Zurück   Trojaner-Board > Archiv - Kein Posten möglich > Mülltonne

Mülltonne: ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht

Windows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne...

 
Alt 21.12.2012, 19:30   #1
subking
 
ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht - Standard

ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht



ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.)
malwarebytes durchlaufen lassen findet nichts.vorher habe ich den,mcafee labs stinger laufen lassen und er hat dieses gefunden. ist das nun ein virus .danke für die hilfe.
Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.21.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Subking :: SUBKING-PC [limitiert]

Schutz: Aktiviert

21.12.2012 16:46:26
mbam-log-2012-12-21 (16-46-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202374
Laufzeit: 2 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
McAfee(r) Labs Stinger(tm) Version 10.2.0.927 built on Dec 21 2012
Copyright (c) 2012 McAfee, Inc. All Rights Reserved.
Virus data file v1000.0000 created on Dec 21 2012.
Ready to scan for 6068 viruses, trojans and variants.

Scan initiated on Fri Dec 21 15:58:10 2012
Rootkit scan result : Not Scanned


Master Boot Record(s):....1
Possibly Infected:.............0
Boot Sector(s):.................1
Possibly Infected: ............0

c:/\Users\Subking\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZE6ZWQIN\are-at-recognition_welcoming[1].htm
Found the JS/Exploit-Blacole.ht trojan !!!
c:/\Users\Subking\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZE6ZWQIN\are-at-recognition_welcoming[1].htm is infected with the JS/Exploit-Blacole.ht virus !!!
Number of clean files: 500094
Number of infected files: 1

OTL logfile created on: 21.12.2012 18:49:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Subking\Desktop\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

15,96 Gb Total Physical Memory | 12,95 Gb Available Physical Memory | 81,17% Memory free
31,92 Gb Paging File | 28,84 Gb Available in Paging File | 90,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 378,70 Gb Free Space | 81,32% Space Free | Partition Type: NTFS

Computer Name: SUBKING-PC | User Name: Subking | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.21 18:11:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Subking\Desktop\Downloads\OTL.exe
PRC - [2012.12.19 17:54:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.18 14:57:22 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.18 14:57:06 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.12.18 14:57:03 | 000,400,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.12.18 14:57:03 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.18 14:57:03 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.29 09:26:08 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.10.24 00:49:12 | 010,500,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\NDP45-KB2737083-x64.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.09.11 05:07:26 | 000,088,024 | ---- | M] (Microsoft Corporation) -- c:\04777b0b96cec420c32e5ba8ae\Setup.exe
PRC - [2012.07.09 00:40:10 | 000,137,120 | ---- | M] (Microsoft Corporation) -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
PRC - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2007.03.27 17:24:08 | 000,049,152 | ---- | M] (Vimicro) -- C:\Windows\VM301Snap.exe
PRC - [2006.07.04 14:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe


========== Modules (No Company Name) ==========

MOD - [2012.11.29 09:26:21 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2006.07.04 14:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012.12.02 08:36:50 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.12.02 03:14:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.19 17:54:59 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.12.18 21:49:43 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 14:57:22 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.18 14:57:06 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.12.18 14:57:03 | 000,400,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.12.18 14:57:03 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.29 16:06:12 | 002,401,632 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011.10.19 16:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Programme\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.01.11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.12.20 23:05:43 | 000,035,328 | ---- | M] (PenMount Touch Solutions) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pmserenum.sys -- (pmserenum)
DRV:64bit: - [2012.12.18 13:51:55 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.18 13:51:55 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.12.18 13:51:54 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.12.02 09:29:48 | 011,270,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.02 08:13:20 | 000,546,816 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.10.25 17:20:28 | 000,769,168 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.10.02 23:26:46 | 000,066,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.28 13:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012.08.07 15:09:00 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012.08.07 15:09:00 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012.06.05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.04 15:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.22 14:21:54 | 000,404,584 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.11.18 14:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009.06.10 21:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009.06.10 21:35:46 | 000,427,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.04.04 20:28:40 | 001,495,936 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2012.11.16 16:38:44 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F 1C 3B 42 FE DE CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Subking\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Subking\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.18 14:53:24 | 000,000,000 | ---D | M]

