Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: bizchoaching Pop Ups

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.07.2013, 10:15   #1
kazi
 
bizchoaching Pop Ups - Standard

bizchoaching Pop Ups



Hallo habe die gleichen Probleme wie der Herr in diesem Thread http://www.trojaner-board.de/137576-...p-ups-etc.html ..
Also hab bizcoaching.info popups und Werbung auf der google startseite und wahrscheinlich mehr. Weiss allerdings nicht genau wie ich es mir eingefangen habe. Hab auch die ersten drei Schritte die dort beschrieben sind schon durchgeführt. (Ja ja ich weiss nichts selber unternehmen)
Ich hab noch ein Programm was als letztes installiert wurde und ich nicht kannte deinstalliert, hab Namen allerdings schon wieder vergessen

Hab immer noch Popups sonst wuerd ich ja nix schreiben

Hier die Logs:

Code:
ATTFilter
# AdwCleaner v2.304 - Datei am 04/07/2013 um 10:11:39 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : late - LATE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\late\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\searchplugins\mngr.xml
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\late\AppData\Local\Temp\avg@toolbar
Ordner Gelöscht : C:\Users\late\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\d2ded0b23aba43
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\d2ded0b23aba43
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Datei : C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\prefs.js

C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.116

Datei : C:\Users\late\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [6863 octets] - [04/07/2013 10:10:15]
AdwCleaner[S1].txt - [6594 octets] - [04/07/2013 10:11:39]

########## EOF - C:\AdwCleaner[S1].txt - [6654 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by late on 04.07.2013 at 10:18:41,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\Users\late\AppData\Roaming\software informer"
Successfully deleted: [Empty Folder] C:\Users\late\appdata\local\{2FCE9C38-A661-42DF-8D28-6E15200594C8}
Successfully deleted: [Empty Folder] C:\Users\late\appdata\local\{42447BDC-8712-4EE8-96A6-CA3342AE41E8}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.07.2013 at 10:22:02,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und

Code:
ATTFilter
OTL Extras logfile created on: 04.07.2013 10:58:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\late\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 32,79% Memory free
7,73 Gb Paging File | 4,44 Gb Available in Paging File | 57,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918,40 Gb Total Space | 581,35 Gb Free Space | 63,30% Space Free | Partition Type: NTFS
Drive D: | 13,02 Gb Total Space | 1,79 Gb Free Space | 13,78% Space Free | Partition Type: NTFS
 
