Browser mocaflix Problem

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:17 on 06/06/2013 (****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

OTL logfile created on: 06.06.2013 19:18:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 44,45% Memory free
8,21 Gb Paging File | 5,17 Gb Available in Paging File | 63,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 327,54 Gb Total Space | 163,34 Gb Free Space | 49,87% Space Free | Partition Type: NTFS
Drive E: | 592,25 Gb Total Space | 496,37 Gb Free Space | 83,81% Space Free | Partition Type: NTFS
 
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.06 19:17:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Downloads\OTL.exe
PRC - [2013.05.31 14:28:40 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.26\deploy\LolClient.exe
PRC - [2013.05.31 14:02:30 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.164\deploy\LoLLauncher.exe
PRC - [2013.05.31 14:02:17 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2013.05.04 12:37:20 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.27 23:38:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.27 23:38:02 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\****\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.04.11 00:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2008.04.25 15:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files (x86)\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.31 14:24:08 | 004,774,248 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.26\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2013.05.31 14:02:30 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.164\deploy\LoLLauncher.exe
MOD - [2013.05.31 14:02:17 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2013.05.29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
MOD - [2013.05.29 07:27:37 | 013,136,336 | ---- | M] () -- C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
MOD - [2013.05.29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013.05.29 07:26:40 | 000,599,504 | ---- | M] () -- C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\libglesv2.dll
MOD - [2013.05.29 07:26:39 | 000,124,368 | ---- | M] () -- C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\libegl.dll
MOD - [2013.05.29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
MOD - [2013.05.27 07:05:04 | 000,156,160 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\Air.dll
MOD - [2013.05.27 06:10:48 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\Launcher.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.26 23:19:04 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Start_Pending] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
SRV - [2013.05.15 16:57:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.27 23:38:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.27 23:38:02 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.04.26 12:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2009.03.29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.04.25 15:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files (x86)\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.03.09 21:50:18 | 000,018,944 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.27 23:38:13 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.27 23:38:13 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.27 23:38:13 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.31 10:45:10 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2012.05.12 13:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 21:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.12.07 20:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.04.27 04:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010.04.27 04:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2010.04.27 04:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2008.02.22 19:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010.01.29 12:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005.03.09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\****\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\****\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.02.03 17:43:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2013.02.28 16:04:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\8zu5s3ea.default\extensions
[2013.02.14 07:33:54 | 000,002,376 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\8zu5s3ea.default\searchplugins\icq.xml
[2013.06.04 16:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions
[2013.05.26 23:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.26 23:19:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://websearch.mocaflix.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\****\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: AdBlock = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: ProxMate - Improve your Internet! = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.3.5_0\
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\****\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED0AD528-8918-45F6-A371-C5AAF664B1A4}: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8d8777ce-87f9-11e2-83fb-00242150365f}\Shell - "" = AutoRun
O33 - MountPoints2\{8d8777ce-87f9-11e2-83fb-00242150365f}\Shell\AutoRun\command - "" = L:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.06.06 19:18:26 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\logs