[2012.12.18 14:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Subking\AppData\Roaming\mozilla\Extensions
[2012.12.18 19:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Subking\AppData\Roaming\mozilla\Firefox\Profiles\dqfidusz.default\extensions
[2012.12.18 19:26:09 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Subking\AppData\Roaming\mozilla\firefox\profiles\dqfidusz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.18 14:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Subking\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Subking\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Subking\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Subking\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Google Drive = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: KIDO'Z TV = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokdeafnhahffanabnbjjjjmoechjklc\2.2_0\
CHR - Extension: Into The Mist = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh\1_0\
CHR - Extension: Google Mail = C:\Users\Subking\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [XFast LAN] C:\Programme\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BigDogPath] C:\Windows\VM301Snap.exe (Vimicro)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EPSON Stylus DX6000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBIE.EXE /FU "C:\Windows\TEMP\E_SF0D7.tmp" /EF "HKCU" File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E7D61F3-8921-4412-9BF3-E3B619468070}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:64bit: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.12.21 18:50:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.21 18:50:27 | 000,000,000 | ---D | C] -- C:\aa9fcd72967658aa4a4e05
[2012.12.21 16:42:17 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Malwarebytes
[2012.12.21 16:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.21 16:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.21 16:42:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.21 16:42:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.21 15:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft
[2012.12.21 15:58:55 | 002,343,968 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\White_Christmas_3D_Screensaver.scr
[2012.12.21 15:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\White Christmas 3D Screensaver
[2012.12.21 15:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012.12.20 23:05:43 | 000,035,328 | ---- | C] (PenMount Touch Solutions) -- C:\Windows\SysNative\drivers\pmserenum.sys
[2012.12.20 20:00:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.12.20 20:00:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.12.20 19:57:58 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sapphire TRIXX
[2012.12.20 19:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sapphire TRIXX
[2012.12.20 15:10:13 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012.12.20 15:10:06 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012.12.20 01:08:13 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012.12.20 00:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.12.20 00:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.12.20 00:43:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.12.20 00:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.12.20 00:33:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2012.12.20 00:33:19 | 000,000,000 | ---D | C] -- C:\Users\Subking\SystemRequirementsLab
[2012.12.19 23:04:04 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012.12.19 23:03:03 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Programs
[2012.12.19 22:19:05 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Ashampoo
[2012.12.19 22:17:47 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\ashampoo
[2012.12.19 22:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2012.12.19 22:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012.12.19 22:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2012.12.19 17:50:27 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\PunkBuster
[2012.12.19 17:42:57 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\ESN
[2012.12.19 17:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2012.12.19 17:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.12.19 17:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012.12.19 17:42:15 | 000,000,000 | ---D | C] -- C:\Users\Subking\Documents\Battlefield 3
[2012.12.19 14:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012.12.19 14:23:53 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012.12.19 12:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle
[2012.12.19 11:48:17 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Adobe
[2012.12.19 11:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.12.19 11:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.12.19 11:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.12.19 10:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012.12.19 10:57:54 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Origin
[2012.12.19 10:57:49 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Origin
[2012.12.19 10:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.12.19 10:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012.12.19 10:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.12.19 10:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012.12.19 10:31:44 | 001,495,936 | ---- | C] (Vimicro Corporation) -- C:\Windows\SysNative\drivers\usbVM31b.sys
[2012.12.19 10:31:44 | 000,225,357 | ---- | C] (Vimicro) -- C:\Windows\SysWow64\VM31bPrp.Ax
[2012.12.19 10:31:44 | 000,094,208 | ---- | C] (www.zsmc.com.cn) -- C:\Windows\VMCap.exe
[2012.12.19 10:31:44 | 000,061,440 | ---- | C] (VM) -- C:\Windows\SysNative\VM31bSTI.dll
[2012.12.19 10:31:44 | 000,049,152 | ---- | C] (Vimicro) -- C:\Windows\VM301Snap.exe
[2012.12.19 10:28:19 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\ElevatedDiagnostics
[2012.12.19 09:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012.12.19 09:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2012.12.19 09:51:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DriverGenius
[2012.12.19 09:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2012.12.19 09:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
[2012.12.19 09:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2012.12.19 09:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carlton Books
[2012.12.19 09:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Carlton Books
[2012.12.19 00:28:16 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\EPSON
[2012.12.18 22:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2012.12.18 22:32:28 | 000,000,000 | ---D | C] -- C:\VueScan
[2012.12.18 22:27:50 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Macromedia
[2012.12.18 22:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2012.12.18 22:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012.12.18 22:11:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2012.12.18 22:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012.12.18 22:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012.12.18 21:43:54 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.12.18 21:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.12.18 21:42:22 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\WinRAR
[2012.12.18 21:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.12.18 21:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.12.18 21:38:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.12.18 21:38:12 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\JDownloader 0.9
[2012.12.18 21:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.12.18 16:08:31 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.12.18 16:08:01 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Google
[2012.12.18 15:31:31 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\AMD
[2012.12.18 15:31:18 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\ATI
[2012.12.18 15:31:18 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\ATI
[2012.12.18 15:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.12.18 15:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.12.18 14:58:07 | 001,632,128 | ---- | C] (cFos Software GmbH) -- C:\Windows\SysNative\drivers\cfosspeed6.sys
[2012.12.18 14:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast LAN
[2012.12.18 14:58:07 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\cFos
[2012.12.18 14:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock
[2012.12.18 14:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\cFos
[2012.12.18 14:53:29 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Mozilla
[2012.12.18 14:53:29 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Mozilla