Computer Name: LATE-PC | User Name: late | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-46469986-3595555079-1423974608-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1417D55D-557B-4073-9EF7-471A417CCD5B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1B56EB00-B5C3-4A00-B768-B8A693AF3ACD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1BC23196-8444-457D-BDD4-92B85EF1EF48}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1C87CACA-2DA5-4062-A4FD-A22783C099A9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2E571437-7EEC-439B-A1A3-BB9B80F31D3D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4751EFA3-9D36-4D5F-B004-439ADADD9817}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{48056410-80B8-425B-BF04-F6528CADADE5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{49E416FC-C83E-4D5E-B265-AA7E216A2B1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5F35C451-4193-48F1-80B8-B134A2CE3042}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6412612F-3C6A-47A3-A9B5-A58CA0974DF6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F839F0B-B07F-424C-AC20-50B2B23DBC23}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7995FB59-2956-4598-ADFB-D52BDF5ED880}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8AEB4432-9A4C-4827-99BE-FE3A474C72DB}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{8C3B5D62-498F-48FB-9856-7BF84EA7CEC3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{906FFDBF-E431-4DC1-98D3-4F1FE2C38306}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{91CAC28A-05FC-4202-AFB7-A1384CC91159}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{95256EA9-58BF-4503-9E43-605B5C3EA88A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9A5D5169-F00A-4839-8434-43A1F3C7F5D7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9E24E318-EB2A-4F35-8C04-41F8A427E139}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CCCAC745-F425-4DF7-BCC7-D3212E297EEC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DEC5489D-A294-4657-9EBA-FF49222AB5E4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E20EEACA-90EF-46F4-B472-899DB360FC73}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E992EE0F-95F3-473D-8E49-F19E75531597}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00874798-2A67-42A7-9990-AA13296F1D3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{00ADDC48-36ED-4D81-93BD-18B446195EBA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{03FF5DDA-A6F5-4B8B-8B08-F5C259BECAC6}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{095E31B1-A64E-403F-95FD-431C1F317B72}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{09B03B0C-ABE5-47B2-BC62-89EC442A0106}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0B028E56-06FC-4342-93F9-590666FD19EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{0EE98B2B-B1B0-4B09-8865-278DBEA92919}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0F9D9BA3-01FA-4E78-B31D-63348626F3FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe | 
"{134D6CA7-26A9-45FB-BC45-18599BFC9368}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{143C6114-88CF-4133-8C96-40D6D58D8297}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1DDB23EE-730A-4664-8F93-A7D11CE20A83}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{24A5F9BD-0D84-4A3A-9410-A6699398C40D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout\falloutw.exe | 
"{2B3A3261-355F-4CF4-875B-94FA85338F94}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe | 
"{2BADE59B-F8C4-4619-957B-7817E7E9C4F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe | 
"{2FEBB984-4F52-4B57-AD61-4FAB4221DA2C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{31B466B1-9041-4822-97F8-6979972CD24F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{356F5CDA-6E81-496E-8DEE-080ECA74E935}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | 
"{37D6F1A8-6A28-4112-B35D-9635E47B4C5C}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{3824F7DD-F48D-4A37-B9D8-9DB66AEB2E23}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the pit\thepit.exe | 
"{394FFD12-9ED3-4DB8-8D1A-72A66FB0CB1B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{3C72C537-F209-4592-8025-FA632B89C43B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4170C533-82BA-4258-B90A-7707CEC8F684}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\legend of grimrock\grimrock.exe | 
"{4342D585-5A52-482A-99E3-5D076D4F8D5C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{44128FBF-0B9D-4190-BFBB-FB10400AA9B6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{46B6A166-07A6-4B1A-AA9C-0D1CD17FA953}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{48DBE294-E618-48A1-A700-2BE55A3C6791}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4B5FAD53-43E9-4F13-BD0A-42B2213F509F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe | 
"{4BDE2388-9EB8-490E-AEAD-ECA00603DB77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4ED7E35B-E013-47E6-8CCD-5694BCBE474F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{4EF17BD3-A854-409C-A496-A99894411F45}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe | 
"{4FF56DD7-B5DE-4EB3-9709-C2E600F13B38}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{50037339-6742-4659-A48A-269397609F1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{5088BEDC-7C99-46D5-B378-6D8FCD8BB8D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tropico 4\tropico4.exe | 
"{5EE090ED-DB9B-403D-9344-C38AF8E0C2D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | 
"{64F33859-C3F6-49BE-9E6D-68CAA487A9FF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{67521968-07B3-4EB3-8984-9E55355D086B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{67CB26BE-3856-4106-9432-4CE0C4CDA959}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex\system\deusex.exe | 
"{68506D60-2585-4CC6-8DDD-15A7B4C4491F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{69F6F3DB-687D-46B8-AF7D-35144073D6E7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{6C5796C8-11C2-409E-B848-48A799E71A41}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crusader kings ii\ck2game.exe | 
"{6CAC4F45-931D-4D0C-9D9E-E1A461EF008A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe | 
"{720B9204-AB8E-4DA0-824B-83F262747ACE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{74633730-8B52-4515-B623-C2080DDF8B14}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{7604FEE2-4456-4257-A7A9-B890BC2F9A09}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\antichamber\binaries\win32\udk.exe | 
"{7988C40F-7087-4713-A894-40DDB2A1B53D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D4D48A3-BB3B-4C7D-B544-BE6C248ED6CA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{7DA93031-7926-43AB-BF6B-94F847B9AA1C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7F48AC76-9740-41EC-A874-4054148CF9BF}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{8194949A-66D1-48D4-8B58-97A301108EAC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | 
"{82AA3FC3-D056-4D17-AD79-744CDC5358AC}" = dir=in | app=%programfiles% (x86)\sega\football manager 2013\fm.exe | 
"{83A4276A-23A7-441A-8234-1B628F195838}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{89BC1EAB-35E4-42BB-837B-675858E85104}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\universe sandbox\universe sandbox.exe | 
"{8EA41676-235F-44D6-8814-CDB8C84EC678}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{9370974D-A10E-43CF-8156-DE88E0C01EED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{93CD813D-3094-4117-BA26-D4AAD52BCFF1}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{948CA4ED-C26C-4AA3-8016-A6FA37BE5EC4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{960A67F9-9DC4-45C3-A981-16DFE6D04DDD}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{979533DF-716D-4CFD-BC1E-6A384501B319}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{9831CF37-2E1C-4482-8807-48F46D35C593}" = protocol=6 | dir=out | app=system | 
"{9977F1BC-F91D-476A-B993-7669249DF00D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{9B5CFDA1-0B7E-475C-B626-1BAAB6494D75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A21E6E85-0714-4A20-B8AF-B32A0813C83C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A401DA4C-83B4-4683-B66A-1C3C3DFBA345}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\universe sandbox\universe sandbox.exe | 
"{A54CE7D1-828B-4FF7-A079-373191ED1E7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe | 
"{A68B60DC-A7F3-4081-986D-D208D5868D5B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{A9B72B5D-2B7A-4A19-BE48-3D78A71123DC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{ABB0577D-6244-41F1-999E-DACE0BC50DA3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{AC7907E0-3057-4D3D-A44C-027D6D17B473}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{ADE5B7CC-B85D-443C-9B9E-44B8193FF8B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the pit\thepit.exe | 
"{AFCC6C3E-699E-4D2D-9CAF-21D57292F489}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{B1263361-0D3C-47CF-B870-4CBD263B9CF6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B67AA928-B7F1-4370-81E1-5F24413F4169}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{BB71B453-4278-447B-9688-2D5130B6851E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe | 
"{BF7D529A-59E7-4081-A1BC-68947171F91E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe | 
"{C5D8B9A4-B4B3-4CC7-AD40-F8920A8066B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe | 
"{CE5E7F8F-687E-4CA2-AD84-0E58ABC8AA10}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{DD1A502A-0351-46DF-8E51-57345A51A5E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout\falloutw.exe | 
"{DEF9BBAA-133B-4D17-9CDB-A6D62520EF00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DFBAD9F6-3022-4239-958B-74B7B963D786}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E2C6B8C5-BB9F-439F-8A6F-AC37A2FD61B6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{EE45C002-768B-4EDD-B056-6BAD045B3EE3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{EE750074-63C7-40C9-A186-B8D39D95860F}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{EEF3A9B2-2CA0-4651-9E4D-0AE20269970F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F20AABF3-7336-4DBD-82D7-7C1869B4B37C}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{F486D61C-92B8-46C1-AC14-D7DE0DE9CD88}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F5F3B632-B353-4B41-B5DA-F8D42DC3304A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{F83EAD82-9685-40C8-8117-66E40CDD8891}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{FCDEF09D-D849-450D-B4AF-0101D87927DA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"TCP Query User{086ADA70-CB6F-4539-8877-6BF27C2BAFC3}C:\program files (x86)\sega\football manager 2012\fm.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sega\football manager 2012\fm.exe | 
"TCP Query User{1318DC40-F3D1-4927-9D48-E37016AE5199}C:\users\late\kag\kag.exe" = protocol=6 | dir=in | app=c:\users\late\kag\kag.exe | 
"TCP Query User{256C46E0-74F2-42C5-A015-9C05734E9A9E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{29CBC598-6B3E-4D91-A766-B7041D6436A8}C:\program files (x86)\innonics\wiggles\wiggles.exe" = protocol=6 | dir=in | app=c:\program files (x86)\innonics\wiggles\wiggles.exe | 
"TCP Query User{2E7D2F09-CA56-43B1-BBE6-95257F46F1D7}C:\users\late\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\late\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{871945F3-BCCA-4278-AE36-7628C4D92B20}C:\program files (x86)\freeorion\freeoriond.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freeorion\freeoriond.exe | 
"TCP Query User{8EE2298E-C7FA-4FF1-938D-1C69764E7217}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"TCP Query User{C2279EF2-4C0A-448C-9E86-A86A23828A96}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe | 
"TCP Query User{E3266EB0-44C2-4C58-AA54-1C69D31082EC}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 
"TCP Query User{E3511CFB-C9A6-4B2E-B3E7-882ADF150131}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{E415406F-8C63-42CC-814E-517AF6B5AA37}C:\users\late\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe" = protocol=6 | dir=in | app=c:\users\late\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe | 
"TCP Query User{F0339328-1D10-451F-B746-99DAF02D6473}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{F41F98D9-455E-4129-951D-B38C2D54CBA6}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe | 
"TCP Query User{FB005732-7218-4835-A40F-5ABDC1E8813E}C:\users\late\appdata\roaming\ubisoft\mmdoc-pdclive\gamedata\game.exe" = protocol=6 | dir=in | app=c:\users\late\appdata\roaming\ubisoft\mmdoc-pdclive\gamedata\game.exe | 
"UDP Query User{0E5E56E9-28B5-434C-A5CC-C79F0C35E53D}C:\program files (x86)\sega\football manager 2012\fm.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sega\football manager 2012\fm.exe | 
"UDP Query User{184565BF-518D-40AD-A534-EDBD43CB7579}C:\users\late\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\late\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{212EBC07-6078-49AC-A114-09D977C5D55F}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe | 
"UDP Query User{4D410784-CF84-4258-BB95-28B6D1BCD8B4}C:\users\late\kag\kag.exe" = protocol=17 | dir=in | app=c:\users\late\kag\kag.exe | 
"UDP Query User{6CB58FA2-5C34-416F-986C-699E66D1D13F}C:\users\late\appdata\roaming\ubisoft\mmdoc-pdclive\gamedata\game.exe" = protocol=17 | dir=in | app=c:\users\late\appdata\roaming\ubisoft\mmdoc-pdclive\gamedata\game.exe | 
"UDP Query User{72FA6FAA-43B5-4CD8-8D35-9EEE389B362E}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 
"UDP Query User{9237CEF9-41A4-4AA5-9BE7-A924FBA5A22E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{94A7B3CC-20FC-4D6F-87BE-89005532C8D3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{9545C8A1-EC2D-4AA2-B46A-E96F4B992EF9}C:\program files (x86)\freeorion\freeoriond.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freeorion\freeoriond.exe | 
"UDP Query User{996115C6-68F4-4493-8D43-740C7687656E}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe | 
"UDP Query User{BAC0A587-A3C4-4695-A97E-2100DE5D3E22}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe | 
"UDP Query User{D0FD8F5C-3F2C-41CA-9003-4332A1F709C9}C:\program files (x86)\innonics\wiggles\wiggles.exe" = protocol=17 | dir=in | app=c:\program files (x86)\innonics\wiggles\wiggles.exe | 
"UDP Query User{D2DAA131-972B-4E7A-AF5C-407FD37BC0F2}C:\users\late\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe" = protocol=17 | dir=in | app=c:\users\late\appdata\roaming\ubisoft\mmdoc-pdclive\launcher.exe | 
"UDP Query User{D4D3BC58-0879-44E7-91EB-6C5910B8943D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E7CCB76-687B-4C53-9A5E-08780AF3A551}" = Motorola Mobile Drivers Installation 5.9.0
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{A71060CF-81D0-EC17-2252-78CA0E96CCCF}" = AMD Drag and Drop Transcoding
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Explorer Suite_is1" = Explorer Suite III
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = Hardwarediagnosetools
"Software Informer_is1" = Software Informer 1.2
"UDK-01e0aa75-5152-4da4-8142-f70b1f32e004" = My Game Long Name
"VLC media player" = VLC media player 2.0.7
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{31B2FF31-41BA-5A5F-016A-CB78737C4EF8}" = HydraVision
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EEB72E4-2150-49F8-BC51-B63AF7B9E2F2}" = GEAR driver installer 4.019
"{81DE15C9-5390-4533-81DF-2DC936C1A40C}" = Motorola Device Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C3DF1C57-780A-DB9C-F30A-68EB45526761}" = Catalyst Control Center InstallProxy
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E04A4B52-7CF5-4B5A-0001-F5B55C390A4C}" = MyTube BigPack 5
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F6CCD38C-8298-4F7B-91C5-C8DED0B24E5A}" = Fritz 12
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin (64 bit)
"avast" = avast! Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"FileHippo.com" = FileHippo.com Update Checker
"Fraps" = Fraps
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"HP Remote Solution" = HP Remote Solution
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MMDoC-PDCLive" = Duel of Champions
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Philips Songbird" = Philips Songbird
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PuTTY_is1" = PuTTY version 0.60
"Secunia PSI" = Secunia PSI (3.0.0.6005)
"Steam App 113200" = The Binding of Isaac
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 203770" = Crusader Kings II
"Steam App 207170" = Legend of Grimrock
"Steam App 212680" = FTL: Faster Than Light
"Steam App 233700" = Sword of the Stars: The Pit
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 38400" = Fallout
"Steam App 47810" = Dragon Age: Origins - Ultimate Edition
"Steam App 57690" = Tropico 4
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 72200" = Universe Sandbox
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8930" = Sid Meier's Civilization V
"uTorrent" = µTorrent
"WinPcapInst" = WinPcap 4.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.07.2013 04:25:24 | Computer Name = late-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\late\Downloads\SoftonicDownloader_fuer_dx-ball-2.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
[ Hewlett-Packard Events ]
Error - 30.07.2012 13:32:26 | Computer Name = late-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 24.08.2012 07:44:45 | Computer Name = late-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 24.08.2012 07:44:59 | Computer Name = late-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 24.08.2012 07:45:59 | Computer Name = late-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 12.10.2012 10:54:59 | Computer Name = late-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HPSFConfigReader.ConfigHelper.loadXML()

