12.20 21:36:55 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,008,694 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.12.18 14:37:03 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.12.18 16:08:02 | 000,001,076 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3462201253-762489413-3296892312-1000Core.job [2012.12.18 16:08:03 | 000,001,128 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3462201253-762489413-3296892312-1000UA.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.12.21 18:07:08 | 000,000,000 | ---- | M] () -- C:\Users\Subking\defogger_reenable [2012.12.21 18:56:19 | 001,572,864 | -HS- | M] () -- C:\Users\Subking\NTUSER.DAT [2012.12.21 18:56:19 | 000,262,144 | -HS- | M] () -- C:\Users\Subking\ntuser.dat.LOG1 [2012.12.18 12:09:15 | 000,000,000 | -HS- | M] () -- C:\Users\Subking\ntuser.dat.LOG2 [2012.12.18 12:27:58 | 000,065,536 | -HS- | M] () -- C:\Users\Subking\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.12.18 12:27:58 | 000,524,288 | -HS- | M] () -- C:\Users\Subking\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.12.18 12:27:58 | 000,524,288 | -HS- | M] () -- C:\Users\Subking\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.12.18 12:09:15 | 000,000,020 | -HS- | M] () -- C:\Users\Subking\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > OTL Extras logfile created on: 21.12.2012 18:49:36 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Subking\Desktop\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,96 Gb Total Physical Memory | 12,95 Gb Available Physical Memory | 81,17% Memory free 31,92 Gb Paging File | 28,84 Gb Available in Paging File | 90,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 378,70 Gb Free Space | 81,32% Space Free | Partition Type: NTFS Computer Name: SUBKING-PC | User Name: Subking | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{28A21D4E-ACBD-4362-924C-F678D980504E}" = lport=138 | protocol=17 | dir=in | app=system | "{28D3511D-1B98-4310-92EB-821A0252A3C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{436A081B-4797-4F38-AA71-27A83655F058}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{479AFD82-075B-45CC-80A5-C26D31397F71}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{54386493-02BD-4FA9-B0CF-3F473D06F16B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{61519C62-0604-4F9C-A615-4FE8E0D4CAF5}" = lport=139 | protocol=6 | dir=in | app=system | "{672641E3-03C3-441F-9536-B3C8AFD3369C}" = lport=445 | protocol=6 | dir=in | app=system | "{6AD158B2-7420-4D55-8218-F285F11A6420}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{75BD5D0C-1224-4FF5-A69D-4171335B85A8}" = lport=10243 | protocol=6 | dir=in | app=system | "{8175270D-2B32-4916-9D5F-85C246FB3BD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{92C790FA-77EB-4E5D-A658-C00F7F8F6F31}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A0CD54ED-EFBB-4BBF-8E66-55C9203CEB40}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{AE120379-8A11-4675-84CA-91C29E885683}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B69E71A7-D658-4E97-A999-B4183771FCC5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B7DC768C-6242-4819-B5DB-04087FA8BE23}" = rport=445 | protocol=6 | dir=out | app=system | "{BB38DBA8-B00E-4027-B8D7-1D7EA5D7B7DF}" = rport=138 | protocol=17 | dir=out | app=system | "{BDA1A26D-4FA7-4DB6-AF32-E06BC5E338FB}" = rport=139 | protocol=6 | dir=out | app=system | "{BE5E9DA4-0C2D-47E9-954C-92A09B133D9E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CB8D552B-71CF-4BBB-BBC6-CEE4ECDA9413}" = lport=2869 | protocol=6 | dir=in | app=system | "{D6DEF478-AD2B-4B56-B41E-3ADF887A546C}" = rport=137 | protocol=17 | dir=out | app=system | "{DAB8468F-5FA8-4008-81B6-4F864E9B5C02}" = lport=137 | protocol=17 | dir=in | app=system | "{DBC66C37-E0A0-4038-BC0D-8A22317DAB4F}" = rport=10243 | protocol=6 | dir=out | app=system | "{E7E3BB6D-AB0E-4B73-9625-C72EE71DF8EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{103CD463-3EBD-4DD8-B921-CE87EDA3A545}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{17DFE101-BA4E-48DA-AB1E-6541C19F5439}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1CE324C0-520D-4A93-92F2-9F803D74DB35}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{26A0AAA2-099D-4F73-8FD8-D82E106333BA}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{2889CAB3-ABF2-4DB7-A007-F4F3160AB3D0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{36FAEC84-DB68-40C0-BAFB-1A6772F87C50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4A8F1BD4-BD1E-4105-BAD0-DED090919465}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{57DFF7F3-6E67-42AB-B91A-ABCEFD7A7C25}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{58FA284E-C34F-4DD4-8499-3665D23F2ABF}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | "{5A7F3E2C-7C18-4040-A22A-280A091408C3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5AF9A282-EF3B-4A17-BF3E-9B9377D8FAC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6B0436B1-0AC2-4DDB-BA0F-CEA2685CDBED}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