[2012.12.18 14:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.12.18 14:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.12.18 14:53:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.18 14:37:08 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Macromedia
[2012.12.18 14:37:08 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Adobe
[2012.12.18 14:37:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.12.18 14:36:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.12.18 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Logitech
[2012.12.18 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Leadertech
[2012.12.18 13:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012.12.18 13:58:20 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Logitech
[2012.12.18 13:58:20 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Logishrd
[2012.12.18 13:57:54 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll
[2012.12.18 13:57:54 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll
[2012.12.18 13:57:54 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll
[2012.12.18 13:57:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll
[2012.12.18 13:57:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll
[2012.12.18 13:57:54 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll
[2012.12.18 13:57:54 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll
[2012.12.18 13:57:54 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll
[2012.12.18 13:57:54 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll
[2012.12.18 13:57:54 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll
[2012.12.18 13:57:54 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll
[2012.12.18 13:57:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.12.18 13:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.12.18 13:57:05 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2012.12.18 13:57:05 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.12.18 13:57:05 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.12.18 13:57:05 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.12.18 13:57:05 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.12.18 13:57:04 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2012.12.18 13:57:04 | 000,869,752 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2012.12.18 13:57:04 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.12.18 13:57:04 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.12.18 13:57:04 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.12.18 13:57:04 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.12.18 13:57:04 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.12.18 13:57:04 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.12.18 13:57:04 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.12.18 13:57:03 | 002,714,720 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.12.18 13:57:03 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2012.12.18 13:56:33 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.12.18 13:56:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.12.18 13:55:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.12.18 13:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012.12.18 13:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012.12.18 13:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.12.18 13:53:42 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Avira
[2012.12.18 13:53:24 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.18 13:53:24 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.18 13:53:24 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.12.18 13:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.12.18 13:53:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.12.18 13:51:47 | 000,088,832 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronXHCI.sys
[2012.12.18 13:51:47 | 000,065,152 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronHub3.sys
[2012.12.18 13:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Etron Technology
[2012.12.18 13:45:06 | 000,769,168 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012.12.18 13:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.12.18 13:28:08 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.12.18 12:58:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.12.18 12:32:46 | 000,000,000 | ---D | C] -- C:\Users\Subking\Documents\DriverGenius
[2012.12.18 12:31:10 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Diagnostics
[2012.12.18 12:22:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.12.18 12:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.12.18 12:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.12.18 12:18:57 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.12.18 12:18:57 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.12.18 12:18:57 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.12.18 12:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2012.12.18 12:18:49 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\TuneUp Software
[2012.12.18 12:18:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2012.12.18 12:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.12.18 12:18:30 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.12.18 12:18:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.12.18 12:18:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.12.18 12:09:39 | 000,000,000 | R--D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.12.18 12:09:39 | 000,000,000 | R--D | C] -- C:\Users\Subking\Searches
[2012.12.18 12:09:39 | 000,000,000 | R--D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.12.18 12:09:31 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Identities
[2012.12.18 12:09:29 | 000,000,000 | R--D | C] -- C:\Users\Subking\Contacts
[2012.12.18 12:09:27 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\VirtualStore
[2012.12.18 12:09:15 | 000,000,000 | --SD | C] -- C:\Users\Subking\AppData\Roaming\Microsoft
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Videos
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Saved Games
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Pictures
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Music
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Links
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Favorites
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Desktop\Downloads
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Documents
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\Desktop
[2012.12.18 12:09:15 | 000,000,000 | R--D | C] -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Vorlagen
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\AppData\Local\Verlauf
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\AppData\Local\Temporary Internet Files
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Startmenü
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\SendTo
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Recent
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Netzwerkumgebung
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Lokale Einstellungen
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Documents\Eigene Videos
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Documents\Eigene Musik
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Eigene Dateien
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Documents\Eigene Bilder
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Druckumgebung
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Cookies
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\AppData\Local\Anwendungsdaten
[2012.12.18 12:09:15 | 000,000,000 | -HSD | C] -- C:\Users\Subking\Anwendungsdaten
[2012.12.18 12:09:15 | 000,000,000 | -H-D | C] -- C:\Users\Subking\AppData
[2012.12.18 12:09:15 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Temp
[2012.12.18 12:09:15 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Local\Microsoft
[2012.12.18 12:09:15 | 000,000,000 | ---D | C] -- C:\Users\Subking\AppData\Roaming\Media Center Programs
[2012.12.18 12:06:17 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2012.12.18 12:06:16 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.12.18 12:06:13 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.12.18 12:01:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.12.18 12:01:31 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2012.12.02 08:59:56 | 000,070,144 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_9.01.8.dll
[2012.12.02 08:37:36 | 000,548,864 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012.12.02 08:36:50 | 000,240,640 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012.12.02 08:35:26 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012.12.02 08:35:10 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012.12.02 03:17:02 | 000,054,784 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.12.02 03:16:58 | 000,050,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll

========== Files - Modified Within 30 Days ==========

[2012.12.21 18:49:46 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.21 18:49:46 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.21 18:18:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462201253-762489413-3296892312-1000UA.job
[2012.12.21 18:10:10 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.12.21 18:07:08 | 000,000,000 | ---- | M] () -- C:\Users\Subking\defogger_reenable
[2012.12.21 18:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.21 16:42:03 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.21 16:18:04 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462201253-762489413-3296892312-1000Core.job
[2012.12.21 11:18:31 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.21 11:18:31 | 000,698,688 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.21 11:18:31 | 000,653,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.21 11:18:31 | 000,148,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.21 11:18:31 | 000,121,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.21 11:05:30 | 000,207,048 | ---- | M] () -- C:\Users\Subking\Desktop\anim.gif
[2012.12.21 10:48:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.21 10:47:55 | 4261,642,238 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.21 01:47:11 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.12.21 01:47:11 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.21 01:47:02 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.12.20 23:25:47 | 000,276,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.20 23:05:43 | 000,035,328 | ---- | M] (PenMount Touch Solutions) -- C:\Windows\SysNative\drivers\pmserenum.sys
[2012.12.20 20:20:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.12.20 20:20:24 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.12.20 19:51:56 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.12.19 18:39:32 | 000,000,636 | ---- | M] () -- C:\Users\Subking\Desktop\VueScan.lnk
[2012.12.19 18:09:01 | 000,001,381 | ---- | M] () -- C:\Users\Subking\Desktop\Dokument.rtf
[2012.12.19 17:54:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.19 14:23:54 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.12.19 09:50:54 | 000,001,207 | ---- | M] () -- C:\Users\Subking\Desktop\Driver Genius Professional Edition.lnk
[2012.12.19 09:37:01 | 000,002,391 | ---- | M] () -- C:\Users\Public\Desktop\Cars Augmented Reality.lnk
[2012.12.19 00:09:26 | 790,553,767 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.12.18 22:12:35 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2012.12.18 22:11:42 | 000,000,308 | ---- | M] () -- C:\Windows\setup.iss
[2012.12.18 15:28:41 | 001,558,224 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.18 14:58:07 | 000,000,003 | ---- | M] () -- C:\Users\Subking\AppData\Local\user_data.ini
[2012.12.18 14:04:07 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.12.18 13:51:55 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.12.18 13:51:55 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.12.18 13:51:54 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.12.18 13:24:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.12.18 12:04:38 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.12.18 12:04:38 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.12.08 14:01:16 | 002,343,968 | ---- | M] (3Planesoft) -- C:\Windows\SysWow64\White_Christmas_3D_Screensaver.scr
[2012.12.02 09:03:22 | 000,320,136 | ---- | M] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012.12.02 09:03:22 | 000,320,136 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2012.12.02 08:59:56 | 000,070,144 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst_9.01.8.dll
[2012.12.02 08:38:16 | 003,053,056 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2012.12.02 08:37:36 | 000,548,864 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2012.12.02 08:36:50 | 000,240,640 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2012.12.02 08:35:26 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2012.12.02 08:35:10 | 000,021,504 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2012.12.02 08:27:50 | 003,084,672 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2012.12.02 03:26:50 | 000,222,720 | ---- | M] () -- C:\Windows\SysNative\clinfo.exe
[2012.12.02 03:17:02 | 000,054,784 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.12.02 03:16:58 | 000,050,176 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.11.29 16:06:14 | 000,034,656 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.11.29 16:06:08 | 000,025,952 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.11.29 16:06:08 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll

========== Files Created - No Company Name ==========

[2012.12.21 18:07:08 | 000,000,000 | ---- | C] () -- C:\Users\Subking\defogger_reenable
[2012.12.21 16:42:03 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.21 11:05:29 | 000,207,048 | ---- | C] () -- C:\Users\Subking\Desktop\anim.gif
[2012.12.20 20:20:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.12.20 20:20:24 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.12.20 15:10:49 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2012.12.20 15:10:40 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012.12.20 15:10:01 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012.12.20 15:09:58 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012.12.20 15:09:58 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012.12.20 15:09:51 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2012.12.20 15:09:51 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012.12.19 18:09:01 | 000,001,381 | ---- | C] () -- C:\Users\Subking\Desktop\Dokument.rtf
[2012.12.19 17:50:30 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.12.19 14:23:54 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.12.19 14:23:16 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.19 14:23:16 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.12.19 14:23:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.19 11:36:56 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.12.19 10:31:44 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe
[2012.12.19 10:31:44 | 000,049,152 | ---- | C] () -- C:\Windows\amcap.exe
[2012.12.19 09:50:54 | 000,001,207 | ---- | C] () -- C:\Users\Subking\Desktop\Driver Genius Professional Edition.lnk
[2012.12.19 09:37:01 | 000,002,391 | ---- | C] () -- C:\Users\Public\Desktop\Cars Augmented Reality.lnk
[2012.12.19 01:04:45 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.19 00:50:50 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.18 22:32:31 | 000,000,648 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VueScan.lnk
[2012.12.18 22:32:31 | 000,000,636 | ---- | C] () -- C:\Users\Subking\Desktop\VueScan.lnk
[2012.12.18 22:12:35 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2012.12.18 22:11:32 | 000,000,308 | ---- | C] () -- C:\Windows\setup.iss
[2012.12.18 21:38:45 | 000,002,082 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.12.18 21:38:45 | 000,002,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.12.18 21:38:45 | 000,002,033 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.12.18 16:08:03 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462201253-762489413-3296892312-1000UA.job
[2012.12.18 16:08:02 | 000,001,076 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3462201253-762489413-3296892312-1000Core.job
[2012.12.18 15:28:41 | 001,558,224 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.18 14:58:07 | 000,000,003 | ---- | C] () -- C:\Users\Subking\AppData\Local\user_data.ini
[2012.12.18 14:53:26 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.12.18 14:37:03 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.18 14:04:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.12.18 13:57:05 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2012.12.18 13:57:04 | 000,378,949 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012.12.18 13:24:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.12.18 12:58:21 | 790,553,767 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.12.18 12:18:55 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.12.18 12:18:55 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.12.18 12:18:54 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2012.12.18 12:09:46 | 000,001,405 | ---- | C] () -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.12.18 12:09:41 | 000,001,439 | ---- | C] () -- C:\Users\Subking\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.12.18 12:01:08 | 4261,642,238 | -HS- | C] () -- C:\hiberfil.sys
[2012.12.02 09:03:22 | 000,320,136 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2012.12.02 09:03:22 | 000,320,136 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2012.12.02 08:38:16 | 003,053,056 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2012.12.02 08:27:50 | 003,084,672 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2012.12.02 03:26:50 | 000,222,720 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe
[2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.12.19 23:05:22 | 000,000,000 | ---D | M] -- C:\Users\Subking\AppData\Roaming\Ashampoo
[2012.12.19 00:28:17 | 000,000,000 | ---D | M] -- C:\Users\Subking\AppData\Roaming\EPSON
[2012.12.18 14:00:04 | 000,000,000 | ---D | M] -- C:\Users\Subking\AppData\Roaming\Leadertech
[2012.12.20 00:47:13 | 000,000,000 | ---D | M] -- C:\Users\Subking\AppData\Roaming\Origin
[2012.12.18 12:18:49 | 000,000,000 | ---D | M] -- C:\Users\Subking\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012.12.20 00:41:56 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.12.18 12:06:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.19 09:58:48 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.21 17:02:30 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.12.21 17:02:29 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.12.18 12:06:16 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.12.18 12:06:17 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.12.21 18:45:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.12.18 12:09:14 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.19 19:29:15 | 000,000,000 | ---D | M] -- C:\VueScan
[2012.12.20 21:36:55 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,008,694 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.12.18 14:37:03 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.12.18 16:08:02 | 000,001,076 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3462201253-762489413-3296892312-1000Core.job
[2012.12.18 16:08:03 | 000,001,128 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3462201253-762489413-3296892312-1000UA.job

< MD5 for: AGP440.SYS >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IASTORV.SYS >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: USER32.DLL >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %USERPROFILE%\*.* >
[2012.12.21 18:07:08 | 000,000,000 | ---- | M] () -- C:\Users\Subking\defogger_reenable
[2012.12.21 18:56:19 | 001,572,864 | -HS- | M] () -- C:\Users\Subking\NTUSER.DAT
[2012.12.21 18:56:19 | 000,262,144 | -HS- | M] () -- C:\Users\Subking\ntuser.dat.LOG1
[2012.12.18 12:09:15 | 000,000,000 | -HS- | M] () -- C:\Users\Subking\ntuser.dat.LOG2
[2012.12.18 12:27:58 | 000,065,536 | -HS- | M] () -- C:\Users\Subking\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.12.18 12:27:58 | 000,524,288 | -HS- | M] () -- C:\Users\Subking\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.12.18 12:27:58 | 000,524,288 | -HS- | M] () -- C:\Users\Subking\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.12.18 12:09:15 | 000,000,020 | -HS- | M] () -- C:\Users\Subking\ntuser.ini

< %USERPROFILE%\Local Settings\Temp\*.exe >

< %USERPROFILE%\Local Settings\Temp\*.dll >

< %USERPROFILE%\Application Data\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< >

< End of report >
OTL Extras logfile created on: 21.12.2012 18:49:36 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Subking\Desktop\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

15,96 Gb Total Physical Memory | 12,95 Gb Available Physical Memory | 81,17% Memory free
31,92 Gb Paging File | 28,84 Gb Available in Paging File | 90,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 378,70 Gb Free Space | 81,32% Space Free | Partition Type: NTFS

