|
Plagegeister aller Art und deren Bekämpfung: bizchoaching Pop UpsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.07.2013, 10:15 | #1 |
| bizchoaching Pop Ups Hallo habe die gleichen Probleme wie der Herr in diesem Thread http://www.trojaner-board.de/137576-...p-ups-etc.html .. Also hab bizcoaching.info popups und Werbung auf der google startseite und wahrscheinlich mehr. Weiss allerdings nicht genau wie ich es mir eingefangen habe. Hab auch die ersten drei Schritte die dort beschrieben sind schon durchgeführt. (Ja ja ich weiss nichts selber unternehmen) Ich hab noch ein Programm was als letztes installiert wurde und ich nicht kannte deinstalliert, hab Namen allerdings schon wieder vergessen Hab immer noch Popups sonst wuerd ich ja nix schreiben Hier die Logs: Code:
ATTFilter # AdwCleaner v2.304 - Datei am 04/07/2013 um 10:11:39 erstellt # Aktualisiert am 03/07/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : late - LATE-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\late\Downloads\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Datei Gelöscht : C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\searchplugins\mngr.xml Ordner Gelöscht : C:\Program Files (x86)\Iminent Ordner Gelöscht : C:\ProgramData\InstallMate Ordner Gelöscht : C:\ProgramData\Premium Ordner Gelöscht : C:\Users\late\AppData\Local\Temp\avg@toolbar Ordner Gelöscht : C:\Users\late\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\BI Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar Schlüssel Gelöscht : HKCU\Software\d2ded0b23aba43 Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\Software\Iminent Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\d2ded0b23aba43 Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v [Version kann nicht ermittelt werden] Datei : C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\prefs.js C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\user.js ... Gelöscht ! [OK] Die Datei ist sauber. -\\ Google Chrome v27.0.1453.116 Datei : C:\Users\late\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [6863 octets] - [04/07/2013 10:10:15] AdwCleaner[S1].txt - [6594 octets] - [04/07/2013 10:11:39] ########## EOF - C:\AdwCleaner[S1].txt - [6654 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by late on 04.07.2013 at 10:18:41,69 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders Successfully deleted: [Folder] "C:\Users\late\AppData\Roaming\software informer" Successfully deleted: [Empty Folder] C:\Users\late\appdata\local\{2FCE9C38-A661-42DF-8D28-6E15200594C8} Successfully deleted: [Empty Folder] C:\Users\late\appdata\local\{42447BDC-8712-4EE8-96A6-CA3342AE41E8} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 04.07.2013 at 10:22:02,86 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter OTL Extras logfile created on: 04.07.2013 10:58:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\late\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 32,79% Memory free 7,73 Gb Paging File | 4,44 Gb Available in Paging File | 57,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918,40 Gb Total Space | 581,35 Gb Free Space | 63,30% Space Free | Partition Type: NTFS Drive D: | 13,02 Gb Total Space | 1,79 Gb Free Space | 13,78% Space Free | Partition Type: NTFS Computer Name: LATE-PC | User Name: late | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-46469986-3595555079-1423974608-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1417D55D-557B-4073-9EF7-471A417CCD5B}" = lport=137 | protocol=17 | dir=in | app=system | "{1B56EB00-B5C3-4A00-B768-B8A693AF3ACD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1BC23196-8444-457D-BDD4-92B85EF1EF48}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1C87CACA-2DA5-4062-A4FD-A22783C099A9}" = lport=2869 | protocol=6 | dir=in | app=system | "{2E571437-7EEC-439B-A1A3-BB9B80F31D3D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4751EFA3-9D36-4D5F-B004-439ADADD9817}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{48056410-80B8-425B-BF04-F6528CADADE5}" = rport=137 | protocol=17 | dir=out | app=system | "{49E416FC-C83E-4D5E-B265-AA7E216A2B1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5F35C451-4193-48F1-80B8-B134A2CE3042}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6412612F-3C6A-47A3-A9B5-A58CA0974DF6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6F839F0B-B07F-424C-AC20-50B2B23DBC23}" = rport=138 | protocol=17 | dir=out | app=system | "{7995FB59-2956-4598-ADFB-D52BDF5ED880}" = lport=139 | protocol=6 | dir=in | app=system | "{8AEB4432-9A4C-4827-99BE-FE3A474C72DB}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | "{8C3B5D62-498F-48FB-9856-7BF84EA7CEC3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{906FFDBF-E431-4DC1-98D3-4F1FE2C38306}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | "{91CAC28A-05FC-4202-AFB7-A1384CC91159}" = rport=10243 | protocol=6 | dir=out | app=system | "{95256EA9-58BF-4503-9E43-605B5C3EA88A}" = lport=138 | protocol=17 | dir=in | app=system | "{9A5D5169-F00A-4839-8434-43A1F3C7F5D7}" = rport=139 | protocol=6 | dir=out | app=system | "{9E24E318-EB2A-4F35-8C04-41F8A427E139}" = lport=445 | protocol=6 | dir=in | app=system | "{CCCAC745-F425-4DF7-BCC7-D3212E297EEC}" = rport=445 | protocol=6 | dir=out | app=system | "{DEC5489D-A294-4657-9EBA-FF49222AB5E4}" = lport=10243 | protocol=6 | dir=in | app=system | "{E20EEACA-90EF-46F4-B472-899DB360FC73}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E992EE0F-95F3-473D-8E49-F19E75531597}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00874798-2A67-42A7-9990-AA13296F1D3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | "{00ADDC48-36ED-4D81-93BD-18B446195EBA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{03FF5DDA-A6F5-4B8B-8B08-F5C259BECAC6}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{095E31B1-A64E-403F-95FD-431C1F317B72}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{09B03B0C-ABE5-47B2-BC62-89EC442A0106}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0B028E56-06FC-4342-93F9-590666FD19EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{0EE98B2B-B1B0-4B09-8865-278DBEA92919}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0F9D9BA3-01FA-4E78-B31D-63348626F3FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe | "{134D6CA7-26A9-45FB-BC45-18599BFC9368}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | "{143C6114-88CF-4133-8C96-40D6D58D8297}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{1DDB23EE-730A-4664-8F93-A7D11CE20A83}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{24A5F9BD-0D84-4A3A-9410-A6699398C40D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout\falloutw.exe | "{2B3A3261-355F-4CF4-875B-94FA85338F94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe | "{2BADE59B-F8C4-4619-957B-7817E7E9C4F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe | "{2FEBB984-4F52-4B57-AD61-4FAB4221DA2C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{31B466B1-9041-4822-97F8-6979972CD24F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{356F5CDA-6E81-496E-8DEE-080ECA74E935}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | "{37D6F1A8-6A28-4112-B35D-9635E47B4C5C}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{3824F7DD-F48D-4A37-B9D8-9DB66AEB2E23}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the pit\thepit.exe | "{394FFD12-9ED3-4DB8-8D1A-72A66FB0CB1B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | "{3C72C537-F209-4592-8025-FA632B89C43B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4170C533-82BA-4258-B90A-7707CEC8F684}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | "{4342D585-5A52-482A-99E3-5D076D4F8D5C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | "{44128FBF-0B9D-4190-BFBB-FB10400AA9B6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{46B6A166-07A6-4B1A-AA9C-0D1CD17FA953}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{48DBE294-E618-48A1-A700-2BE55A3C6791}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4B5FAD53-43E9-4F13-BD0A-42B2213F509F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe | "{4BDE2388-9EB8-490E-AEAD-ECA00603DB77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4ED7E35B-E013-47E6-8CCD-5694BCBE474F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | "{4EF17BD3-A854-409C-A496-A99894411F45}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe | "{4FF56DD7-B5DE-4EB3-9709-C2E600F13B38}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{50037339-6742-4659-A48A-269397609F1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | "{5088BEDC-7C99-46D5-B378-6D8FCD8BB8D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe | "{5EE090ED-DB9B-403D-9344-C38AF8E0C2D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | "{64F33859-C3F6-49BE-9E6D-68CAA487A9FF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{67521968-07B3-4EB3-8984-9E55355D086B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{67CB26BE-3856-4106-9432-4CE0C4CDA959}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe | "{68506D60-2585-4CC6-8DDD-15A7B4C4491F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | "{69F6F3DB-687D-46B8-AF7D-35144073D6E7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{6C5796C8-11C2-409E-B848-48A799E71A41}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe | "{6CAC4F45-931D-4D0C-9D9E-E1A461EF008A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe | "{720B9204-AB8E-4DA0-824B-83F262747ACE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{74633730-8B52-4515-B623-C2080DDF8B14}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{7604FEE2-4456-4257-A7A9-B890BC2F9A09}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe | "{7988C40F-7087-4713-A894-40DDB2A1B53D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7D4D48A3-BB3B-4C7D-B544-BE6C248ED6CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | "{7DA93031-7926-43AB-BF6B-94F847B9AA1C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7F48AC76-9740-41EC-A874-4054148CF9BF}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | "{8194949A-66D1-48D4-8B58-97A301108EAC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | "{82AA3FC3-D056-4D17-AD79-744CDC5358AC}" = dir=in | app=%programfiles% (x86)\sega\football manager 2013\fm.exe | "{83A4276A-23A7-441A-8234-1B628F195838}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{89BC1EAB-35E4-42BB-837B-675858E85104}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\universe sandbox\universe sandbox.exe | "{8EA41676-235F-44D6-8814-CDB8C84EC678}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{9370974D-A10E-43CF-8156-DE88E0C01EED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | "{93CD813D-3094-4117-BA26-D4AAD52BCFF1}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{948CA4ED-C26C-4AA3-8016-A6FA37BE5EC4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{960A67F9-9DC4-45C3-A981-16DFE6D04DDD}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{979533DF-716D-4CFD-BC1E-6A384501B319}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | "{9831CF37-2E1C-4482-8807-48F46D35C593}" = protocol=6 | dir=out | app=system | "{9977F1BC-F91D-476A-B993-7669249DF00D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{9B5CFDA1-0B7E-475C-B626-1BAAB6494D75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A21E6E85-0714-4A20-B8AF-B32A0813C83C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A401DA4C-83B4-4683-B66A-1C3C3DFBA345}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\universe sandbox\universe sandbox.exe | "{A54CE7D1-828B-4FF7-A079-373191ED1E7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe | "{A68B60DC-A7F3-4081-986D-D208D5868D5B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{A9B72B5D-2B7A-4A19-BE48-3D78A71123DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | "{ABB0577D-6244-41F1-999E-DACE0BC50DA3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{AC7907E0-3057-4D3D-A44C-027D6D17B473}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | "{ADE5B7CC-B85D-443C-9B9E-44B8193FF8B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the pit\thepit.exe | "{AFCC6C3E-699E-4D2D-9CAF-21D57292F489}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{B1263361-0D3C-47CF-B870-4CBD263B9CF6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B67AA928-B7F1-4370-81E1-5F24413F4169}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{BB71B453-4278-447B-9688-2D5130B6851E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe | "{BF7D529A-59E7-4081-A1BC-68947171F91E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | "{C5D8B9A4-B4B3-4CC7-AD40-F8920A8066B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | "{CE5E7F8F-687E-4CA2-AD84-0E58ABC8AA10}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{DD1A502A-0351-46DF-8E51-57345A51A5E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout\falloutw.exe | "{DEF9BBAA-133B-4D17-9CDB-A6D62520EF00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DFBAD9F6-3022-4239-958B-74B7B963D786}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E2C6B8C5-BB9F-439F-8A6F-AC37A2FD61B6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{EE45C002-768B-4EDD-B056-6BAD045B3EE3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{EE750074-63C7-40C9-A186-B8D39D95860F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{EEF3A9B2-2CA0-4651-9E4D-0AE20269970F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{F20AABF3-7336-4DBD-82D7-7C1869B4B37C}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{F486D61C-92B8-46C1-AC14-D7DE0DE9CD88}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F5F3B632-B353-4B41-B5DA-F8D42DC3304A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{F83EAD82-9685-40C8-8117-66E40CDD8891}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{FCDEF09D-D849-450D-B4AF-0101D87927DA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "TCP Query User{086ADA70-CB6F-4539-8877-6BF27C2BAFC3}C:\program files (x86)\sega\football manager 2012\fm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sega\football manager 2012\fm.exe | "TCP Query User{1318DC40-F3D1-4927-9D48-E37016AE5199}C:\users\late\kag\kag.exe" = protocol=6 | dir=in | app=c:\users\late\kag\kag.exe | "TCP Query User{256C46E0-74F2-42C5-A015-9C05734E9A9E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{29CBC598-6B3E-4D91-A766-B7041D6436A8}C:\program files (x86)\innonics\wiggles\wiggles.exe" = protocol=6 | dir=in | app=c:\program files (x86)\innonics\wiggles\wiggles.exe | "TCP Query User{2E7D2F09-CA56-43B1-BBE6-95257F46F1D7}C:\users\late\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\late\appdata\local\google\chrome\application\chrome.exe | "TCP Query User{871945F3-BCCA-4278-AE36-7628C4D92B20}C:\program files (x86)\freeorion\freeoriond.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freeorion\freeoriond.exe | "TCP Query User{8EE2298E-C7FA-4FF1-938D-1C69764E7217}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | "TCP Query User{C2279EF2-4C0A-448C-9E86-A86A23828A96}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe | "TCP Query User{E3266EB0-44C2-4C58-AA54-1C69D31082EC}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | "TCP Query User{E3511CFB-C9A6-4B2E-B3E7-882ADF150131}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{E415406F-8C63-42CC-814E-517AF6B5AA37}C:\users\late\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe" = protocol=6 | dir=in | app=c:\users\late\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe | "TCP Query User{F0339328-1D10-451F-B746-99DAF02D6473}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{F41F98D9-455E-4129-951D-B38C2D54CBA6}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe | "TCP Query User{FB005732-7218-4835-A40F-5ABDC1E8813E}C:\users\late\appdata\roaming\ubisoft\mmdoc-pdclive\gamedata\game.exe" = protocol=6 | dir=in | app=c:\users\late\appdata\roaming\ubisoft\mmdoc-pdclive\gamedata\game.exe | "UDP Query User{0E5E56E9-28B5-434C-A5CC-C79F0C35E53D}C:\program files (x86)\sega\football manager 2012\fm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sega\football manager 2012\fm.exe | "UDP Query User{184565BF-518D-40AD-A534-EDBD43CB7579}C:\users\late\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\late\appdata\local\google\chrome\application\chrome.exe | "UDP Query User{212EBC07-6078-49AC-A114-09D977C5D55F}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe | "UDP Query User{4D410784-CF84-4258-BB95-28B6D1BCD8B4}C:\users\late\kag\kag.exe" = protocol=17 | dir=in | app=c:\users\late\kag\kag.exe | "UDP Query User{6CB58FA2-5C34-416F-986C-699E66D1D13F}C:\users\late\appdata\roaming\ubisoft\mmdoc-pdclive\gamedata\game.exe" = protocol=17 | dir=in | app=c:\users\late\appdata\roaming\ubisoft\mmdoc-pdclive\gamedata\game.exe | "UDP Query User{72FA6FAA-43B5-4CD8-8D35-9EEE389B362E}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | "UDP Query User{9237CEF9-41A4-4AA5-9BE7-A924FBA5A22E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{94A7B3CC-20FC-4D6F-87BE-89005532C8D3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{9545C8A1-EC2D-4AA2-B46A-E96F4B992EF9}C:\program files (x86)\freeorion\freeoriond.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freeorion\freeoriond.exe | "UDP Query User{996115C6-68F4-4493-8D43-740C7687656E}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe | "UDP Query User{BAC0A587-A3C4-4695-A97E-2100DE5D3E22}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | "UDP Query User{D0FD8F5C-3F2C-41CA-9003-4332A1F709C9}C:\program files (x86)\innonics\wiggles\wiggles.exe" = protocol=17 | dir=in | app=c:\program files (x86)\innonics\wiggles\wiggles.exe | "UDP Query User{D2DAA131-972B-4E7A-AF5C-407FD37BC0F2}C:\users\late\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe" = protocol=17 | dir=in | app=c:\users\late\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe | "UDP Query User{D4D3BC58-0879-44E7-91EB-6C5910B8943D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit) "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4E7CCB76-687B-4C53-9A5E-08780AF3A551}" = Motorola Mobile Drivers Installation 5.9.0 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu "{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64 "{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager "Explorer Suite_is1" = Explorer Suite III "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "PC-Doctor for Windows" = Hardwarediagnosetools "Software Informer_is1" = Software Informer 1.2 "UDK-01e0aa75-5152-4da4-8142-f70b1f32e004" = My Game Long Name "VLC media player" = VLC media player 2.0.7 "WinRAR archiver" = WinRAR 4.20 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15 "{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese "{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "{31B2FF31-41BA-5A5F-016A-CB78737C4EF8}" = HydraVision "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian "{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai "{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR "{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center "{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek "{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7EEB72E4-2150-49F8-BC51-B63AF7B9E2F2}" = GEAR driver installer 4.019 "{81DE15C9-5390-4533-81DF-2DC936C1A40C}" = Motorola Device Software Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX "{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information "{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean "{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish "{C3DF1C57-780A-DB9C-F30A-68EB45526761}" = Catalyst Control Center InstallProxy "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update "{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common "{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh "{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{E04A4B52-7CF5-4B5A-0001-F5B55C390A4C}" = MyTube BigPack 5 "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All "{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish "{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch "{F6CCD38C-8298-4F7B-91C5-C8DED0B24E5A}" = Fritz 12 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "5513-1208-7298-9440" = JDownloader 0.9 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Audacity_is1" = Audacity 1.2.6 "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber MP3-Plugin (64 bit) "avast" = avast! Free Antivirus "DAEMON Tools Lite" = DAEMON Tools Lite "FileHippo.com" = FileHippo.com Update Checker "Fraps" = Fraps "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430 "GameSpy Arcade" = GameSpy Arcade "Google Chrome" = Google Chrome "HP Remote Solution" = HP Remote Solution "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "IrfanView" = IrfanView (remove only) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "MMDoC-PDCLive" = Duel of Champions "Notepad++" = Notepad++ "OpenAL" = OpenAL "Philips Songbird" = Philips Songbird "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "PuTTY_is1" = PuTTY version 0.60 "Secunia PSI" = Secunia PSI (3.0.0.6005) "Steam App 113200" = The Binding of Isaac "Steam App 200510" = XCOM: Enemy Unknown "Steam App 201280" = Deus Ex: Human Revolution - The Missing Link "Steam App 203770" = Crusader Kings II "Steam App 207170" = Legend of Grimrock "Steam App 212680" = FTL: Faster Than Light "Steam App 233700" = Sword of the Stars: The Pit "Steam App 28050" = Deus Ex: Human Revolution "Steam App 38400" = Fallout "Steam App 47810" = Dragon Age: Origins - Ultimate Edition "Steam App 57690" = Tropico 4 "Steam App 6910" = Deus Ex: Game of the Year Edition "Steam App 72200" = Universe Sandbox "Steam App 72850" = The Elder Scrolls V: Skyrim "Steam App 8930" = Sid Meier's Civilization V "uTorrent" = µTorrent "WinPcapInst" = WinPcap 4.1.2 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 04.07.2013 04:25:24 | Computer Name = late-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\late\Downloads\SoftonicDownloader_fuer_dx-ball-2.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. [ Hewlett-Packard Events ] Error - 30.07.2012 13:32:26 | Computer Name = late-PC | Source = HPSF.exe | ID = 4000 Description = Error - 24.08.2012 07:44:45 | Computer Name = late-PC | Source = HPSF.exe | ID = 4000 Description = Error - 24.08.2012 07:44:59 | Computer Name = late-PC | Source = HPSF.exe | ID = 4000 Description = Error - 24.08.2012 07:45:59 | Computer Name = late-PC | Source = HPSF.exe | ID = 4000 Description = Error - 12.10.2012 10:54:59 | Computer Name = late-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233088 bei HPSFConfigReader.ConfigHelper.loadXML() bei HPSFConfigReader.ConfigHelper..ctor() bei HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean isOnAppLoad) Message: Eine Ausnahme vom Typ "System.Exception" wurde ausgelöst. StackTrace: bei HPSFConfigReader.ConfigHelper.loadXML() bei HPSFConfigReader.ConfigHelper..ctor() bei HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean isOnAppLoad) Source: HPSFConfigReader Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3959 Ram Utilization: TargetSite: Void loadXML() Error - 12.10.2012 11:01:40 | Computer Name = late-PC | Source = hpsa_service.exe | ID = 2000 Description = Error - 12.10.2012 11:03:40 | Computer Name = late-PC | Source = HPSF.exe | ID = 4000 Description = Error - 12.10.2012 11:03:40 | Computer Name = late-PC | Source = HPSF.exe | ID = 4000 Description = Error - 12.10.2012 11:03:44 | Computer Name = late-PC | Source = HPSF.exe | ID = 4000 Description = Error - 08.12.2012 16:46:34 | Computer Name = late-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261 bei HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties() Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. StackTrace: bei HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties() Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3959 Ram Utilization: 30 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties() < End of report > Code:
ATTFilter OTL logfile created on: 04.07.2013 10:58:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\late\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 32,79% Memory free 7,73 Gb Paging File | 4,44 Gb Available in Paging File | 57,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918,40 Gb Total Space | 581,35 Gb Free Space | 63,30% Space Free | Partition Type: NTFS Drive D: | 13,02 Gb Total Space | 1,79 Gb Free Space | 13,78% Space Free | Partition Type: NTFS Computer Name: LATE-PC | User Name: late | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\late\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe () PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe () PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\500a8ae2a5d27132d87ccac9f97b0069\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Motorola Device Manager) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe () SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (PST Service) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys (Secunia) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys () DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\drivers\motusbdevice.sys (Motorola Inc) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (GEARAspiWDM) -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{A1548837-F165-4013-A135-55030BFCBDE4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{A1548837-F165-4013-A135-55030BFCBDE4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\..\SearchScopes\{A1548837-F165-4013-A135-55030BFCBDE4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: ietab@ip.cn:1.98.20110322 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6 FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9 FF - prefs.js..extensions.enabledAddons: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.14 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.95.20100933 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) [2010.08.27 20:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\late\AppData\Roaming\mozilla\Extensions [2010.08.27 20:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\late\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.04 19:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\late\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2013.07.04 10:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\late\AppData\Roaming\mozilla\Firefox\Profiles\azkj9wli.default\extensions [2012.03.31 18:29:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\late\AppData\Roaming\mozilla\Firefox\Profiles\azkj9wli.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.03.24 12:37:36 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\late\AppData\Roaming\mozilla\Firefox\Profiles\azkj9wli.default\extensions\ietab@ip.cn [2010.11.01 09:42:27 | 000,000,000 | ---D | M] (refspoof) -- C:\Users\late\AppData\Roaming\mozilla\Firefox\Profiles\azkj9wli.default\extensions\refspoof@mozdev.org [2012.04.26 22:25:03 | 000,523,274 | ---- | M] () (No name found) -- C:\Users\late\AppData\Roaming\mozilla\firefox\profiles\azkj9wli.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.04.26 22:19:25 | 000,061,109 | ---- | M] () (No name found) -- C:\Users\late\AppData\Roaming\mozilla\firefox\profiles\azkj9wli.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2012.01.07 23:48:56 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\late\AppData\Roaming\mozilla\firefox\profiles\azkj9wli.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi File not found (No name found) -- C:\USERS\LATE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AZKJ9WLI.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} [2012.04.21 13:55:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2006.08.09 12:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npWebLaunch.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Free Studio (Enabled) = C:\Users\late\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: avast! WebRep = C:\Users\late\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: Lyrics-Pal = C:\Users\late\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf\1.116_0\ O1 HOSTS File: ([2012.11.27 20:36:16 | 000,444,974 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15279 more lines... O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001..