   bei HPSFConfigReader.ConfigHelper..ctor()     bei HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
 isOnAppLoad)  Message: Eine Ausnahme vom Typ "System.Exception" wurde ausgelöst.  StackTrace:
   bei HPSFConfigReader.ConfigHelper.loadXML()     bei HPSFConfigReader.ConfigHelper..ctor()

   bei HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
 isOnAppLoad)  Source: HPSFConfigReader    Name: HPSF.exe  Version: 06.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE  RAM: 3959
Ram
 Utilization:   TargetSite: Void loadXML()  
 
Error - 12.10.2012 11:01:40 | Computer Name = late-PC | Source = hpsa_service.exe | ID = 2000
Description = 
 
Error - 12.10.2012 11:03:40 | Computer Name = late-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 12.10.2012 11:03:40 | Computer Name = late-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 12.10.2012 11:03:44 | Computer Name = late-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 08.12.2012 16:46:34 | Computer Name = late-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   bei HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.  StackTrace:   bei
 HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: de-DE  RAM: 3959
Ram
 Utilization: 30  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 04.07.2013 10:58:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\late\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 32,79% Memory free
7,73 Gb Paging File | 4,44 Gb Available in Paging File | 57,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918,40 Gb Total Space | 581,35 Gb Free Space | 63,30% Space Free | Partition Type: NTFS
Drive D: | 13,02 Gb Total Space | 1,79 Gb Free Space | 13,78% Space Free | Partition Type: NTFS
 
Computer Name: LATE-PC | User Name: late | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\late\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe ()
PRC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe ()
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\500a8ae2a5d27132d87ccac9f97b0069\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Motorola Device Manager) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe ()
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (PST Service) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys (Secunia)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (motusbdevice) -- C:\Windows\SysNative\drivers\motusbdevice.sys (Motorola Inc)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (GEARAspiWDM) -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{A1548837-F165-4013-A135-55030BFCBDE4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{A1548837-F165-4013-A135-55030BFCBDE4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\..\SearchScopes\{A1548837-F165-4013-A135-55030BFCBDE4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: ietab@ip.cn:1.98.20110322
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.14
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.95.20100933
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
 
[2010.08.27 20:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\late\AppData\Roaming\mozilla\Extensions
[2010.08.27 20:20:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\late\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.04 19:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\late\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2013.07.04 10:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\late\AppData\Roaming\mozilla\Firefox\Profiles\azkj9wli.default\extensions
[2012.03.31 18:29:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\late\AppData\Roaming\mozilla\Firefox\Profiles\azkj9wli.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.24 12:37:36 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\late\AppData\Roaming\mozilla\Firefox\Profiles\azkj9wli.default\extensions\ietab@ip.cn
[2010.11.01 09:42:27 | 000,000,000 | ---D | M] (refspoof) -- C:\Users\late\AppData\Roaming\mozilla\Firefox\Profiles\azkj9wli.default\extensions\refspoof@mozdev.org
[2012.04.26 22:25:03 | 000,523,274 | ---- | M] () (No name found) -- C:\Users\late\AppData\Roaming\mozilla\firefox\profiles\azkj9wli.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.04.26 22:19:25 | 000,061,109 | ---- | M] () (No name found) -- C:\Users\late\AppData\Roaming\mozilla\firefox\profiles\azkj9wli.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012.01.07 23:48:56 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\late\AppData\Roaming\mozilla\firefox\profiles\azkj9wli.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
File not found (No name found) -- C:\USERS\LATE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AZKJ9WLI.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[2012.04.21 13:55:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2006.08.09 12:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npWebLaunch.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\late\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: avast! WebRep = C:\Users\late\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Lyrics-Pal = C:\Users\late\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf\1.116_0\
 