[2013.06.05 21:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.06.05 16:03:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2013.06.05 16:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.05 16:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.05 16:03:06 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.05 16:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.05 15:41:48 | 002,051,696 | ---- | C] (Bitdefender SRL) -- C:\Users\****\AppData\Local\qs64.dll
[2013.06.05 15:41:48 | 000,733,224 | ---- | C] (Bitdefender SRL) -- C:\Users\****\AppData\Local\qs.dll
[2013.06.05 15:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defender Pro Quick Scanner
[2013.06.04 16:10:17 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013.06.04 16:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013.06.04 16:05:06 | 000,536,652 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysWow64\ASAudioHD.ax
[2013.06.04 16:05:06 | 000,490,496 | ---- | C] (www.madshi.net) -- C:\Windows\SysWow64\madFlac.ax
[2013.06.04 16:05:06 | 000,285,184 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysWow64\MagUIEngine.dll
[2013.06.04 16:05:06 | 000,106,496 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysWow64\checkactivate.dll
[2013.06.04 16:05:06 | 000,092,672 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysWow64\MagUIInter.dll
[2013.06.04 16:05:06 | 000,055,808 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysWow64\MagPCMac.dll
[2013.06.04 16:05:06 | 000,035,328 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysWow64\MagCore.dll
[2013.06.04 16:05:06 | 000,000,000 | ---D | C] -- C:\Temp
[2013.06.04 16:05:05 | 000,439,808 | ---- | C] (MPC-HC Team) -- C:\Windows\SysWow64\RealMediaSplitter.ax
[2013.06.04 16:05:05 | 000,417,792 | ---- | C] (Gabest) -- C:\Windows\SysWow64\FLVSplitter.ax
[2013.06.04 16:05:05 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2013.05.31 15:44:29 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Atlantica
[2013.05.31 04:01:40 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\League of Legends
[2013.05.30 05:18:52 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\donetasy
[2013.05.26 23:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.23 19:12:04 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Screaming Bee
[2013.05.23 19:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
[2013.05.18 19:59:27 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Awesomium
[2013.05.18 19:56:40 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Aeria Games
[2013.05.18 19:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2013.05.18 19:47:52 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2013.05.18 19:37:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013.05.18 19:36:59 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Aeria Games & Entertainment
[2013.05.13 16:24:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\BoL
[2013.05.11 02:21:05 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\settings
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.06 19:16:40 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable
[2013.06.06 19:04:01 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029538542-3273361527-2256941593-1000UA.job
[2013.06.06 18:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.06 18:02:14 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.06 18:02:14 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.06 17:04:02 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029538542-3273361527-2256941593-1000Core.job
[2013.06.06 14:13:55 | 000,002,058 | ---- | M] () -- C:\Users\****\Desktop\Google Chrome.lnk
[2013.06.06 14:02:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.06 14:02:06 | 4294,172,672 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.05 21:45:26 | 000,279,370 | ---- | M] () -- C:\Users\****\Documents\cc_20130605_214518.reg
[2013.06.05 18:27:33 | 000,000,499 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.05 15:41:48 | 002,051,696 | ---- | M] (Bitdefender SRL) -- C:\Users\****\AppData\Local\qs64.dll
[2013.06.05 15:41:48 | 000,733,224 | ---- | M] (Bitdefender SRL) -- C:\Users\****\AppData\Local\qs.dll
[2013.06.05 07:58:54 | 002,625,606 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.05 07:58:54 | 001,247,620 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.05 07:58:54 | 000,773,838 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.05 07:58:54 | 000,691,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.05 07:58:54 | 000,006,972 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.04 16:33:34 | 000,027,648 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.02 11:06:56 | 000,000,949 | ---- | M] () -- C:\Users\****\Desktop\vegas120 - Verknüpfung.lnk
[2013.06.02 10:59:13 | 000,000,680 | ---- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat
[2013.06.01 03:40:30 | 000,000,818 | ---- | M] () -- C:\Users\****\Desktop\lol.launcher.admin - Verknüpfung.lnk
[2013.05.30 00:02:32 | 000,000,757 | ---- | M] () -- C:\Users\****\Desktop\LoLNotes - Verknüpfung.lnk
[2013.05.29 06:23:20 | 000,001,838 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2013.05.26 17:35:14 | 000,271,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.24 21:22:42 | 000,001,921 | ---- | M] () -- C:\Users\****\Desktop\Preset Manager 2.0.lnk
[2013.05.09 22:44:40 | 000,006,294 | ---- | M] () -- C:\Users\****\Desktop\avatar4160663_58.jpg
 