\Run: [GoogleChromeAutoLaunch_A3A292FB551A28B0E4812C78C5FBFFBF] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\late\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012.02.26 22:39:30 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\late\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk.disabled () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF031E93-0F60-46E9-B123-0E551FEB4C9C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{cf0667b0-4ee6-11df-869d-406186c59e6a}\Shell - "" = AutoRun O33 - MountPoints2\{cf0667b0-4ee6-11df-869d-406186c59e6a}\Shell\AutoRun\command - "" = L:\DE_Fallout_3_DLC.EXE O33 - MountPoints2\{d0d1ef6c-4c86-11df-86dc-406186c59e6a}\Shell - "" = AutoRun O33 - MountPoints2\{d0d1ef6c-4c86-11df-86dc-406186c59e6a}\Shell\AutoRun\command - "" = K:\Autorun.exe O33 - MountPoints2\{ede10b62-7819-11e2-93fe-406186c59e6a}\Shell - "" = AutoRun O33 - MountPoints2\{ede10b62-7819-11e2-93fe-406186c59e6a}\Shell\AutoRun\command - "" = I:\MotorolaDeviceManagerSetup.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.04 10:18:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.07.04 10:18:29 | 000,000,000 | ---D | C] -- C:\JRT [2013.07.04 09:58:16 | 000,000,000 | ---D | C] -- C:\Users\late\AppData\Roaming\Malwarebytes [2013.07.04 09:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.04 09:37:25 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\late\Desktop\OTH.scr [2013.07.03 01:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DX-Ball 2 [2013.07.03 01:02:33 | 000,000,000 | ---D | C] -- C:\Users\late\Local Settings [2013.06.30 01:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.06.30 01:52:18 | 000,312,232 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.06.30 01:52:03 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.06.30 01:52:03 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.06.30 01:52:03 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.06.15 16:44:55 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.06.15 16:44:54 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.14 17:32:59 | 000,000,000 | ---D | C] -- C:\Users\late\AppData\Local\Ubisoft [2013.06.14 17:32:57 | 000,000,000 | -HSD | C] -- C:\Users\late\wc [2013.06.14 17:32:48 | 000,000,000 | ---D | C] -- C:\Users\late\AppData\Roaming\Ubisoft [2013.06.14 17:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duel of Champions Launcher [2013.06.12 21:14:23 | 009,089,416 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013.06.12 13:07:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.06.12 13:07:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.06.12 13:07:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.06.12 13:07:27 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.06.12 13:07:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.06.12 13:07:27 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.06.12 13:07:27 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.06.12 13:07:27 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.06.12 13:07:26 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.06.12 13:07:25 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.06.12 13:07:24 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.06.12 13:07:24 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.06.12 13:07:23 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.06.12 09:49:34 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.06.12 09:49:33 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.06.12 09:49:30 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013.06.12 09:49:29 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.06.12 09:49:29 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013.06.12 09:49:27 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.06.12 09:49:26 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013.06.12 09:49:26 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013.06.10 14:40:18 | 000,000,000 | ---D | C] -- C:\Users\late\Documents\Nexus Mod Manager [2013.06.10 14:40:18 | 000,000,000 | ---D | C] -- C:\Users\late\AppData\Local\Black_Tree_Gaming [2013.06.10 14:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager [2013.06.10 14:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\late\*.tmp files -> C:\Users\late\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.04 10:57:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.04 10:20:45 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.04 10:20:45 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.04 10:13:37 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.04 10:13:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.04 09:37:30 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\late\Desktop\OTH.scr [2013.07.04 03:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.30 17:24:49 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for late.job [2013.06.30 01:51:59 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.06.30 01:51:58 | 000,312,232 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.06.30 01:51:58 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.06.30 01:51:58 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.06.30 01:51:57 | 001,093,032 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.06.30 01:51:57 | 000,972,712 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.06.12 21:14:30 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.06.12 21:14:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.06.12 21:14:23 | 009,089,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.06.04 20:52:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLATE-PC$.job [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Users\late\*.tmp files -> C:\Users\late\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.22 22:24:17 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2013.02.06 02:14:28 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2013.02.06 02:14:11 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2013.02.06 02:13:51 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.09.30 23:55:12 | 000,007,602 | ---- | C] () -- C:\Users\late\AppData\Local\Resmon.ResmonCfg [2012.09.24 10:27:16 | 000,000,234 | ---- | C] () -- C:\Users\late\.swfinfo [2012.08.20 14:38:52 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.08 22:10:02 | 000,000,022 | ---- | C] () -- C:\Windows\WET.INI [2011.12.29 19:41:49 | 000,000,233 | ---- | C] () -- C:\Windows\ACTIVEJP.INI [2011.11.29 10:28:22 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll [2011.08.01 20:14:39 | 000,000,226 | ---- | C] () -- C:\Users\late\AppData\Roaming\burnaware.ini [2011.07.02 10:40:14 | 000,001,854 | ---- | C] () -- C:\Users\late\AppData\Roaming\GhostObjGAFix.xml [2011.05.30 20:56:38 | 000,307,200 | ---- | C] () -- C:\Users\late\jaudioMp3Win.tar [2011.01.02 20:17:23 | 000,000,600 | ---- | C] () -- C:\Users\late\AppData\Local\PUTTY.RND [2010.12.04 15:50:31 | 000,000,092 | ---- | C] () -- C:\Users\late\AppData\Local\fusioncache.dat [2010.08.28 21:12:04 | 000,003,584 | ---- | C] () -- C:\Users\late\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.30 20:35:27 | 000,000,000 | ---- | C] () -- C:\Users\late\AppData\Roaming\chrtmp [2010.06.20 22:21:24 | 000,000,008 | ---- | C] () -- C:\Users\late\AppData\Roaming\DofusAppId0_1 [2010.06.20 05:06:25 | 000,000,169 | ---- | C] () -- C:\Users\late\AppData\Roaming\D2Info0 [2010.06.20 05:06:25 | 000,000,008 | ---- | C] () -- C:\Users\late\AppData\Roaming\DofusAppId0_2 [2010.05.16 12:39:04 | 000,006,819 | ---- | C] () -- C:\Users\late\AppData\Roaming\.freeciv-client-rc-2.2 [2010.04.22 00:24:36 | 000,499,517 | ---- | C] () -- C:\Users\late\AppData\Local\tmpILLITE_TEMPLATE_BACK.JPG [2010.04.22 00:24:36 | 000,471,616 | ---- | C] () -- C:\Users\late\AppData\Local\tmpILLITE_TEMPLATE_BACK.0 [2010.04.20 18:55:30 | 000,000,000 | ---- | C] () -- C:\Users\late\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.05.20 08:51:20 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\.freeciv [2011.11.20 15:21:42 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\.minecraft [2011.11.14 23:34:02 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\.minecraft server [2012.09.13 10:12:57 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Academagia [2010.06.20 05:06:42 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\app [2010.10.30 11:53:18 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Canneverbe Limited [2010.05.08 20:12:13 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\ChessBase [2013.05.05 01:07:50 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\com.radialgames.MonsterLovesYou [2010.12.29 11:21:41 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\crawl [2012.05.06 02:05:25 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\DAEMON Tools Lite [2012.09.24 12:26:26 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Downloaded Installations [2013.05.07 01:33:25 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\DVDVideoSoft [2012.09.24 10:07:53 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Engelmann Media [2012.10.15 00:40:17 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\FreeOrion [2012.09.24 10:09:49 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\HDX4 GmbH [2012.09.24 10:17:30 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Iggels [2010.08.06 19:35:35 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\IrfanView [2012.12.16 07:24:33 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Kalypso Media [2010.08.22 12:24:25 