6C76DEDB-9DE4-4E28-8294-3FACD70A719A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{6EF4EAF9-E074-4A77-B251-44692EEE98A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8873FBD4-3988-4928-9477-C83DC4372C11}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8C77A4E4-46C3-4E0F-A0E7-CDA091E3F8BB}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{9A58D375-AC36-44BA-9D58-D608C42F20D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A59429B7-A5F2-4912-91A9-A05E2D58C69B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{B869AE45-4ABA-4000-99A3-1CF50CFD9108}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BA1076B0-CFB6-4A92-8169-0F6E3A0E6080}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C1F656A9-AFBF-48E4-B579-C2FEF23921F9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{C3F76D1F-9FDA-4E7B-94F7-739910A05E3C}" = protocol=6 | dir=out | app=system | "{D883A65E-8C3F-41E6-8B14-FE278C7D421C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E243D72D-8B0E-4394-84F4-97F643458AC6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E8B943C8-DA23-40D7-9FA2-30AF7AFD4A7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F124448B-83E5-4AA4-B17A-EF568370E21D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{F3EC10FD-6BC9-4639-97CF-FD86DDADE68A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FAE12100-A9A1-447F-A6D8-0AE4E3C87EEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{9F996473-E669-46D2-8BE1-6FF705FC3CCB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{00FFC8E1-CC1D-4010-8969-630F00627E29}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding "{065B40C5-5F4C-9CF1-7A21-2B2EAA74E44D}" = AMD Fuel "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5BA8D4F0-C15F-57FE-2B6C-C4AF214833CE}" = AMD Accelerated Video Transcoding "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{9064F37C-66B4-BAF2-E8A7-EDE5E72BB16D}" = AMD Media Foundation Decoders "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 "{BECAA3A9-CC5A-615C-5FF5-F5261E153CF0}" = ccc-utility64 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F436A08B-63BB-72A2-17C0-6D8E5182CA49}" = AMD Catalyst Install Manager "EPSON Printer and Utilities" = EPSON-Drucker-Software "Logitech Gaming Software" = Logitech Gaming Software 8.40 "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "VueScan" = VueScan "WinRAR archiver" = WinRAR 4.20 (64-Bit) "XFast LAN" = XFast LAN v6.61 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{12E777A1-74B6-AD5A-D2CD-C792464E425B}" = CCC Help Turkish "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10 "{2B8D8529-DA80-74D8-4898-DAA028746E08}" = CCC Help Korean "{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2 "{34E7E124-7AA8-1274-1BA2-90CBD7F6B708}" = CCC Help Thai "{3C912BF1-73FE-B493-C7D6-04EBF14F57A2}" = CCC Help Portuguese "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{549FACD7-A5F5-6EA8-7A19-8F7E8CE282A7}" = Catalyst Control Center Localization All "{5753C527-E2AA-2B8B-AFD1-D4325A0A44B4}" = CCC Help Chinese Standard "{613C67FF-E71D-124A-6380-E0E77F9438F7}" = CCC Help Polish "{632B73D1-C23A-0BD4-FBE2-175B680876A9}" = CCC Help Norwegian "{659F48FB-0A8A-49A1-3FD2-C6F069C10893}" = Catalyst Control Center Graphics Previews Common "{70CEC2B6-BE72-E9B1-D6B8-C1A3CA170D1F}" = Catalyst Control Center InstallProxy "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74A3C7EE-10A4-EA61-AC31-335E0500DE48}" = CCC Help English "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{77F94BE8-A504-352B-E873-FC78E5FA9CD7}" = CCC Help Japanese "{79AAA7A5-6917-2C53-7FCB-C00B54602149}" = CCC Help Chinese Traditional "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{91B33C97-93EB-244C-F687-71D85E45A206}_is1" = Ashampoo Burning Studio 12 v.12.0.3 "{926E4789-8065-6F3B-9D9A-5E6AABA000BC}" = CCC Help Czech "{92F39985-0DA5-4CC4-869F-2A3048C182E6}" = System Requirements Lab "{9700C74F-1D07-FD53-6430-A858B34E30B7}" = CCC Help Russian "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A0E64741-5C93-FCCD-6A90-248D3C92CAFA}" = CCC Help Greek "{A8D4FFA9-94CA-B0E4-7ED0-A7FD4DEDB106}" = CCC Help Hungarian "{A9D5BCE3-6D8B-95B0-925F-F39BFAAB4177}" = CCC Help French "{ABA15F5D-057C-2677-3C90-04838682F66B}" = CCC Help Dutch "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch "{ACC88BAA-D748-E9D9-3F72-B359EFD11912}" = CCC Help Swedish "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013 "{D33CE733-2DE9-D582-9D35-323F9F79A1EB}" = CCC Help Italian "{D67A9023-307F-B5A0-8621-5258D3FA9813}" = CCC Help German "{D7D6CCD3-D9BD-EA92-288E-EFCBDE939FF5}" = AMD VISION Engine Control Center "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{EF666029-2EDF-C792-D438-34940ED13A46}" = CCC Help Finnish "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F38EF546-DCE4-E290-AB73-4C57A3AC70A0}" = CCC Help Danish "{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE) "{FE6A55DF-D79E-7469-37CC-3E7F08098FCA}" = CCC Help Spanish "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v10.0.15 "Avira AntiVir