O1 HOSTS File: ([2012.11.27 20:36:16 | 000,444,974 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15279 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001..\Run: [GoogleChromeAutoLaunch_A3A292FB551A28B0E4812C78C5FBFFBF] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\late\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012.02.26 22:39:30 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\late\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-46469986-3595555079-1423974608-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF031E93-0F60-46E9-B123-0E551FEB4C9C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cf0667b0-4ee6-11df-869d-406186c59e6a}\Shell - "" = AutoRun
O33 - MountPoints2\{cf0667b0-4ee6-11df-869d-406186c59e6a}\Shell\AutoRun\command - "" = L:\DE_Fallout_3_DLC.EXE
O33 - MountPoints2\{d0d1ef6c-4c86-11df-86dc-406186c59e6a}\Shell - "" = AutoRun
O33 - MountPoints2\{d0d1ef6c-4c86-11df-86dc-406186c59e6a}\Shell\AutoRun\command - "" = K:\Autorun.exe
O33 - MountPoints2\{ede10b62-7819-11e2-93fe-406186c59e6a}\Shell - "" = AutoRun
O33 - MountPoints2\{ede10b62-7819-11e2-93fe-406186c59e6a}\Shell\AutoRun\command - "" = I:\MotorolaDeviceManagerSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.04 10:18:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.07.04 10:18:29 | 000,000,000 | ---D | C] -- C:\JRT
[2013.07.04 09:58:16 | 000,000,000 | ---D | C] -- C:\Users\late\AppData\Roaming\Malwarebytes
[2013.07.04 09:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.04 09:37:25 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\late\Desktop\OTH.scr
[2013.07.03 01:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DX-Ball 2
[2013.07.03 01:02:33 | 000,000,000 | ---D | C] -- C:\Users\late\Local Settings
[2013.06.30 01:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.06.30 01:52:18 | 000,312,232 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.06.30 01:52:03 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.06.30 01:52:03 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.06.30 01:52:03 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.06.15 16:44:55 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.15 16:44:54 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.14 17:32:59 | 000,000,000 | ---D | C] -- C:\Users\late\AppData\Local\Ubisoft
[2013.06.14 17:32:57 | 000,000,000 | -HSD | C] -- C:\Users\late\wc
[2013.06.14 17:32:48 | 000,000,000 | ---D | C] -- C:\Users\late\AppData\Roaming\Ubisoft
[2013.06.14 17:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duel of Champions Launcher
[2013.06.12 21:14:23 | 009,089,416 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.06.12 13:07:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.12 13:07:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.12 13:07:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.12 13:07:27 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.12 13:07:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.12 13:07:27 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.12 13:07:27 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.12 13:07:27 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.12 13:07:26 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.12 13:07:25 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.12 13:07:24 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.12 13:07:24 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.12 13:07:23 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.12 09:49:34 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.12 09:49:33 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.12 09:49:30 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.12 09:49:29 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.12 09:49:29 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.12 09:49:27 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.12 09:49:26 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.12 09:49:26 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.10 14:40:18 | 000,000,000 | ---D | C] -- C:\Users\late\Documents\Nexus Mod Manager
[2013.06.10 14:40:18 | 000,000,000 | ---D | C] -- C:\Users\late\AppData\Local\Black_Tree_Gaming
[2013.06.10 14:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
[2013.06.10 14:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Mod Manager
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\late\*.tmp files -> C:\Users\late\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.04 10:57:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.04 10:20:45 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.04 10:20:45 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.04 10:13:37 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.04 10:13:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.04 09:37:30 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\late\Desktop\OTH.scr
[2013.07.04 03:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.30 17:24:49 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for late.job
[2013.06.30 01:51:59 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.06.30 01:51:58 | 000,312,232 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.06.30 01:51:58 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.06.30 01:51:58 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.06.30 01:51:57 | 001,093,032 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.06.30 01:51:57 | 000,972,712 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.06.12 21:14:30 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.12 21:14:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.12 21:14:23 | 009,089,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.04 20:52:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLATE-PC$.job
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\late\*.tmp files -> C:\Users\late\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.22 22:24:17 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2013.02.06 02:14:28 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.02.06 02:14:11 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013.02.06 02:13:51 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.09.30 23:55:12 | 000,007,602 | ---- | C] () -- C:\Users\late\AppData\Local\Resmon.ResmonCfg
[2012.09.24 10:27:16 | 000,000,234 | ---- | C] () -- C:\Users\late\.swfinfo
[2012.08.20 14:38:52 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.04.08 22:10:02 | 000,000,022 | ---- | C] () -- C:\Windows\WET.INI
[2011.12.29 19:41:49 | 000,000,233 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2011.11.29 10:28:22 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll
[2011.08.01 20:14:39 | 000,000,226 | ---- | C] () -- C:\Users\late\AppData\Roaming\burnaware.ini
[2011.07.02 10:40:14 | 000,001,854 | ---- | C] () -- C:\Users\late\AppData\Roaming\GhostObjGAFix.xml
[2011.05.30 20:56:38 | 000,307,200 | ---- | C] () -- C:\Users\late\jaudioMp3Win.tar
[2011.01.02 20:17:23 | 000,000,600 | ---- | C] () -- C:\Users\late\AppData\Local\PUTTY.RND
[2010.12.04 15:50:31 | 000,000,092 | ---- | C] () -- C:\Users\late\AppData\Local\fusioncache.dat
[2010.08.28 21:12:04 | 000,003,584 | ---- | C] () -- C:\Users\late\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.30 20:35:27 | 000,000,000 | ---- | C] () -- C:\Users\late\AppData\Roaming\chrtmp
[2010.06.20 22:21:24 | 000,000,008 | ---- | C] () -- C:\Users\late\AppData\Roaming\DofusAppId0_1
[2010.06.20 05:06:25 | 000,000,169 | ---- | C] () -- C:\Users\late\AppData\Roaming\D2Info0
[2010.06.20 05:06:25 | 000,000,008 | ---- | C] () -- C:\Users\late\AppData\Roaming\DofusAppId0_2
[2010.05.16 12:39:04 | 000,006,819 | ---- | C] () -- C:\Users\late\AppData\Roaming\.freeciv-client-rc-2.2
[2010.04.22 00:24:36 | 000,499,517 | ---- | C] () -- C:\Users\late\AppData\Local\tmpILLITE_TEMPLATE_BACK.JPG
[2010.04.22 00:24:36 | 000,471,616 | ---- | C] () -- C:\Users\late\AppData\Local\tmpILLITE_TEMPLATE_BACK.0
[2010.04.20 18:55:30 | 000,000,000 | ---- | C] () -- C:\Users\late\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.05.20 08:51:20 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\.freeciv
[2011.11.20 15:21:42 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\.minecraft
[2011.11.14 23:34:02 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\.minecraft server
[2012.09.13 10:12:57 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Academagia
[2010.06.20 05:06:42 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\app
[2010.10.30 11:53:18 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Canneverbe Limited
[2010.05.08 20:12:13 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\ChessBase
[2013.05.05 01:07:50 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\com.radialgames.MonsterLovesYou
[2010.12.29 11:21:41 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\crawl
[2012.05.06 02:05:25 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\DAEMON Tools Lite
[2012.09.24 12:26:26 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Downloaded Installations
[2013.05.07 01:33:25 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\DVDVideoSoft
[2012.09.24 10:07:53 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Engelmann Media
[2012.10.15 00:40:17 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\FreeOrion
[2012.09.24 10:09:49 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\HDX4 GmbH
[2012.09.24 10:17:30 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Iggels
[2010.08.06 19:35:35 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\IrfanView
[2012.12.16 07:24:33 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Kalypso Media
[2010.08.22 12:24:25 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Lionhead Studios
[2011.03.28 21:20:07 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\LolClient
[2010.09.19 17:37:09 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\LucasArts
[2013.02.17 17:01:54 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Motorola
[2013.02.17 17:03:45 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Motorola Mobility
[2011.03.05 18:04:52 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\NewsLeecher
[2012.10.09 18:39:52 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Notepad++
[2010.04.21 09:36:26 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\OpenOffice.org
[2010.08.04 19:59:34 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Philips-Songbird
[2012.12.02 15:47:36 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\PM2012
[2011.05.15 12:58:02 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\ProtectDISC
[2010.06.20 05:06:42 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
[2012.12.06 22:18:21 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\RenPy
[2011.05.03 21:03:46 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\runic games
[2011.06.10 18:06:11 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Samsung
[2012.12.01 01:40:34 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Sports Interactive
[2012.09.21 00:11:44 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Stardock
[2010.05.08 16:17:48 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\StoneLoopsWT
[2013.05.05 21:47:14 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Sword of the Stars - The Pit
[2013.06.03 23:03:13 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\System
[2011.04.17 12:29:56 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\temp
[2010.04.20 18:55:32 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Template
[2010.08.27 20:20:34 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Thunderbird
[2010.06.09 09:19:36 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Tific
[2013.01.15 01:14:24 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\To the Moon - Freebird Games
[2010.05.07 20:25:33 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Tropico 3
[2013.04.01 11:18:26 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Tropico 4
[2012.04.19 22:06:37 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\TuneUp Software
[2013.06.14 17:32:48 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Ubisoft
[2012.09.17 20:38:58 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\uqm
[2012.09.24 22:57:11 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\uTorrent
[2010.04.20 16:55:08 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\WinBatch
[2011.03.13 16:56:11 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\Windows Live Writer
[2013.06.14 17:32:55 | 000,000,000 | -HSD | M] -- C:\Users\late\AppData\Roaming\wyUpdate AU
[2012.09.04 10:28:39 | 000,000,000 | ---D | M] -- C:\Users\late\AppData\Roaming\_MDLogs
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 04.07.2013, 10:34   #2
schrauber
/// the machine
/// TB-Ausbilder
 

bizchoaching Pop Ups - Standard

bizchoaching Pop Ups



Hi,

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________

__________________

Alt 04.07.2013, 10:44   #3
kazi
 
bizchoaching Pop Ups - Standard

bizchoaching Pop Ups



Danke schonmal
Sind allerdings vom adwcleaner glaub ich virenscanner usw geschlossen oder sollte ich nochmal neustarten?