Computer Name: SUBKING-PC | User Name: Subking | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28A21D4E-ACBD-4362-924C-F678D980504E}" = lport=138 | protocol=17 | dir=in | app=system |
"{28D3511D-1B98-4310-92EB-821A0252A3C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{436A081B-4797-4F38-AA71-27A83655F058}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{479AFD82-075B-45CC-80A5-C26D31397F71}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54386493-02BD-4FA9-B0CF-3F473D06F16B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{61519C62-0604-4F9C-A615-4FE8E0D4CAF5}" = lport=139 | protocol=6 | dir=in | app=system |
"{672641E3-03C3-441F-9536-B3C8AFD3369C}" = lport=445 | protocol=6 | dir=in | app=system |
"{6AD158B2-7420-4D55-8218-F285F11A6420}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75BD5D0C-1224-4FF5-A69D-4171335B85A8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8175270D-2B32-4916-9D5F-85C246FB3BD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{92C790FA-77EB-4E5D-A658-C00F7F8F6F31}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0CD54ED-EFBB-4BBF-8E66-55C9203CEB40}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AE120379-8A11-4675-84CA-91C29E885683}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B69E71A7-D658-4E97-A999-B4183771FCC5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B7DC768C-6242-4819-B5DB-04087FA8BE23}" = rport=445 | protocol=6 | dir=out | app=system |
"{BB38DBA8-B00E-4027-B8D7-1D7EA5D7B7DF}" = rport=138 | protocol=17 | dir=out | app=system |
"{BDA1A26D-4FA7-4DB6-AF32-E06BC5E338FB}" = rport=139 | protocol=6 | dir=out | app=system |
"{BE5E9DA4-0C2D-47E9-954C-92A09B133D9E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB8D552B-71CF-4BBB-BBC6-CEE4ECDA9413}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D6DEF478-AD2B-4B56-B41E-3ADF887A546C}" = rport=137 | protocol=17 | dir=out | app=system |
"{DAB8468F-5FA8-4008-81B6-4F864E9B5C02}" = lport=137 | protocol=17 | dir=in | app=system |
"{DBC66C37-E0A0-4038-BC0D-8A22317DAB4F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E7E3BB6D-AB0E-4B73-9625-C72EE71DF8EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{103CD463-3EBD-4DD8-B921-CE87EDA3A545}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{17DFE101-BA4E-48DA-AB1E-6541C19F5439}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1CE324C0-520D-4A93-92F2-9F803D74DB35}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{26A0AAA2-099D-4F73-8FD8-D82E106333BA}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{2889CAB3-ABF2-4DB7-A007-F4F3160AB3D0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{36FAEC84-DB68-40C0-BAFB-1A6772F87C50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A8F1BD4-BD1E-4105-BAD0-DED090919465}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{57DFF7F3-6E67-42AB-B91A-ABCEFD7A7C25}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58FA284E-C34F-4DD4-8499-3665D23F2ABF}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{5A7F3E2C-7C18-4040-A22A-280A091408C3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5AF9A282-EF3B-4A17-BF3E-9B9377D8FAC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6B0436B1-0AC2-4DDB-BA0F-CEA2685CDBED}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6C76DEDB-9DE4-4E28-8294-3FACD70A719A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{6EF4EAF9-E074-4A77-B251-44692EEE98A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8873FBD4-3988-4928-9477-C83DC4372C11}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8C77A4E4-46C3-4E0F-A0E7-CDA091E3F8BB}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{9A58D375-AC36-44BA-9D58-D608C42F20D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A59429B7-A5F2-4912-91A9-A05E2D58C69B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B869AE45-4ABA-4000-99A3-1CF50CFD9108}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA1076B0-CFB6-4A92-8169-0F6E3A0E6080}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1F656A9-AFBF-48E4-B579-C2FEF23921F9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C3F76D1F-9FDA-4E7B-94F7-739910A05E3C}" = protocol=6 | dir=out | app=system |
"{D883A65E-8C3F-41E6-8B14-FE278C7D421C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E243D72D-8B0E-4394-84F4-97F643458AC6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8B943C8-DA23-40D7-9FA2-30AF7AFD4A7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F124448B-83E5-4AA4-B17A-EF568370E21D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F3EC10FD-6BC9-4639-97CF-FD86DDADE68A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FAE12100-A9A1-447F-A6D8-0AE4E3C87EEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{9F996473-E669-46D2-8BE1-6FF705FC3CCB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{00FFC8E1-CC1D-4010-8969-630F00627E29}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{065B40C5-5F4C-9CF1-7A21-2B2EAA74E44D}" = AMD Fuel
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5BA8D4F0-C15F-57FE-2B6C-C4AF214833CE}" = AMD Accelerated Video Transcoding
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9064F37C-66B4-BAF2-E8A7-EDE5E72BB16D}" = AMD Media Foundation Decoders
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{BECAA3A9-CC5A-615C-5FF5-F5261E153CF0}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F436A08B-63BB-72A2-17C0-6D8E5182CA49}" = AMD Catalyst Install Manager
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"VueScan" = VueScan
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
"XFast LAN" = XFast LAN v6.61