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Lionhead Studios [2011.03.28 21:20:07 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\LolClient [2010.09.19 17:37:09 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\LucasArts [2013.02.17 17:01:54 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Motorola [2013.02.17 17:03:45 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Motorola Mobility [2011.03.05 18:04:52 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\NewsLeecher [2012.10.09 18:39:52 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Notepad++ [2010.04.21 09:36:26 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\OpenOffice.org [2010.08.04 19:59:34 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Philips-Songbird [2012.12.02 15:47:36 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\PM2012 [2011.05.15 12:58:02 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\ProtectDISC [2010.06.20 05:06:42 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 [2012.12.06 22:18:21 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\RenPy [2011.05.03 21:03:46 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\runic games [2011.06.10 18:06:11 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Samsung [2012.12.01 01:40:34 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Sports Interactive [2012.09.21 00:11:44 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Stardock [2010.05.08 16:17:48 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\StoneLoopsWT [2013.05.05 21:47:14 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Sword of the Stars - The Pit [2013.06.03 23:03:13 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\System [2011.04.17 12:29:56 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\temp [2010.04.20 18:55:32 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Template [2010.08.27 20:20:34 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Thunderbird [2010.06.09 09:19:36 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Tific [2013.01.15 01:14:24 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\To the Moon - Freebird Games [2010.05.07 20:25:33 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Tropico 3 [2013.04.01 11:18:26 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Tropico 4 [2012.04.19 22:06:37 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\TuneUp Software [2013.06.14 17:32:48 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Ubisoft [2012.09.17 20:38:58 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\uqm [2012.09.24 22:57:11 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\uTorrent [2010.04.20 16:55:08 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\WinBatch [2011.03.13 16:56:11 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Windows Live Writer [2013.06.14 17:32:55 | 000,000,000 | -HSD | M] -- C:\Users\late\AppData\Roaming\wyUpdate AU [2012.09.04 10:28:39 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\_MDLogs ========== Purity Check ========== < End of report > |
04.07.2013, 10:34 | #2 |
/// the machine /// TB-Ausbilder | bizchoaching Pop Ups Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
04.07.2013, 10:44 | #3 |
| bizchoaching Pop Ups Danke schonmal
__________________Sind allerdings vom adwcleaner glaub ich virenscanner usw geschlossen oder sollte ich nochmal neustarten? FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013 Ran by late (administrator) on 04-07-2013 11:37:32 Running from C:\Users\late\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AMD) C:\Windows\system32\atieclxx.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (OldTimer Tools) C:\Users\late\Downloads\OTL.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\system32\prevhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKCU\...\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background [307712 2012-11-23] (FileHippo.com) HKCU\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3713032 2012-11-13] (Safer-Networking Ltd.) HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-19] () HKCU\...\Run: [GoogleChromeAutoLaunch_A3A292FB551A28B0E4812C78C5FBFFBF] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window [825808 2013-06-15] (Google Inc.) HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.) HKCU\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [393216 2010-09-07] (AMD) HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3674320 2013-01-08] (DT Soft Ltd) HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 MountPoints2: {cf0667b0-4ee6-11df-869d-406186c59e6a} - L:\DE_Fallout_3_DLC.EXE MountPoints2: {d0d1ef6c-4c86-11df-86dc-406186c59e6a} - K:\Autorun.exe MountPoints2: {ede10b62-7819-11e2-93fe-406186c59e6a} - I:\MotorolaDeviceManagerSetup.exe -a HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation) HKLM-x32\...\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software) HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x] HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x] Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\late\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled () Startup: C:\Users\late\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk.disabled ShortcutTarget: OpenOffice.org 3.4.1.lnk.disabled -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Extension: No Name - C:\Users\late\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com FF Extension: No Name - C:\Users\late\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} FF Extension: No Name - C:\Users\late\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: IE Tab Plus - C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\Extensions\ietab@ip.cn FF Extension: refspoof - C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\Extensions\refspoof@mozdev.org FF Extension: DownloadHelper - C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: No Name - C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\Extensions\sfStatistics.xml FF Extension: No Name - C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF Extension: No Name - C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi FF Extension: No Name - C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll () CHR Plugin: (Free Studio) - C:\Users\late\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Extension: (avast! WebRep) - C:\Users\late\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0 CHR Extension: (Lyrics-Pal) - C:\Users\late\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf\1.116_0 ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [44808 2012-08-21] (AVAST Software) R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-24] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia) R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x] ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software) R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-07-22] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-21] (DT Soft Ltd) R3 GEARAspiWDM; C:\Windows\SysWow64\Drivers\GEARAspiWDM.sys [15664 2010-04-12] (GEAR Software Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-07-22] () R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-02-07] (Secunia) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-11-27] (Duplex Secure Ltd.) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15672 2012-04-21] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-04 11:37 - 2013-07-04 11:37 - 00000000 ____D C:\FRST 2013-07-04 11:36 - 2013-07-04 11:36 - 01934636 ____A (Farbar) C:\Users\late\Downloads\FRST64.exe 2013-07-04 11:02 - 2013-07-04 11:02 - 00000094 ___AH C:\Users\late\Desktop\.~lock.JRT.txt# 2013-07-04 10:36 - 2013-07-04 11:03 - 00091208 ____A C:\Users\late\Downloads\Extras.Txt 2013-07-04 10:36 - 2013-07-04 11:02 - 00101214 ____A C:\Users\late\Downloads\OTL.Txt 2013-07-04 10:25 - 2013-07-04 10:25 - 00602112 ____A (OldTimer Tools) C:\Users\late\Downloads\OTL.exe 2013-07-04 10:22 - 2013-07-04 10:22 - 00001911 ____A C:\Users\late\Desktop\JRT.txt 2013-07-04 10:18 - 2013-07-04 10:18 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\late\Downloads\JRT.exe 2013-07-04 10:18 - 2013-07-04 10:18 - 00000000 ____D C:\Windows\ERUNT 2013-07-04 10:18 - 2013-07-04 10:18 - 00000000 ____D C:\JRT 2013-07-04 10:11 - 2013-07-04 10:12 - 00006703 ____A C:\AdwCleaner[S1].txt 2013-07-04 10:10 - 2013-07-04 10:10 - 00006863 ____A C:\AdwCleaner[R1].txt 2013-07-04 10:10 - 2013-07-04 10:10 - 00000094 ___AH C:\.