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by late (administrator) on 04-07-2013 11:37:32
Running from C:\Users\late\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(OldTimer Tools) C:\Users\late\Downloads\OTL.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background [307712 2012-11-23] (FileHippo.com)
HKCU\...\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3713032 2012-11-13] (Safer-Networking Ltd.)
HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-19] ()
HKCU\...\Run: [GoogleChromeAutoLaunch_A3A292FB551A28B0E4812C78C5FBFFBF] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window [825808 2013-06-15] (Google Inc.)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)
HKCU\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [393216 2010-09-07] (AMD)
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3674320 2013-01-08] (DT Soft Ltd)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: {cf0667b0-4ee6-11df-869d-406186c59e6a} - L:\DE_Fallout_3_DLC.EXE
MountPoints2: {d0d1ef6c-4c86-11df-86dc-406186c59e6a} - K:\Autorun.exe
MountPoints2: {ede10b62-7819-11e2-93fe-406186c59e6a} - I:\MotorolaDeviceManagerSetup.exe -a
HKLM-x32\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [x]
Startup: C:\ProgramData\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\late\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\late\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk.disabled
ShortcutTarget: OpenOffice.org 3.4.1.lnk.disabled -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\late\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
FF Extension: No Name - C:\Users\late\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\late\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: IE Tab Plus - C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\Extensions\ietab@ip.cn
FF Extension: refspoof - C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\Extensions\refspoof@mozdev.org
FF Extension: DownloadHelper - C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\Extensions\sfStatistics.xml
FF Extension: No Name - C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\Extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
FF Extension: No Name - C:\Users\late\AppData\Roaming\Mozilla\Firefox\Profiles\azkj9wli.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Free Studio) - C:\Users\late\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (avast! WebRep) - C:\Users\late\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0
CHR Extension: (Lyrics-Pal) - C:\Users\late\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf\1.116_0

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [44808 2012-08-21] (AVAST Software)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-24] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-07-22] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-21] (DT Soft Ltd)
R3 GEARAspiWDM; C:\Windows\SysWow64\Drivers\GEARAspiWDM.sys [15664 2010-04-12] (GEAR Software Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-07-22] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-02-07] (Secunia)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-11-27] (Duplex Secure Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [15672 2012-04-21] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-04 11:37 - 2013-07-04 11:37 - 00000000 ____D C:\FRST
2013-07-04 11:36 - 2013-07-04 11:36 - 01934636 ____A (Farbar) C:\Users\late\Downloads\FRST64.exe
2013-07-04 11:02 - 2013-07-04 11:02 - 00000094 ___AH C:\Users\late\Desktop\.~lock.JRT.txt#
2013-07-04 10:36 - 2013-07-04 11:03 - 00091208 ____A C:\Users\late\Downloads\Extras.Txt
2013-07-04 10:36 - 2013-07-04 11:02 - 00101214 ____A C:\Users\late\Downloads\OTL.Txt
2013-07-04 10:25 - 2013-07-04 10:25 - 00602112 ____A (OldTimer Tools) C:\Users\late\Downloads\OTL.exe
2013-07-04 10:22 - 2013-07-04 10:22 - 00001911 ____A C:\Users\late\Desktop\JRT.txt
2013-07-04 10:18 - 2013-07-04 10:18 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\late\Downloads\JRT.exe
2013-07-04 10:18 - 2013-07-04 10:18 - 00000000 ____D C:\Windows\ERUNT
2013-07-04 10:18 - 2013-07-04 10:18 - 00000000 ____D C:\JRT
2013-07-04 10:11 - 2013-07-04 10:12 - 00006703 ____A C:\AdwCleaner[S1].txt
2013-07-04 10:10 - 2013-07-04 10:10 - 00006863 ____A C:\AdwCleaner[R1].txt
2013-07-04 10:10 - 2013-07-04 10:10 - 00000094 ___AH C:\.~lock.AdwCleaner[R1].txt#
2013-07-04 10:08 - 2013-07-04 10:08 - 00650027 ____A C:\Users\late\Downloads\adwcleaner.exe
2013-07-04 09:58 - 2013-07-04 09:58 - 00000000 ____D C:\Users\late\AppData\Roaming\Malwarebytes
2013-07-04 09:57 - 2013-07-04 09:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-04 09:37 - 2013-07-04 09:37 - 00259584 ____A (OldTimer Tools) C:\Users\late\Desktop\OTH.scr
2013-07-04 09:25 - 2013-07-04 10:13 - 00000112 ____A C:\Windows\setupact.log
2013-07-03 01:16 - 2013-07-03 01:16 - 03322804 ____A C:\Users\late\Downloads\lbreakout2-2.5.1-win32.zip
2013-07-03 01:16 - 2013-07-03 01:16 - 00000000 ____D C:\Users\late\Downloads\lbreakout2-2.5.1-win32
2013-07-03 01:15 - 2013-07-03 01:16 - 00525584 ____A C:\Users\late\Downloads\Setup (1).exe
2013-07-03 01:12 - 2013-07-03 01:12 - 00393040 ____A (Softonic                                        ) C:\Users\late\Downloads\SoftonicDownloader_fuer_dx-ball-2.exe
2013-07-03 01:02 - 2013-07-03 01:02 - 00163352 ____A () C:\Users\late\Downloads\block130zip_downloader_by_CaimanFreeGames (1).exe
2013-07-03 01:01 - 2013-07-03 01:01 - 00825158 ____A C:\Users\late\Downloads\aReaker_classic_fe.zip
2013-07-03 01:01 - 2013-07-03 01:01 - 00163352 ____A () C:\Users\late\Downloads\block130zip_downloader_by_CaimanFreeGames.exe
2013-06-30 01:52 - 2013-06-30 01:51 - 00312232 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-30 01:52 - 2013-06-30 01:51 - 00189352 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-30 01:52 - 2013-06-30 01:51 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-30 01:52 - 2013-06-30 01:51 - 00108968 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-30 01:48 - 2013-06-30 01:50 - 23229256 ____A C:\Users\late\Downloads\vlc-2.0.7-win64.exe
2013-06-30 01:48 - 2013-06-30 01:49 - 36271144 ____A (Safer-Networking Ltd.                                       ) C:\Users\late\Downloads\spybot-2.1.exe
2013-06-30 01:48 - 2013-06-30 01:49 - 33150376 ____A (Oracle Corporation) C:\Users\late\Downloads\jre-7u25-windows-x64 (1).exe
2013-06-30 01:48 - 2013-06-30 01:49 - 07044390 ____A C:\Users\late\Downloads\npp.6.3.3.Installer.exe
2013-06-30 01:48 - 2013-06-30 01:48 - 01491560 ____A (Skype Technologies S.A.) C:\Users\late\Downloads\SkypeSetup.exe
2013-06-30 01:47 - 2013-06-30 01:48 - 33150376 ____A (Oracle Corporation) C:\Users\late\Downloads\jre-7u25-windows-x64.exe
2013-06-29 00:04 - 2013-06-29 00:05 - 130098361 ____A C:\Users\late\Downloads\Skyrim_-_Directors_Cut-3.2-14026.7z
2013-06-29 00:02 - 2013-06-29 00:02 - 00266051 ____A C:\Users\late\Downloads\skse_1_06_16_installer.exe
2013-06-15 16:44 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 16:44 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 16:44 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 16:44 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 16:44 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 16:44 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 16:44 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 16:44 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 16:44 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 16:44 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 16:44 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 16:44 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 17:32 - 2013-07-04 00:09 - 00000000 __SHD C:\Users\late\wc
2013-06-14 17:32 - 2013-06-14 17:45 - 00000000 ____D C:\Users\late\AppData\Local\Ubisoft
2013-06-14 17:32 - 2013-06-14 17:32 - 00000000 ____D C:\Users\late\AppData\Roaming\Ubisoft
2013-06-14 17:31 - 2013-06-14 17:31 - 07305352 ____A (Ubisoft) C:\Users\late\Downloads\setup.exe
2013-06-13 08:57 - 2013-06-13 08:57 - 00469828 ____A C:\Users\late\Downloads\skse_1_06_15 (1).7z
2013-06-13 08:57 - 2013-06-13 08:57 - 00000000 ____D C:\Users\late\Downloads\skse_1_06_15 (1)
2013-06-12 22:31 - 2013-06-12 22:37 - 115012431 ____A C:\Users\late\Downloads\Skyrim_-_Directors_Cut-3.1.1-14026.7z
2013-06-12 21:14 - 2013-06-12 21:14 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 13:07 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 13:07 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 13:07 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 13:07 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 13:07 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 13:07 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 13:07 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 13:07 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 13:07 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 13:07 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 13:07 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 13:07 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 13:07 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 13:07 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 13:07 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 13:07 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 13:07 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 13:07 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 13:07 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 09:49 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 09:49 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 09:49 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 09:49 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 09:49 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 09:49 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 09:49 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 09:49 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 09:49 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 09:49 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 09:49 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 09:49 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 09:49 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-11 12:58 - 2013-06-11 12:58 - 00000826 ____A C:\Users\late\Downloads\No smoke-7901-1-0.rar
2013-06-11 12:43 - 2013-06-11 12:44 - 00267247 ____A C:\Users\late\Downloads\Deutsche_Wegweiser.7z
2013-06-10 14:40 - 2013-06-28 23:56 - 00000000 ____D C:\Users\late\Documents\Nexus Mod Manager
2013-06-10 14:40 - 2013-06-13 08:55 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2013-06-10 14:40 - 2013-06-10 14:40 - 00000000 ____D C:\Users\late\AppData\Local\Black_Tree_Gaming
2013-06-10 14:39 - 2013-06-10 14:39 - 04051915 ____A (Black Tree Gaming                                           ) C:\Users\late\Downloads\Nexus Mod Manager-0.44.13.exe
2013-06-10 08:17 - 2013-06-10 08:17 - 00000000 ____D C:\Users\late\Downloads\skse_1_06_15
2013-06-09 22:30 - 2013-06-09 22:30 - 00469828 ____A C:\Users\late\Downloads\skse_1_06_15.7z
2013-06-09 16:38 - 2013-06-09 16:40 - 162923397 ____A (Robotronic Games, LLC                                       ) C:\Users\late\Downloads\GnomoriaDemoSetup.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00000000 ____D C:\Users\late\Downloads\magicmaker v0.7.4
2013-06-08 20:52 - 2013-06-08 20:53 - 81063282 ____A C:\Users\late\Downloads\magicmaker v0.7.4.zip