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12E777A1-74B6-AD5A-D2CD-C792464E425B}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{2B8D8529-DA80-74D8-4898-DAA028746E08}" = CCC Help Korean
"{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
"{34E7E124-7AA8-1274-1BA2-90CBD7F6B708}" = CCC Help Thai
"{3C912BF1-73FE-B493-C7D6-04EBF14F57A2}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{549FACD7-A5F5-6EA8-7A19-8F7E8CE282A7}" = Catalyst Control Center Localization All
"{5753C527-E2AA-2B8B-AFD1-D4325A0A44B4}" = CCC Help Chinese Standard
"{613C67FF-E71D-124A-6380-E0E77F9438F7}" = CCC Help Polish
"{632B73D1-C23A-0BD4-FBE2-175B680876A9}" = CCC Help Norwegian
"{659F48FB-0A8A-49A1-3FD2-C6F069C10893}" = Catalyst Control Center Graphics Previews Common
"{70CEC2B6-BE72-E9B1-D6B8-C1A3CA170D1F}" = Catalyst Control Center InstallProxy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A3C7EE-10A4-EA61-AC31-335E0500DE48}" = CCC Help English
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77F94BE8-A504-352B-E873-FC78E5FA9CD7}" = CCC Help Japanese
"{79AAA7A5-6917-2C53-7FCB-C00B54602149}" = CCC Help Chinese Traditional
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{91B33C97-93EB-244C-F687-71D85E45A206}_is1" = Ashampoo Burning Studio 12 v.12.0.3
"{926E4789-8065-6F3B-9D9A-5E6AABA000BC}" = CCC Help Czech
"{92F39985-0DA5-4CC4-869F-2A3048C182E6}" = System Requirements Lab
"{9700C74F-1D07-FD53-6430-A858B34E30B7}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0E64741-5C93-FCCD-6A90-248D3C92CAFA}" = CCC Help Greek
"{A8D4FFA9-94CA-B0E4-7ED0-A7FD4DEDB106}" = CCC Help Hungarian
"{A9D5BCE3-6D8B-95B0-925F-F39BFAAB4177}" = CCC Help French
"{ABA15F5D-057C-2677-3C90-04838682F66B}" = CCC Help Dutch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACC88BAA-D748-E9D9-3F72-B359EFD11912}" = CCC Help Swedish
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{D33CE733-2DE9-D582-9D35-323F9F79A1EB}" = CCC Help Italian
"{D67A9023-307F-B5A0-8621-5258D3FA9813}" = CCC Help German
"{D7D6CCD3-D9BD-EA92-288E-EFCBDE939FF5}" = AMD VISION Engine Control Center
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EF666029-2EDF-C792-D438-34940ED13A46}" = CCC Help Finnish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38EF546-DCE4-E290-AB73-4C57A3AC70A0}" = CCC Help Danish
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{FE6A55DF-D79E-7469-37CC-3E7F08098FCA}" = CCC Help Spanish
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v10.0.15
"Avira AntiVir Desktop" = Avira Antivirus Premium
"Battlelog Web Plugins" = Battlelog Web Plugins
"Cars Augmented Reality" = Cars Augmented Reality
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ESN Sonar-0.70.4" = ESN Sonar
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"jdownloader09" = JDownloader 0.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Sapphire TRIXX" = Sapphire TRIXX
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Veetle TV" = Veetle TV
"White Christmas 3D Screensaver and Animated Wallpaper_is1" = White Christmas 3D Screensaver and Animated Wallpaper 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18.12.2012 14:23:10 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 18.12.2012 14:23:11 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 18.12.2012 14:23:11 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 18.12.2012 14:23:12 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 18.12.2012 14:23:12 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 18.12.2012 15:13:41 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 18.12.2012 15:13:42 | Computer Name = Subking-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 18.12.2012 17:11:31 | Computer Name = Subking-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version:
16.0.0.400, Zeitstempel: 0x4ab84bb7 Name des fehlerhaften Moduls: ISSetup.dll, Version:
16.0.0.400, Zeitstempel: 0x4ab84b70 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a7a6f
ID
des fehlerhaften Prozesses: 0x14b4 Startzeit der fehlerhaften Anwendung: 0x01cddd642453e209
Pfad
der fehlerhaften Anwendung: C:\Users\Subking\AppData\Local\Temp\WZSE0.TMP\setup.exe
Pfad
des fehlerhaften Moduls: C:\Users\Subking\AppData\Local\Temp\WZSE0.TMP\ISSetup.dll
Berichtskennung:
7e6154a7-4957-11e2-b852-bc5ff4220308

Error - 19.12.2012 13:00:59 | Computer Name = Subking-PC | Source = Application Hang | ID = 1002
Description = Programm bf3.exe, Version 1.5.0.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d54 Startzeit:
01cdde08eaf998c6 Endzeit: 658 Anwendungspfad: C:\Program Files (x86)\Origin Games\Battlefield
3\bf3.exe Berichts-ID:

Error - 19.12.2012 13:05:24 | Computer Name = Subking-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.5.0.0, Zeitstempel:
0x508b5457 Name des fehlerhaften Moduls: bf3.exe, Version: 1.5.0.0, Zeitstempel:
0x508b5457 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00a908b7 ID des fehlerhaften Prozesses:
0x12c0 Startzeit der fehlerhaften Anwendung: 0x01cdde0ab37728af Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe Berichtskennung:
46ff2b4d-49fe-11e2-8a20-bc5ff4220308