~lock.AdwCleaner[R1].txt# 2013-07-04 10:08 - 2013-07-04 10:08 - 00650027 ____A C:\Users\late\Downloads\adwcleaner.exe 2013-07-04 09:58 - 2013-07-04 09:58 - 00000000 ____D C:\Users\late\AppData\Roaming\Malwarebytes 2013-07-04 09:57 - 2013-07-04 09:57 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-04 09:37 - 2013-07-04 09:37 - 00259584 ____A (OldTimer Tools) C:\Users\late\Desktop\OTH.scr 2013-07-04 09:25 - 2013-07-04 10:13 - 00000112 ____A C:\Windows\setupact.log 2013-07-03 01:16 - 2013-07-03 01:16 - 03322804 ____A C:\Users\late\Downloads\lbreakout2-2.5.1-win32.zip 2013-07-03 01:16 - 2013-07-03 01:16 - 00000000 ____D C:\Users\late\Downloads\lbreakout2-2.5.1-win32 2013-07-03 01:15 - 2013-07-03 01:16 - 00525584 ____A C:\Users\late\Downloads\Setup (1).exe 2013-07-03 01:12 - 2013-07-03 01:12 - 00393040 ____A (Softonic ) C:\Users\late\Downloads\SoftonicDownloader_fuer_dx-ball-2.exe 2013-07-03 01:02 - 2013-07-03 01:02 - 00163352 ____A () C:\Users\late\Downloads\block130zip_downloader_by_CaimanFreeGames (1).exe 2013-07-03 01:01 - 2013-07-03 01:01 - 00825158 ____A C:\Users\late\Downloads\aReaker_classic_fe.zip 2013-07-03 01:01 - 2013-07-03 01:01 - 00163352 ____A () C:\Users\late\Downloads\block130zip_downloader_by_CaimanFreeGames.exe 2013-06-30 01:52 - 2013-06-30 01:51 - 00312232 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-30 01:52 - 2013-06-30 01:51 - 00189352 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-30 01:52 - 2013-06-30 01:51 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-30 01:52 - 2013-06-30 01:51 - 00108968 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll 2013-06-30 01:48 - 2013-06-30 01:50 - 23229256 ____A C:\Users\late\Downloads\vlc-2.0.7-win64.exe 2013-06-30 01:48 - 2013-06-30 01:49 - 36271144 ____A (Safer-Networking Ltd. ) C:\Users\late\Downloads\spybot-2.1.exe 2013-06-30 01:48 - 2013-06-30 01:49 - 33150376 ____A (Oracle Corporation) C:\Users\late\Downloads\jre-7u25-windows-x64 (1).exe 2013-06-30 01:48 - 2013-06-30 01:49 - 07044390 ____A C:\Users\late\Downloads\npp.6.3.3.Installer.exe 2013-06-30 01:48 - 2013-06-30 01:48 - 01491560 ____A (Skype Technologies S.A.) C:\Users\late\Downloads\SkypeSetup.exe 2013-06-30 01:47 - 2013-06-30 01:48 - 33150376 ____A (Oracle Corporation) C:\Users\late\Downloads\jre-7u25-windows-x64.exe 2013-06-29 00:04 - 2013-06-29 00:05 - 130098361 ____A C:\Users\late\Downloads\Skyrim_-_Directors_Cut-3.2-14026.7z 2013-06-29 00:02 - 2013-06-29 00:02 - 00266051 ____A C:\Users\late\Downloads\skse_1_06_16_installer.exe 2013-06-15 16:44 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-15 16:44 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-15 16:44 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-15 16:44 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-15 16:44 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-15 16:44 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-15 16:44 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-15 16:44 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-15 16:44 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-15 16:44 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-15 16:44 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-15 16:44 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-14 17:32 - 2013-07-04 00:09 - 00000000 __SHD C:\Users\late\wc 2013-06-14 17:32 - 2013-06-14 17:45 - 00000000 ____D C:\Users\late\AppData\Local\Ubisoft 2013-06-14 17:32 - 2013-06-14 17:32 - 00000000 ____D C:\Users\late\AppData\Roaming\Ubisoft 2013-06-14 17:31 - 2013-06-14 17:31 - 07305352 ____A (Ubisoft) C:\Users\late\Downloads\setup.exe 2013-06-13 08:57 - 2013-06-13 08:57 - 00469828 ____A C:\Users\late\Downloads\skse_1_06_15 (1).7z 2013-06-13 08:57 - 2013-06-13 08:57 - 00000000 ____D C:\Users\late\Downloads\skse_1_06_15 (1) 2013-06-12 22:31 - 2013-06-12 22:37 - 115012431 ____A C:\Users\late\Downloads\Skyrim_-_Directors_Cut-3.1.1-14026.7z 2013-06-12 21:14 - 2013-06-12 21:14 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-06-12 13:07 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 13:07 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 13:07 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 13:07 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 13:07 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-12 13:07 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-12 13:07 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 13:07 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-12 13:07 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 13:07 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 13:07 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 13:07 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 13:07 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 13:07 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-12 13:07 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-12 13:07 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 13:07 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-12 13:07 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-12 13:07 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-12 09:49 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 09:49 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 09:49 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 09:49 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 09:49 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 09:49 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 09:49 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 09:49 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 09:49 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 09:49 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 09:49 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 09:49 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 09:49 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-11 12:58 - 2013-06-11 12:58 - 00000826 ____A C:\Users\late\Downloads\No smoke-7901-1-0.rar 2013-06-11 12:43 - 2013-06-11 12:44 - 00267247 ____A C:\Users\late\Downloads\Deutsche_Wegweiser.7z 2013-06-10 14:40 - 2013-06-28 23:56 - 00000000 ____D C:\Users\late\Documents\Nexus Mod Manager 2013-06-10 14:40 - 2013-06-13 08:55 - 00000000 ____D C:\Program Files\Nexus Mod Manager 2013-06-10 14:40 - 2013-06-10 14:40 - 00000000 ____D C:\Users\late\AppData\Local\Black_Tree_Gaming 2013-06-10 14:39 - 2013-06-10 14:39 - 04051915 ____A (Black Tree Gaming ) C:\Users\late\Downloads\Nexus Mod Manager-0.44.13.exe 2013-06-10 08:17 - 2013-06-10 08:17 - 00000000 ____D C:\Users\late\Downloads\skse_1_06_15 2013-06-09 22:30 - 2013-06-09 22:30 - 00469828 ____A C:\Users\late\Downloads\skse_1_06_15.7z 2013-06-09 16:38 - 2013-06-09 16:40 - 162923397 ____A (Robotronic Games, LLC ) C:\Users\late\Downloads\GnomoriaDemoSetup.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00000000 ____D C:\Users\late\Downloads\magicmaker v0.7.4 2013-06-08 20:52 - 2013-06-08 20:53 - 81063282 ____A C:\Users\late\Downloads\magicmaker v0.7.4.zip ==================== One Month Modified Files and Folders ======= 2013-07-04 11:37 - 2013-07-04 11:37 - 00000000 ____D C:\FRST 2013-07-04 11:36 - 2013-07-04 11:36 - 01934636 ____A (Farbar) C:\Users\late\Downloads\FRST64.exe 2013-07-04 11:13 - 2012-03-31 14:06 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-04 11:03 - 2013-07-04 10:36 - 00091208 ____A C:\Users\late\Downloads\Extras.Txt 2013-07-04 11:02 - 2013-07-04 11:02 - 00000094 ___AH C:\Users\late\Desktop\.~lock.JRT.txt# 2013-07-04 11:02 - 2013-07-04 10:36 - 00101214 ____A C:\Users\late\Downloads\OTL.Txt 2013-07-04 10:57 - 2010-04-20 16:38 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-04 10:44 - 2013-01-19 20:02 - 00000000 ____D C:\Users\late\AppData\Local\PMB Files 2013-07-04 10:43 - 2013-02-04 21:30 - 00000000 ____D C:\Program Files (x86)\Steam 2013-07-04 10:25 - 2013-07-04 10:25 - 00602112 ____A (OldTimer Tools) C:\Users\late\Downloads\OTL.exe 2013-07-04 10:22 - 2013-07-04 10:22 - 00001911 ____A C:\Users\late\Desktop\JRT.txt 2013-07-04 10:20 - 2009-07-14 06:45 - 00015568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-04 10:20 - 2009-07-14 06:45 - 00015568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-04 10:18 - 2013-07-04 10:18 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\late\Downloads\JRT.exe 2013-07-04 10:18 - 2013-07-04 10:18 - 00000000 ____D C:\Windows\ERUNT 2013-07-04 10:18 - 2013-07-04 10:18 - 00000000 ____D C:\JRT 2013-07-04 10:17 - 2010-08-26 20:42 - 01805293 ____A C:\Windows\WindowsUpdate.log 2013-07-04 10:13 - 2013-07-04 09:25 - 00000112 ____A C:\Windows\setupact.log 2013-07-04 10:13 - 2012-04-21 13:28 - 00017984 ____A C:\Windows\PFRO.log 2013-07-04 10:13 - 2010-04-20 16:38 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-04 10:13 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-04 10:12 - 2013-07-04 10:11 - 00006703 ____A C:\AdwCleaner[S1].txt 2013-07-04 10:10 - 2013-07-04 10:10 - 00006863 ____A C:\AdwCleaner[R1].txt 2013-07-04 10:10 - 2013-07-04 10:10 - 00000094 ___AH C:\.