==================== One Month Modified Files and Folders =======

2013-07-04 11:37 - 2013-07-04 11:37 - 00000000 ____D C:\FRST
2013-07-04 11:36 - 2013-07-04 11:36 - 01934636 ____A (Farbar) C:\Users\late\Downloads\FRST64.exe
2013-07-04 11:13 - 2012-03-31 14:06 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-04 11:03 - 2013-07-04 10:36 - 00091208 ____A C:\Users\late\Downloads\Extras.Txt
2013-07-04 11:02 - 2013-07-04 11:02 - 00000094 ___AH C:\Users\late\Desktop\.~lock.JRT.txt#
2013-07-04 11:02 - 2013-07-04 10:36 - 00101214 ____A C:\Users\late\Downloads\OTL.Txt
2013-07-04 10:57 - 2010-04-20 16:38 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-04 10:44 - 2013-01-19 20:02 - 00000000 ____D C:\Users\late\AppData\Local\PMB Files
2013-07-04 10:43 - 2013-02-04 21:30 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-04 10:25 - 2013-07-04 10:25 - 00602112 ____A (OldTimer Tools) C:\Users\late\Downloads\OTL.exe
2013-07-04 10:22 - 2013-07-04 10:22 - 00001911 ____A C:\Users\late\Desktop\JRT.txt
2013-07-04 10:20 - 2009-07-14 06:45 - 00015568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-04 10:20 - 2009-07-14 06:45 - 00015568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-04 10:18 - 2013-07-04 10:18 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\late\Downloads\JRT.exe
2013-07-04 10:18 - 2013-07-04 10:18 - 00000000 ____D C:\Windows\ERUNT
2013-07-04 10:18 - 2013-07-04 10:18 - 00000000 ____D C:\JRT
2013-07-04 10:17 - 2010-08-26 20:42 - 01805293 ____A C:\Windows\WindowsUpdate.log
2013-07-04 10:13 - 2013-07-04 09:25 - 00000112 ____A C:\Windows\setupact.log
2013-07-04 10:13 - 2012-04-21 13:28 - 00017984 ____A C:\Windows\PFRO.log
2013-07-04 10:13 - 2010-04-20 16:38 - 00001102 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-04 10:13 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-04 10:12 - 2013-07-04 10:11 - 00006703 ____A C:\AdwCleaner[S1].txt
2013-07-04 10:10 - 2013-07-04 10:10 - 00006863 ____A C:\AdwCleaner[R1].txt
2013-07-04 10:10 - 2013-07-04 10:10 - 00000094 ___AH C:\.~lock.AdwCleaner[R1].txt#
2013-07-04 10:08 - 2013-07-04 10:08 - 00650027 ____A C:\Users\late\Downloads\adwcleaner.exe
2013-07-04 09:58 - 2013-07-04 09:58 - 00000000 ____D C:\Users\late\AppData\Roaming\Malwarebytes
2013-07-04 09:57 - 2013-07-04 09:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-04 09:37 - 2013-07-04 09:37 - 00259584 ____A (OldTimer Tools) C:\Users\late\Desktop\OTH.scr
2013-07-04 00:09 - 2013-06-14 17:32 - 00000000 __SHD C:\Users\late\wc
2013-07-03 18:25 - 2010-04-20 16:40 - 00000000 ____D C:\Users\late\AppData\Roaming\Skype
2013-07-03 01:16 - 2013-07-03 01:16 - 03322804 ____A C:\Users\late\Downloads\lbreakout2-2.5.1-win32.zip
2013-07-03 01:16 - 2013-07-03 01:16 - 00000000 ____D C:\Users\late\Downloads\lbreakout2-2.5.1-win32
2013-07-03 01:16 - 2013-07-03 01:15 - 00525584 ____A C:\Users\late\Downloads\Setup (1).exe
2013-07-03 01:12 - 2013-07-03 01:12 - 00393040 ____A (Softonic                                        ) C:\Users\late\Downloads\SoftonicDownloader_fuer_dx-ball-2.exe
2013-07-03 01:02 - 2013-07-03 01:02 - 00163352 ____A () C:\Users\late\Downloads\block130zip_downloader_by_CaimanFreeGames (1).exe
2013-07-03 01:02 - 2010-04-19 21:50 - 00000000 ____D C:\users\late
2013-07-03 01:01 - 2013-07-03 01:01 - 00825158 ____A C:\Users\late\Downloads\aReaker_classic_fe.zip
2013-07-03 01:01 - 2013-07-03 01:01 - 00163352 ____A () C:\Users\late\Downloads\block130zip_downloader_by_CaimanFreeGames.exe
2013-06-30 17:24 - 2012-01-17 00:28 - 00000450 ___AH C:\Windows\Tasks\Norton Security Scan for late.job
2013-06-30 17:09 - 2012-09-24 10:13 - 00000000 ____D C:\Users\late\Desktop\shmaltz
2013-06-30 15:37 - 2012-09-24 22:41 - 00000000 ____D C:\Users\late\Desktop\shantel
2013-06-30 01:51 - 2013-06-30 01:52 - 00312232 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-06-30 01:51 - 2013-06-30 01:52 - 00189352 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-06-30 01:51 - 2013-06-30 01:52 - 00188840 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-06-30 01:51 - 2013-06-30 01:52 - 00108968 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-30 01:51 - 2012-09-05 11:50 - 01093032 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-06-30 01:51 - 2010-10-17 11:15 - 00972712 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-06-30 01:50 - 2013-06-30 01:48 - 23229256 ____A C:\Users\late\Downloads\vlc-2.0.7-win64.exe
2013-06-30 01:49 - 2013-06-30 01:48 - 36271144 ____A (Safer-Networking Ltd.                                       ) C:\Users\late\Downloads\spybot-2.1.exe
2013-06-30 01:49 - 2013-06-30 01:48 - 33150376 ____A (Oracle Corporation) C:\Users\late\Downloads\jre-7u25-windows-x64 (1).exe
2013-06-30 01:49 - 2013-06-30 01:48 - 07044390 ____A C:\Users\late\Downloads\npp.6.3.3.Installer.exe
2013-06-30 01:48 - 2013-06-30 01:48 - 01491560 ____A (Skype Technologies S.A.) C:\Users\late\Downloads\SkypeSetup.exe
2013-06-30 01:48 - 2013-06-30 01:47 - 33150376 ____A (Oracle Corporation) C:\Users\late\Downloads\jre-7u25-windows-x64.exe
2013-06-29 00:05 - 2013-06-29 00:04 - 130098361 ____A C:\Users\late\Downloads\Skyrim_-_Directors_Cut-3.2-14026.7z
2013-06-29 00:02 - 2013-06-29 00:02 - 00266051 ____A C:\Users\late\Downloads\skse_1_06_16_installer.exe
2013-06-28 23:56 - 2013-06-10 14:40 - 00000000 ____D C:\Users\late\Documents\Nexus Mod Manager
2013-06-28 23:56 - 2011-12-01 00:20 - 00000000 ____D C:\Users\late\AppData\Local\Skyrim
2013-06-28 23:31 - 2011-10-28 18:27 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-06-28 23:31 - 2010-04-20 16:46 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-06-28 23:30 - 2010-04-20 16:45 - 00000000 ____D C:\Users\late\AppData\Roaming\HpUpdate
2013-06-28 23:30 - 2010-04-20 16:45 - 00000000 ____D C:\Users\late\AppData\Roaming\HP Support Assistant
2013-06-15 10:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-14 17:45 - 2013-06-14 17:32 - 00000000 ____D C:\Users\late\AppData\Local\Ubisoft
2013-06-14 17:32 - 2013-06-14 17:32 - 00000000 ____D C:\Users\late\AppData\Roaming\Ubisoft
2013-06-14 17:32 - 2013-06-03 23:03 - 00000000 __SHD C:\Users\late\AppData\Roaming\wyUpdate AU
2013-06-14 17:31 - 2013-06-14 17:31 - 07305352 ____A (Ubisoft) C:\Users\late\Downloads\setup.exe
2013-06-13 16:31 - 2013-02-22 22:17 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-06-13 08:57 - 2013-06-13 08:57 - 00469828 ____A C:\Users\late\Downloads\skse_1_06_15 (1).7z
2013-06-13 08:57 - 2013-06-13 08:57 - 00000000 ____D C:\Users\late\Downloads\skse_1_06_15 (1)
2013-06-13 08:55 - 2013-06-10 14:40 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2013-06-12 22:37 - 2013-06-12 22:31 - 115012431 ____A C:\Users\late\Downloads\Skyrim_-_Directors_Cut-3.1.1-14026.7z
2013-06-12 21:14 - 2013-06-12 21:14 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 21:14 - 2012-03-31 14:06 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 21:14 - 2011-05-16 18:47 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 13:07 - 2010-04-19 22:07 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 12:58 - 2013-06-11 12:58 - 00000826 ____A C:\Users\late\Downloads\No smoke-7901-1-0.rar
2013-06-11 12:44 - 2013-06-11 12:43 - 00267247 ____A C:\Users\late\Downloads\Deutsche_Wegweiser.7z
2013-06-10 14:41 - 2012-10-01 20:20 - 00000000 ____D C:\Games
2013-06-10 14:40 - 2013-06-10 14:40 - 00000000 ____D C:\Users\late\AppData\Local\Black_Tree_Gaming
2013-06-10 14:39 - 2013-06-10 14:39 - 04051915 ____A (Black Tree Gaming                                           ) C:\Users\late\Downloads\Nexus Mod Manager-0.44.13.exe
2013-06-10 08:17 - 2013-06-10 08:17 - 00000000 ____D C:\Users\late\Downloads\skse_1_06_15
2013-06-09 22:40 - 2012-09-21 00:15 - 00000000 ____D C:\Users\late\Documents\My Games
2013-06-09 22:30 - 2013-06-09 22:30 - 00469828 ____A C:\Users\late\Downloads\skse_1_06_15.7z
2013-06-09 16:40 - 2013-06-09 16:38 - 162923397 ____A (Robotronic Games, LLC                                       ) C:\Users\late\Downloads\GnomoriaDemoSetup.exe
2013-06-08 21:02 - 2013-06-08 21:02 - 00000000 ____D C:\Users\late\Downloads\magicmaker v0.7.4
2013-06-08 20:53 - 2013-06-08 20:52 - 81063282 ____A C:\Users\late\Downloads\magicmaker v0.7.4.zip
2013-06-08 16:08 - 2013-06-15 16:44 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-15 16:44 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-15 16:44 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-15 16:44 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-15 16:44 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-15 16:44 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-15 16:44 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-15 16:44 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-15 16:44 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-15 16:44 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-15 16:44 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-15 16:44 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-04 20:52 - 2012-03-02 15:52 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForLATE-PC$.job