[ System Events ]
Error - 19.12.2012 04:29:24 | Computer Name = Subking-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%109

Error - 19.12.2012 04:29:24 | Computer Name = Subking-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%109

Error - 19.12.2012 04:31:46 | Computer Name = Subking-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%16405

Error - 19.12.2012 10:19:48 | Computer Name = Subking-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error - 19.12.2012 15:22:19 | Computer Name = Subking-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error - 19.12.2012 20:07:52 | Computer Name = Subking-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
(KB2454826)

Error - 19.12.2012 20:08:10 | Computer Name = Subking-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Windows Internet Explorer 9 für Windows 7 für
x64-basierte Systeme

Error - 19.12.2012 20:08:11 | Computer Name = Subking-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
(KB2484033)

Error - 20.12.2012 16:35:04 | Computer Name = Subking-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147467243

Error - 20.12.2012 16:45:12 | Computer Name = Subking-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
(KB2454826)


< End of report >

Alt 21.12.2012, 19:33   #2
markusg
/// Malware-holic
 
ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht - Standard

ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht



Wieso noch ein Thema?
__________________

__________________

Alt 21.12.2012, 20:01   #3
subking
 
ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht - Standard

ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht



hi weil ich die texte von otl falsch rein gesetzt habe und ich konnte es nicht mehr ändern oder editen. weil die 60min um waren deswegen.
__________________

Alt 21.12.2012, 20:07   #4
markusg
/// Malware-holic
 
ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht - Standard

ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht



Passt schon, der hier wird zugemacht, im andern gehts gleich weiter.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.12.2012, 21:01   #5
M-K-D-B
/// TB-Ausbilder
 
ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht - Standard

ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht



Hier geht es weiter:
ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.)


 

Themen zu ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht
adblock, adobe, antivir, autorun, avg, avira, bho, desktop, driver genius, echtzeit-scanner, error, fehler, firefox, flash player, format, helper, homepage, install.exe, installation, jdownloader, launch, logfile, mozilla, object, plug-in, realtek, registry, required, rundll, svchost.exe, trojaner, udp, virus, windows internet




Ähnliche Themen: ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht


  1. hallo.ich habe ein riesenproblem....hab mir glaub ich malware eingehandelt! habe scon mit spybot,
    Alles rund um Windows - 05.05.2015 (4)
  2. Ojee ich habe einen Trojaner - alles ist blau unterstrichen - auch hier und werbung etc. poppt auf...
    Plagegeister aller Art und deren Bekämpfung - 11.02.2015 (12)
  3. Ich habe 2 DllHost.exe Prozesse, Habe ich mir einen Virus eingefangen?
    Log-Analyse und Auswertung - 29.08.2013 (9)
  4. Ich habe einen Trojaner (Logfile gemacht)
    Log-Analyse und Auswertung - 28.08.2013 (11)
  5. versuch mit OTL trojaner PUM.UserWLoad und Trojan.Agent zu entfernen.. hoffe habe alles richtig gemacht
    Log-Analyse und Auswertung - 23.06.2013 (3)
  6. Hilfe habe meinen ersten Virus: W32/Patched.uc
    Plagegeister aller Art und deren Bekämpfung - 02.06.2013 (5)
  7. kann keine Windows Updates machen alles wird wieder rückgängig gemacht, habe auch die csrss.exe zweimal
    Log-Analyse und Auswertung - 17.03.2013 (21)
  8. ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.)
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (5)
  9. Habe ich einen Trojaner / Virus?
    Log-Analyse und Auswertung - 07.10.2012 (9)
  10. Verschlüsselungstrojaner auf xp jetzt Vista - alles falsch gemacht
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (1)
  11. Windows XP Recovery, habe ich alles richtig gemacht?
    Log-Analyse und Auswertung - 26.05.2011 (29)
  12. Guten Morgen ich habe ein Gefühl ich habe nun einen Virus/Trojaner
    Log-Analyse und Auswertung - 23.12.2009 (1)
  13. Habe ich einen Virus/Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 31.08.2009 (3)
  14. Habe ich etwas falsch gemacht?
    Mülltonne - 31.12.2008 (0)
  15. ich glaub ich habe einen trojaner...:-(
    Log-Analyse und Auswertung - 04.07.2007 (1)
  16. Aurora Bitte um Hilfe habe schon alles gemacht was ich finden konnte!!
    Log-Analyse und Auswertung - 14.06.2005 (10)
  17. Ich habe glaub ich einen Virus
    Antiviren-, Firewall- und andere Schutzprogramme - 17.10.2004 (19)

Zum Thema ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht - ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) malwarebytes durchlaufen lassen findet nichts.vorher habe ich den,mcafee labs stinger laufen lassen und er hat dieses gefunden. ist das nun ein virus - ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht...
Archiv
Du betrachtest: ich glaub ich habe einen virus(trojaner>JS/Exploit-Blacole.ht< unter anderen.) sorry habe im ersten thema so ziemlich alles falsch gemacht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.