Desktop" = Avira Antivirus Premium "Battlelog Web Plugins" = Battlelog Web Plugins "Cars Augmented Reality" = Cars Augmented Reality "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "ESN Sonar-0.70.4" = ESN Sonar "InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "jdownloader09" = JDownloader 0.9 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "Sapphire TRIXX" = Sapphire TRIXX "TuneUp Utilities 2013" = TuneUp Utilities 2013 "Veetle TV" = Veetle TV "White Christmas 3D Screensaver and Animated Wallpaper_is1" = White Christmas 3D Screensaver and Animated Wallpaper 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 18.12.2012 14:23:10 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.12.2012 14:23:11 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.12.2012 14:23:11 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.12.2012 14:23:12 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.12.2012 14:23:12 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.12.2012 15:13:41 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.12.2012 15:13:42 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.12.2012 17:11:31 | Computer Name = Subking-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version: 16.0.0.400, Zeitstempel: 0x4ab84bb7 Name des fehlerhaften Moduls: ISSetup.dll, Version: 16.0.0.400, Zeitstempel: 0x4ab84b70 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a7a6f ID des fehlerhaften Prozesses: 0x14b4 Startzeit der fehlerhaften Anwendung: 0x01cddd642453e209 Pfad der fehlerhaften Anwendung: C:\Users\Subking\AppData\Local\Temp\WZSE0.TMP\setup.exe Pfad des fehlerhaften Moduls: C:\Users\Subking\AppData\Local\Temp\WZSE0.TMP\ISSetup.dll Berichtskennung: 7e6154a7-4957-11e2-b852-bc5ff4220308 Error - 19.12.2012 13:00:59 | Computer Name = Subking-PC | Source = Application Hang | ID = 1002 Description = Programm bf3.exe, Version 1.5.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d54 Startzeit: 01cdde08eaf998c6 Endzeit: 658 Anwendungspfad: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Berichts-ID: Error - 19.12.2012 13:05:24 | Computer Name = Subking-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel: 0x508b5457 Name des fehlerhaften Moduls: bf3.exe, Version: 1.5.0.0, Zeitstempel: 0x508b5457 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00a908b7 ID des fehlerhaften Prozesses: 0x12c0 Startzeit der fehlerhaften Anwendung: 0x01cdde0ab37728af Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Berichtskennung: 46ff2b4d-49fe-11e2-8a20-bc5ff4220308 [ System Events ] Error - 19.12.2012 04:29:24 | Computer Name = Subking-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet: %%109 Error - 19.12.2012 04:29:24 | Computer Name = Subking-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: %%109 Error - 19.12.2012 04:31:46 | Computer Name = Subking-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: %%16405 Error - 19.12.2012 10:19:48 | Computer Name = Subking-PC | Source = volsnap | ID = 393252 Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error - 19.12.2012 15:22:19 | Computer Name = Subking-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 19.12.2012 20:07:52 | Computer Name = Subking-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme (KB2454826) Error - 19.12.2012 20:08:10 | Computer Name = Subking-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Windows Internet Explorer 9 für Windows 7 für x64-basierte Systeme Error - 19.12.2012 20:08:11 | Computer Name = Subking-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme (KB2484033) Error - 20.12.2012 16:35:04 | Computer Name = Subking-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147467243 Error - 20.12.2012 16:45:12 | Computer Name = Subking-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme (KB2454826) < End of report > |
21.12.2012, 19:33 | #2 |
/// Malware-holic | ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht Wieso noch ein Thema?
__________________
__________________ |
21.12.2012, 20:01 | #3 |
| ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht hi weil ich die texte von otl falsch rein gesetzt habe und ich konnte es nicht mehr ändern oder editen. weil die 60min um waren deswegen.
__________________ |
21.12.2012, 20:07 | #4 |
/// Malware-holic | ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht Passt schon, der hier wird zugemacht, im andern gehts gleich weiter.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
21.12.2012, 21:01 | #5 |
/// TB-Ausbilder | ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht Hier geht es weiter: ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) |
Themen zu ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht |
adblock, adobe, antivir, autorun, avg, avira, bho, desktop, driver genius, echtzeit-scanner, error, fehler, firefox, flash player, format, helper, homepage, install.exe, installation, jdownloader, launch, logfile, mozilla, object, plug-in, realtek, registry, required, rundll, svchost.exe, trojaner, udp, virus, windows internet |