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-03 00:46

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2013
Ran by late at 2013-07-04 11:37:55
Running from C:\Users\late\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (x32 Version: 2.0.4)
7-Zip 4.65 (x64 edition) (Version: 4.65.00.0)
Adobe AIR (x32 Version: 3.6.0.5970)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
ATI AVIVO64 Codecs (Version: 9.15.0.20713)
Audacity 1.2.6 (x32)
Audiograbber 1.83 SE  (x32 Version: 1.83 SE )
Audiograbber MP3-Plugin (64 bit) (x32 Version: 1.0)
avast! Free Antivirus (x32 Version: 7.0.1466.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2009.1201.2247.40849)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
CDBurnerXP (x32 Version: 4.5.1.3868)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
Crusader Kings II (x32)
DAEMON Tools Lite (x32 Version: 4.46.1.0328)
Deus Ex: Game of the Year Edition (x32)
Deus Ex: Human Revolution - The Missing Link (x32)
Deus Ex: Human Revolution (x32)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)
Dragon Age: Origins - Ultimate Edition (x32)
Duel of Champions (x32)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224)
Explorer Suite III
Fallout (x32)
FileHippo.com Update Checker (x32)
Fraps (x32)
Free YouTube to MP3 Converter version 3.12.2.430 (x32 Version: 3.12.2.430)
Fritz 12 (x32 Version: 12.0.0)
FTL: Faster Than Light (x32)
GameSpy Arcade (x32)
GEAR driver installer 4.019 (x32 Version: 4.019.1)
Google Chrome (x32 Version: 27.0.1453.116)
Google Earth (x32 Version: 7.0.3.8542)
Google Update Helper (x32 Version: 1.3.21.149)
Hardwarediagnosetools (Version: 6.0.5247.34)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3)
HP MediaSmart DVD (x32 Version: 3.1.3317)
HP MediaSmart Music/Photo/Video (x32 Version: 3.1.3601)
HP MediaSmart SmartMenu (Version: 3.1.0.1)
HP Odometer (x32 Version: 2.10.0000)
HP Product Detection (x32 Version: 11.14.0001)
HP Remote Solution (x32 Version: 1.1.11.0)
HP Remote Solution (x32 Version: 1.1.12.0)
HP Setup (x32 Version: 1.2.3560.3170)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Support Information (x32 Version: 10.1.0002)
HP Update (x32 Version: 5.001.000.014)
HydraVision (x32 Version: 4.2.180.0)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Rapid Storage Technology (x32 Version: 10.6.0.1002)
IrfanView (remove only) (x32 Version: 4.35)
Java 7 Update 15 (x32 Version: 7.0.150)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.0)
JDownloader 0.9 (x32 Version: 0.9)
Legend of Grimrock (x32)
LightScribe System Software (x32 Version: 1.18.8.1)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0)
Motorola Device Manager (x32 Version: 2.3.4)
Motorola Device Software Update (x32 Version: 12.10.3002)
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
My Game Long Name
MyTube BigPack 5 (x32 Version: 5.0.11.1206)
Nexus Mod Manager (Version: 0.44.14)
Notepad++ (x32 Version: 6.1.8)
NVIDIA PhysX (x32 Version: 9.10.0224)
OpenAL (x32)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Pando Media Booster (x32 Version: 2.6.0.8)
Philips Songbird (x32 Version: 3.1.1615 (1615))
PlayReady PC Runtime amd64 (Version: 1.3.0)
PowerDirector (x32 Version: 7.0.3405)
ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14)
PuTTY version 0.60 (x32 Version: 0.60)
Realtek Ethernet Controller Driver (x32 Version: 7.47.714.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6196)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30127)
Recovery Manager (x32 Version: 5.5.2216)
Samsung Kies (x32 Version: 2.0.0.11044_11)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.2300.0)
Secunia PSI (3.0.0.6005) (x32 Version: 3.0.0.6005)
Sid Meier's Civilization V (x32)
Skype™ 6.1 (x32 Version: 6.1.129)
Software Informer 1.2
Spybot - Search & Destroy (x32 Version: 2.0.12)
Steam (x32 Version: 1.0.0.0)
Sword of the Stars: The Pit (x32)
The Binding of Isaac (x32)
The Elder Scrolls V: Skyrim (x32)
Tropico 4 (x32)
Universe Sandbox (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VLC media player 2.0.7 (Version: 2.0.7)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
XCOM: Enemy Unknown (x32)