~lock.AdwCleaner[R1].txt# 2013-07-04 10:08 - 2013-07-04 10:08 - 00650027 ____A C:\Users\late\Downloads\adwcleaner.exe 2013-07-04 09:58 - 2013-07-04 09:58 - 00000000 ____D C:\Users\late\AppData\Roaming\Malwarebytes 2013-07-04 09:57 - 2013-07-04 09:57 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-04 09:37 - 2013-07-04 09:37 - 00259584 ____A (OldTimer Tools) C:\Users\late\Desktop\OTH.scr 2013-07-04 00:09 - 2013-06-14 17:32 - 00000000 __SHD C:\Users\late\wc 2013-07-03 18:25 - 2010-04-20 16:40 - 00000000 ____D C:\Users\late\AppData\Roaming\Skype 2013-07-03 01:16 - 2013-07-03 01:16 - 03322804 ____A C:\Users\late\Downloads\lbreakout2-2.5.1-win32.zip 2013-07-03 01:16 - 2013-07-03 01:16 - 00000000 ____D C:\Users\late\Downloads\lbreakout2-2.5.1-win32 2013-07-03 01:16 - 2013-07-03 01:15 - 00525584 ____A C:\Users\late\Downloads\Setup (1).exe 2013-07-03 01:12 - 2013-07-03 01:12 - 00393040 ____A (Softonic ) C:\Users\late\Downloads\SoftonicDownloader_fuer_dx-ball-2.exe 2013-07-03 01:02 - 2013-07-03 01:02 - 00163352 ____A () C:\Users\late\Downloads\block130zip_downloader_by_CaimanFreeGames (1).exe 2013-07-03 01:02 - 2010-04-19 21:50 - 00000000 ____D C:\users\late 2013-07-03 01:01 - 2013-07-03 01:01 - 00825158 ____A C:\Users\late\Downloads\aReaker_classic_fe.zip 2013-07-03 01:01 - 2013-07-03 01:01 - 00163352 ____A () C:\Users\late\Downloads\block130zip_downloader_by_CaimanFreeGames.exe 2013-06-30 17:24 - 2012-01-17 00:28 - 00000450 ___AH C:\Windows\Tasks\Norton Security Scan for late.job 2013-06-30 17:09 - 2012-09-24 10:13 - 00000000 ____D C:\Users\late\Desktop\shmaltz 2013-06-30 15:37 - 2012-09-24 22:41 - 00000000 ____D C:\Users\late\Desktop\shantel 2013-06-30 01:51 - 2013-06-30 01:52 - 00312232 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-06-30 01:51 - 2013-06-30 01:52 - 00189352 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-06-30 01:51 - 2013-06-30 01:52 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-06-30 01:51 - 2013-06-30 01:52 - 00108968 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll 2013-06-30 01:51 - 2012-09-05 11:50 - 01093032 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-06-30 01:51 - 2010-10-17 11:15 - 00972712 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-06-30 01:50 - 2013-06-30 01:48 - 23229256 ____A C:\Users\late\Downloads\vlc-2.0.7-win64.exe 2013-06-30 01:49 - 2013-06-30 01:48 - 36271144 ____A (Safer-Networking Ltd. ) C:\Users\late\Downloads\spybot-2.1.exe 2013-06-30 01:49 - 2013-06-30 01:48 - 33150376 ____A (Oracle Corporation) C:\Users\late\Downloads\jre-7u25-windows-x64 (1).exe 2013-06-30 01:49 - 2013-06-30 01:48 - 07044390 ____A C:\Users\late\Downloads\npp.6.3.3.Installer.exe 2013-06-30 01:48 - 2013-06-30 01:48 - 01491560 ____A (Skype Technologies S.A.) C:\Users\late\Downloads\SkypeSetup.exe 2013-06-30 01:48 - 2013-06-30 01:47 - 33150376 ____A (Oracle Corporation) C:\Users\late\Downloads\jre-7u25-windows-x64.exe 2013-06-29 00:05 - 2013-06-29 00:04 - 130098361 ____A C:\Users\late\Downloads\Skyrim_-_Directors_Cut-3.2-14026.7z 2013-06-29 00:02 - 2013-06-29 00:02 - 00266051 ____A C:\Users\late\Downloads\skse_1_06_16_installer.exe 2013-06-28 23:56 - 2013-06-10 14:40 - 00000000 ____D C:\Users\late\Documents\Nexus Mod Manager 2013-06-28 23:56 - 2011-12-01 00:20 - 00000000 ____D C:\Users\late\AppData\Local\Skyrim 2013-06-28 23:31 - 2011-10-28 18:27 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2013-06-28 23:31 - 2010-04-20 16:46 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2013-06-28 23:30 - 2010-04-20 16:45 - 00000000 ____D C:\Users\late\AppData\Roaming\HpUpdate 2013-06-28 23:30 - 2010-04-20 16:45 - 00000000 ____D C:\Users\late\AppData\Roaming\HP Support Assistant 2013-06-15 10:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-06-14 17:45 - 2013-06-14 17:32 - 00000000 ____D C:\Users\late\AppData\Local\Ubisoft 2013-06-14 17:32 - 2013-06-14 17:32 - 00000000 ____D C:\Users\late\AppData\Roaming\Ubisoft 2013-06-14 17:32 - 2013-06-03 23:03 - 00000000 __SHD C:\Users\late\AppData\Roaming\wyUpdate AU 2013-06-14 17:31 - 2013-06-14 17:31 - 07305352 ____A (Ubisoft) C:\Users\late\Downloads\setup.exe 2013-06-13 16:31 - 2013-02-22 22:17 - 00000000 ____D C:\Program Files (x86)\JDownloader 2013-06-13 08:57 - 2013-06-13 08:57 - 00469828 ____A C:\Users\late\Downloads\skse_1_06_15 (1).7z 2013-06-13 08:57 - 2013-06-13 08:57 - 00000000 ____D C:\Users\late\Downloads\skse_1_06_15 (1) 2013-06-13 08:55 - 2013-06-10 14:40 - 00000000 ____D C:\Program Files\Nexus Mod Manager 2013-06-12 22:37 - 2013-06-12 22:31 - 115012431 ____A C:\Users\late\Downloads\Skyrim_-_Directors_Cut-3.1.1-14026.7z 2013-06-12 21:14 - 2013-06-12 21:14 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2013-06-12 21:14 - 2012-03-31 14:06 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 21:14 - 2011-05-16 18:47 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-12 13:07 - 2010-04-19 22:07 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-11 12:58 - 2013-06-11 12:58 - 00000826 ____A C:\Users\late\Downloads\No smoke-7901-1-0.rar 2013-06-11 12:44 - 2013-06-11 12:43 - 00267247 ____A C:\Users\late\Downloads\Deutsche_Wegweiser.7z 2013-06-10 14:41 - 2012-10-01 20:20 - 00000000 ____D C:\Games 2013-06-10 14:40 - 2013-06-10 14:40 - 00000000 ____D C:\Users\late\AppData\Local\Black_Tree_Gaming 2013-06-10 14:39 - 2013-06-10 14:39 - 04051915 ____A (Black Tree Gaming ) C:\Users\late\Downloads\Nexus Mod Manager-0.44.13.exe 2013-06-10 08:17 - 2013-06-10 08:17 - 00000000 ____D C:\Users\late\Downloads\skse_1_06_15 2013-06-09 22:40 - 2012-09-21 00:15 - 00000000 ____D C:\Users\late\Documents\My Games 2013-06-09 22:30 - 2013-06-09 22:30 - 00469828 ____A C:\Users\late\Downloads\skse_1_06_15.7z 2013-06-09 16:40 - 2013-06-09 16:38 - 162923397 ____A (Robotronic Games, LLC ) C:\Users\late\Downloads\GnomoriaDemoSetup.exe 2013-06-08 21:02 - 2013-06-08 21:02 - 00000000 ____D C:\Users\late\Downloads\magicmaker v0.7.4 2013-06-08 20:53 - 2013-06-08 20:52 - 81063282 ____A C:\Users\late\Downloads\magicmaker v0.7.4.zip 2013-06-08 16:08 - 2013-06-15 16:44 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 16:07 - 2013-06-15 16:44 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 16:06 - 2013-06-15 16:44 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 16:06 - 2013-06-15 16:44 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 16:06 - 2013-06-15 16:44 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 14:28 - 2013-06-15 16:44 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 13:42 - 2013-06-15 16:44 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 13:40 - 2013-06-15 16:44 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 13:40 - 2013-06-15 16:44 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 13:40 - 2013-06-15 16:44 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 13:40 - 2013-06-15 16:44 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 13:13 - 2013-06-15 16:44 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-04 20:52 - 2012-03-02 15:52 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForLATE-PC$.job ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-03 00:46 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2013 Ran by late at 2013-07-04 11:37:55 Running from C:\Users\late\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= µTorrent (x32 Version: 2.0.4) 7-Zip 4.65 (x64 edition) (Version: 4.65.00.0) Adobe AIR (x32 Version: 3.6.0.5970) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Reader XI (11.0.03) (x32 Version: 11.0.03) AMD Accelerated Video Transcoding (Version: 12.5.100.21219) AMD APP SDK Runtime (Version: 10.0.1084.4) AMD Catalyst Install Manager (Version: 8.0.903.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Media Foundation Decoders (Version: 1.0.71219.1540) ATI AVIVO64 Codecs (Version: 9.15.0.20713) Audacity 1.2.6 (x32) Audiograbber 1.83 SE (x32 Version: 1.83 SE ) Audiograbber MP3-Plugin (64 bit) (x32 Version: 1.0) avast! Free Antivirus (x32 Version: 7.0.1466.0) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center (x32 Version: 2012.1219.1521.27485) Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485) Catalyst Control Center InstallProxy (x32 Version: 2009.1201.2247.40849) Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485) Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485) CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485) CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485) CCC Help Czech (x32 Version: 2012.1219.1520.27485) CCC Help Danish (x32 Version: 2012.1219.1520.27485) CCC Help Dutch (x32 Version: 2012.1219.1520.27485) CCC Help English (x32 Version: 2012.1219.1520.27485) CCC Help Finnish (x32 Version: 2012.1219.1520.27485) CCC Help French (x32 Version: 2012.1219.1520.27485) CCC Help German (x32 Version: 2012.1219.1520.27485) CCC Help Greek (x32 Version: 2012.1219.1520.27485) CCC Help Hungarian (x32 Version: 2012.1219.1520.27485) CCC Help Italian (x32 Version: 2012.1219.1520.27485) CCC Help Japanese (x32 Version: 2012.1219.1520.27485) CCC Help Korean (x32 Version: 2012.1219.1520.27485) CCC Help Norwegian (x32 Version: 2012.1219.1520.27485) CCC Help Polish (x32 Version: 2012.1219.1520.27485) CCC Help Portuguese (x32 Version: 2012.1219.1520.27485) CCC Help Russian (x32 Version: 2012.1219.1520.27485) CCC Help Spanish (x32 Version: 2012.1219.1520.27485) CCC Help Swedish (x32 Version: 2012.1219.1520.27485) CCC Help Thai (x32 Version: 2012.1219.1520.27485) CCC Help Turkish (x32 Version: 2012.1219.1520.27485) ccc-utility64 (Version: 2012.1219.1521.27485) CDBurnerXP (x32 Version: 4.5.1.3868) Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000) Crusader Kings II (x32) DAEMON Tools Lite (x32 Version: 4.46.1.0328) Deus Ex: Game of the Year Edition (x32) Deus Ex: Human Revolution - The Missing Link (x32) Deus Ex: Human Revolution (x32) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904) Dragon Age: Origins - Ultimate Edition (x32) Duel of Champions (x32) DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224) Explorer Suite III Fallout (x32) FileHippo.com Update Checker (x32) Fraps (x32) Free YouTube to MP3 Converter version 3.12.2.430 (x32 Version: 3.12.2.430) Fritz 12 (x32 Version: 12.0.0) FTL: Faster Than Light (x32) GameSpy Arcade (x32) GEAR driver installer 4.019 (x32 Version: 4.019.1) Google Chrome (x32 Version: 27.0.1453.116) Google Earth (x32 Version: 7.0.3.8542) Google Update Helper (x32 Version: 1.3.21.149) Hardwarediagnosetools (Version: 6.0.5247.34) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000) HP Customer Experience Enhancements (x32 Version: 6.0.1.3) HP MediaSmart DVD (x32 Version: 3.1.3317) HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3601) HP MediaSmart SmartMenu (Version: 3.1.0.1) HP Odometer (x32 Version: 2.10.0000) HP Product Detection (x32 Version: 11.14.0001) HP Remote Solution (x32 Version: 1.1.11.0) HP Remote Solution (x32 Version: 1.1.12.0) HP Setup (x32 Version: 1.2.3560.3170) HP Support Assistant (x32 Version: 7.0.39.15) HP Support Information (x32 Version: 10.1.0002) HP Update (x32 Version: 5.001.000.014) HydraVision (x32 Version: 4.2.180.0) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Rapid Storage Technology (x32 Version: 10.6.0.1002) IrfanView (remove only) (x32 Version: 4.35) Java 7 Update 15 (x32 Version: 7.0.150) Java 7 Update 25 (64-bit) (Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.0) JDownloader 0.9 (x32 Version: 0.9) Legend of Grimrock (x32) LightScribe System Software (x32 Version: 1.18.8.1) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322) Microsoft .NET Framework 1.1 (x32) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000) Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Works (x32 Version: 9.7.0621) Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0) Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0) Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0) Motorola Device Manager (x32 Version: 2.3.4) Motorola Device Software Update (x32 Version: 12.10.3002) Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0) Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) My Game Long Name MyTube BigPack 5 (x32 Version: 5.0.11.1206) Nexus Mod Manager (Version: 0.44.14) Notepad++ (x32 Version: 6.1.8) NVIDIA PhysX (x32 Version: 9.10.0224) OpenAL (x32) OpenOffice.org 3.4.1 (x32 Version: 3.41.9593) Pando Media Booster (x32 Version: 2.6.0.8) Philips Songbird (x32 Version: 3.1.1615 (1615)) PlayReady PC Runtime amd64 (Version: 1.3.0) PowerDirector (x32 Version: 7.0.3405) ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14) PuTTY version 0.60 (x32 Version: 0.60) Realtek Ethernet Controller Driver (x32 Version: 7.47.714.2011) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6196) Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30127) Recovery Manager (x32 Version: 5.5.2216) Samsung Kies (x32 Version: 2.0.0.11044_11) SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2300.0) Secunia PSI (3.0.0.6005) (x32 Version: 3.0.0.6005) Sid Meier's Civilization V (x32) Skype™ 6.1 (x32 Version: 6.1.129) Software Informer 1.2 Spybot - Search & Destroy (x32 Version: 2.0.12) Steam (x32 Version: 1.0.0.0) Sword of the Stars: The Pit (x32) The Binding of Isaac (x32) The Elder Scrolls V: Skyrim (x32) Tropico 4 (x32) Universe Sandbox (x32) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0) VLC media player 2.0.7 (Version: 2.0.7) Windows Live Sync (x32 Version: 14.0.8089.726) Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8) WinPcap 4.1.2 (x32 Version: 4.1.0.2001) WinRAR 4.20 (64-bit) (Version: 4.20.0) XCOM: Enemy Unknown (x32) ==================== Restore Points ========================= 15-06-2013 14:44:17 Windows Update 28-06-2013 19:26:42 Windows Update 29-06-2013 23:49:29 Installed Java 7 Update 25 (64-bit) 02-07-2013 15:19:12 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2012-11-27 20:36 - 00444974 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.123fporn.info 127.0.0.1 123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {0B574983-AA02-4365-8D2D-A62BC863771E} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-12-08] (Hewlett-Packard) Task: {0E2EE604-7D22-4538-8177-ED753ACAB610} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink) Task: {19F4B1DD-F667-4E03-A7B7-E1E29870666E} - System32\Tasks\{A5672A07-85AD-401E-BD70-B796EFD01BF8} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-01-08] (Skype Technologies S.A.) Task: {1E8363D1-460C-489A-900B-63C56903F0D7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {1EB4C342-A83E-4F08-AF6E-9075AAB65389} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.) Task: {2C05F584-8780-4C2D-887E-AF99DCC87852} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {3D375451-8945-46CF-82B1-07FCE39585CC} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-24] () Task: {3DB8DA09-2A42-43FF-8623-571357427F6B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {46EA35A5-51EA-46A5-9186-83C23B0626F8} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {47404217-3431-4476-93F0-F5654A50ADE2} - System32\Tasks\DVDAgent => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe No File Task: {4EF6E51A-CA3F-4186-BE5C-4FDD34076995} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe No File Task: {51D3E444-6940-4E76-B16D-842D0F8ACDC1} - System32\Tasks\{91B9412E-7DC0-42EA-9F06-B88A7B42A3A1} => C:\program files (x86)\google\chrome\application\chrome.exe [2013-06-15] (Google Inc.) Task: {541C6736-1DCB-43BA-886C-B386E3AEC211} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {5799A6D9-DE12-4329-AC81-CC9FF2DFF601} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe No File Task: {58B785BB-CA40-4A29-A6BC-61F33593CBEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-20] (Google Inc.) Task: {6198D2B9-1E6B-4F6D-84D3-EE0D81E2F463} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe No File Task: {76368964-D5CC-439A-A42D-D6C2929343A1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe No File Task: {7882189D-00CB-4CD2-86A2-7D42B19CA470} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-24] () Task: {84E19F9B-F137-4D25-BE35-0C54259A6767} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: {99A5CA83-AE90-41C0-869A-0AE2A14EAB6D} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] () Task: {9C81ED18-AC43-43EE-B617-5A30D4C6A10E} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.) Task: {A5E4FCDD-4AAF-48E8-AA19-6CCDC4A32501} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated) Task: {A8D2C619-0342-4840-9B39-8E45389DC38B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-46469986-3595555079-1423974608-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File Task: {B50E9BAA-72DB-4567-91D8-93A082365AC9} - System32\Tasks\Google Updater and Installer => C:\Users\late\AppData\Local\Google\Update\GoogleUpdate.exe No File Task: {C5CECD08-0498-4D3A-A136-AA9EBBC5533C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-20] (Google Inc.) Task: {D1C0AC0B-4C20-464F-BB9D-69069A7E7715} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-21] (AVAST Software) Task: {D2F0D1C7-C026-4A34-8E32-66E88690C22D} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-24] () Task: {D7B92426-5402-4AC8-A532-6BD0BA894045} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-46469986-3595555079-1423974608-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File Task: {DFE427D0-E344-4F8F-A071-A40B467C6A8C} - System32\Tasks\HPCeeScheduleForLATE-PC$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard) Task: {E653AA3B-53FC-4C02-885A-B487612CB806} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe No File Task: {F49B978F-F49E-4350-9DCC-7F207BE620CD} - System32\Tasks\Norton Security Scan for late => C:\PROGRA~2\NORTON~2\Engine\351~1.10\Nss.exe No File Task: {F7DA90D6-AFFC-450A-AEF8-BCFD7634C4C8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForLATE-PC$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\Norton Security Scan for late.job => C:\PROGRA~2\NORTON~2\Engine\351~1.10\Nss.exe Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/04/2013 10:25:24 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. System errors: ============= Microsoft Office Sessions: ========================= Error: (07/04/2013 10:25:24 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\late\Downloads\SoftonicDownloader_fuer_dx-ball-2.exe ==================== Memory info =========================== Percentage of memory in use: 68% Total physical RAM: 3959.08 MB Available physical RAM: 1237.86 MB Total Pagefile: 7916.34 MB Available Pagefile: 4301.86 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:918.4 GB) (Free:581.23 GB) NTFS (Disk=0 Partition=2) Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.02 GB) (Free:1.79 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=13 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
04.07.2013, 10:57 | #4 | |
/// the machine /// TB-Ausbilder | bizchoaching Pop Ups Probleme in allen Browsern? Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
04.07.2013, 11:22 | #5 |
| bizchoaching Pop Ups Hallo nach einem Neustart sind die Problem jetzt verschwunden. (hät ich ja auch mal früher machen können) Soll ich den Combofix trotzdem starten? Und die googleads hier sind "normale" werbung oder? sorry das ding hat mich jetzt paranoid gemacht.. |
04.07.2013, 12:32 | #6 |
/// the machine /// TB-Ausbilder | bizchoaching Pop Ups Beobachte das mal und melde dich wieder
__________________ --> bizchoaching Pop Ups |
04.07.2013, 19:25 | #7 |
| bizchoaching Pop Ups Alles bestens. Danke Schrauber! |
04.07.2013, 19:59 | #8 |
/// the machine /// TB-Ausbilder | bizchoaching Pop Ups Gern GEschehn Die Reihenfolge ist hier entscheidend.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu bizchoaching Pop Ups |
7-zip, adobe reader xi, application/pdf:, audiograbber, battle.net, bho, bizcoaching.info, black, browser, converter, desktop, error, fehler, firefox, flash player, google, google startseite, home, homepage, iexplore.exe, install.exe, installation, internet browser, league of legends, logfile, lyrics-pal, mozilla, nexus, plug-in, pop ups, programm, realtek, registrierungsdatenbank, registry, richtlinie, secunia psi, security, software, svchost.exe, usb, werbung, windows |