==================== Restore Points  =========================

15-06-2013 14:44:17 Windows Update
28-06-2013 19:26:42 Windows Update
29-06-2013 23:49:29 Installed Java 7 Update 25 (64-bit)
02-07-2013 15:19:12 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2012-11-27 20:36 - 00444974 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	www.123fporn.info
127.0.0.1	123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0B574983-AA02-4365-8D2D-A62BC863771E} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2008-12-08] (Hewlett-Packard)
Task: {0E2EE604-7D22-4538-8177-ED753ACAB610} - System32\Tasks\CLMLSvc => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-12-01] (CyberLink)
Task: {19F4B1DD-F667-4E03-A7B7-E1E29870666E} - System32\Tasks\{A5672A07-85AD-401E-BD70-B796EFD01BF8} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-01-08] (Skype Technologies S.A.)
Task: {1E8363D1-460C-489A-900B-63C56903F0D7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {1EB4C342-A83E-4F08-AF6E-9075AAB65389} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {2C05F584-8780-4C2D-887E-AF99DCC87852} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {3D375451-8945-46CF-82B1-07FCE39585CC} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-24] ()
Task: {3DB8DA09-2A42-43FF-8623-571357427F6B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {46EA35A5-51EA-46A5-9186-83C23B0626F8} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {47404217-3431-4476-93F0-F5654A50ADE2} - System32\Tasks\DVDAgent => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe No File
Task: {4EF6E51A-CA3F-4186-BE5C-4FDD34076995} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe No File
Task: {51D3E444-6940-4E76-B16D-842D0F8ACDC1} - System32\Tasks\{91B9412E-7DC0-42EA-9F06-B88A7B42A3A1} => C:\program files (x86)\google\chrome\application\chrome.exe [2013-06-15] (Google Inc.)
Task: {541C6736-1DCB-43BA-886C-B386E3AEC211} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {5799A6D9-DE12-4329-AC81-CC9FF2DFF601} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe No File
Task: {58B785BB-CA40-4A29-A6BC-61F33593CBEC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-20] (Google Inc.)
Task: {6198D2B9-1E6B-4F6D-84D3-EE0D81E2F463} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe No File
Task: {76368964-D5CC-439A-A42D-D6C2929343A1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe No File
Task: {7882189D-00CB-4CD2-86A2-7D42B19CA470} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-24] ()
Task: {84E19F9B-F137-4D25-BE35-0C54259A6767} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {99A5CA83-AE90-41C0-869A-0AE2A14EAB6D} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {9C81ED18-AC43-43EE-B617-5A30D4C6A10E} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.)
Task: {A5E4FCDD-4AAF-48E8-AA19-6CCDC4A32501} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {A8D2C619-0342-4840-9B39-8E45389DC38B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-46469986-3595555079-1423974608-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File
Task: {B50E9BAA-72DB-4567-91D8-93A082365AC9} - System32\Tasks\Google Updater and Installer => C:\Users\late\AppData\Local\Google\Update\GoogleUpdate.exe No File
Task: {C5CECD08-0498-4D3A-A136-AA9EBBC5533C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-20] (Google Inc.)
Task: {D1C0AC0B-4C20-464F-BB9D-69069A7E7715} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-21] (AVAST Software)
Task: {D2F0D1C7-C026-4A34-8E32-66E88690C22D} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-24] ()
Task: {D7B92426-5402-4AC8-A532-6BD0BA894045} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-46469986-3595555079-1423974608-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File
Task: {DFE427D0-E344-4F8F-A071-A40B467C6A8C} - System32\Tasks\HPCeeScheduleForLATE-PC$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {E653AA3B-53FC-4C02-885A-B487612CB806} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe No File
Task: {F49B978F-F49E-4350-9DCC-7F207BE620CD} - System32\Tasks\Norton Security Scan for late => C:\PROGRA~2\NORTON~2\Engine\351~1.10\Nss.exe No File
Task: {F7DA90D6-AFFC-450A-AEF8-BCFD7634C4C8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLATE-PC$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for late.job => C:\PROGRA~2\NORTON~2\Engine\351~1.10\Nss.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2013 10:25:24 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (07/04/2013 10:25:24 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\late\Downloads\SoftonicDownloader_fuer_dx-ball-2.exe


==================== Memory info =========================== 

Percentage of memory in use: 68%
Total physical RAM: 3959.08 MB
Available physical RAM: 1237.86 MB
Total Pagefile: 7916.34 MB
Available Pagefile: 4301.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:918.4 GB) (Free:581.23 GB) NTFS (Disk=0 Partition=2)
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.02 GB) (Free:1.79 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 04.07.2013, 10:57   #4
schrauber
/// the machine
/// TB-Ausbilder
 

bizchoaching Pop Ups - Standard

bizchoaching Pop Ups



Probleme in allen Browsern?
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.07.2013, 11:22   #5
kazi
 
bizchoaching Pop Ups - Standard

bizchoaching Pop Ups



Hallo nach einem Neustart sind die Problem jetzt verschwunden. (hät ich ja auch mal früher machen können) Soll ich den Combofix trotzdem starten?
Und die googleads hier sind "normale" werbung oder? sorry das ding hat mich jetzt paranoid gemacht..


Alt 04.07.2013, 12:32   #6
schrauber
/// the machine
/// TB-Ausbilder
 

bizchoaching Pop Ups - Standard

bizchoaching Pop Ups



Beobachte das mal und melde dich wieder
__________________
--> bizchoaching Pop Ups

Alt 04.07.2013, 19:25   #7
kazi
 
bizchoaching Pop Ups - Standard

bizchoaching Pop Ups



Alles bestens. Danke Schrauber!

Alt 04.07.2013, 19:59   #8
schrauber
/// the machine
/// TB-Ausbilder
 

bizchoaching Pop Ups - Standard

bizchoaching Pop Ups



Gern GEschehn

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu bizchoaching Pop Ups
7-zip, adobe reader xi, application/pdf:, audiograbber, battle.net, bho, bizcoaching.info, black, browser, converter, desktop, error, fehler, firefox, flash player, google, google startseite, home, homepage, iexplore.exe, install.exe, installation, internet browser, league of legends, logfile, lyrics-pal, mozilla, nexus, pop ups, programm, realtek, registrierungsdatenbank, registry, richtlinie, secunia psi, security, software, svchost.exe, usb, werbung, windows




Zum Thema bizchoaching Pop Ups - Hallo habe die gleichen Probleme wie der Herr in diesem Thread http://www.trojaner-board.de/137576-...p-ups-etc.html .. Also hab bizcoaching.info popups und Werbung auf der google startseite und wahrscheinlich mehr. Weiss allerdings nicht genau - bizchoaching Pop Ups...
Archiv
Du betrachtest: bizchoaching Pop Ups auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.