========== Files Created - No Company Name ==========
 
[2013.06.06 19:16:40 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable
[2013.06.05 21:45:19 | 000,279,370 | ---- | C] () -- C:\Users\****\Documents\cc_20130605_214518.reg
[2013.06.05 09:12:47 | 000,000,499 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.04 16:05:06 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\dtsdecoderdll.dll
[2013.06.04 16:05:06 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2013.06.02 11:06:56 | 000,000,949 | ---- | C] () -- C:\Users\****\Desktop\vegas120 - Verknüpfung.lnk
[2013.06.02 10:59:13 | 000,000,680 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat
[2013.06.01 03:40:30 | 000,000,818 | ---- | C] () -- C:\Users\****\Desktop\lol.launcher.admin - Verknüpfung.lnk
[2013.05.30 00:01:11 | 000,000,757 | ---- | C] () -- C:\Users\****\Desktop\LoLNotes - Verknüpfung.lnk
[2013.05.29 06:23:20 | 000,001,838 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2013.05.24 21:22:42 | 000,001,921 | ---- | C] () -- C:\Users\****\Desktop\Preset Manager 2.0.lnk
[2013.05.09 22:44:40 | 000,006,294 | ---- | C] () -- C:\Users\****\Desktop\avatar4160663_58.jpg
[2013.03.03 19:00:27 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\qzpz.dll
[2013.03.03 04:12:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013.03.03 04:12:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2013.03.03 04:10:37 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2013.02.24 16:54:09 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2013.02.23 12:09:32 | 000,007,823 | ---- | C] () -- C:\Users\****\ESt2012_Moncayo_Nuhn_Jose_Manuel.elfo
[2013.02.20 09:49:26 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013.02.20 09:49:26 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2013.02.20 09:19:30 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2013.02.20 09:07:58 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2013.02.13 14:15:02 | 000,000,854 | ---- | C] () -- C:\Users\****\AppData\Local\recently-used.xbel
[2013.02.04 00:24:13 | 001,634,798 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.03 18:27:50 | 000,027,648 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 01:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.18 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Aeria Games & Entertainment
[2013.05.18 19:59:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Awesomium
[2013.06.05 19:21:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\BoL
[2013.02.23 11:38:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\elsterformular
[2013.04.08 21:21:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EPSON
[2013.02.24 15:19:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\fltk.org
[2013.05.06 02:28:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GarenaPlus
[2013.02.14 07:38:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ-Profile
[2013.02.14 07:33:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQM
[2013.02.03 21:18:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LolClient
[2013.02.24 16:31:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MotioninJoy
[2013.03.03 15:45:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Publish Providers
[2013.03.03 15:53:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Red Giant Link
[2013.02.24 18:33:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Samsung
[2013.05.23 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Screaming Bee
[2013.03.03 23:34:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Sony
[2013.05.19 20:52:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Spotify
[2013.06.06 18:13:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client
[2013.02.23 12:43:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\VBA-M
[2013.02.23 13:41:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WinISO Computing
 
========== Purity Check ==========
 
 

< End of report >
         

OTL Extras logfile created on: 06.06.2013 19:18:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 44,45% Memory free
8,21 Gb Paging File | 5,17 Gb Available in Paging File | 63,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 327,54 Gb Total Space | 163,34 Gb Free Space | 49,87% Space Free | Partition Type: NTFS
Drive E: | 592,25 Gb Total Space | 496,37 Gb Free Space | 83,81% Space Free | Partition Type: NTFS
 
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.WH4Z4YUIFPG32HKJS2UOICFTJY] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 01 01 19 11 B9 17 CE 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3029538542-3273361527-2256941593-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01636551-7CC5-4EE5-8543-62D68242C9B7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{06AD667A-BBC1-4220-BEA1-21325B2CF1FB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{10A68F17-165D-448E-AB9F-0676DD87608A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{27B6AB97-EA85-443E-B0E5-9742E5C559D1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{339278FE-36BF-4C56-B893-85E68ACEAA4B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4A125863-6C26-45EC-BD59-FE75468FDFD5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A492887F-31C2-4AFE-8693-C8A006D81A9D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BD140B85-88E7-4321-AFB7-5D2AD954CAB3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BFCC4477-9A11-43D3-8300-D867CC8F741E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D39BBEF5-905D-4D36-B0E1-67224E4E9E0C}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D0D176-A0BF-49BA-A841-AF7D2F636B5A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{08F13F5F-5B46-47A7-B508-4369EBA38806}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{13F5FB11-577B-48C0-BEBD-F4E76216FF48}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{283D7D60-C0CF-44FC-B002-26C53760464F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2FA48411-C177-48BA-A1AA-499DAD52E5FC}" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\icqm\icq.exe | 
"{39E4E0F0-41D1-48A7-A82C-FD6BBA2BD29C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{3CF79118-4239-429D-8EE4-A5262C9CC717}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{4A2F25C0-26F6-4DCE-8E60-5344E0026949}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{759D7E9E-82EA-43BF-B53B-AD468309ABE2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7A52D970-0279-4EA3-8FA3-C386FAA8DC41}" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\icqm\icq.exe | 
"{88DB35B8-FE8E-47B2-B051-BA42548843FF}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{9A173262-FB38-45F5-923B-86D628F0650F}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{BD2EB19D-0869-40EB-98CD-DDBD2C374DB5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BE2AE9EF-185A-44B0-8CDA-891CFC307AA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C88E0359-C0BE-44C5-8CAA-19F724D43FC5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{DA258A29-C300-46D7-9103-E218832FC662}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{F16B2782-0E39-44A6-B90E-46E4B233A298}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{FD26B9B3-0AC0-46B1-B64C-4FFA4182A679}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"TCP Query User{0031EC39-E16A-42EC-B79E-45A0EF0529FE}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{2CF4E4E2-F0F8-45A7-AE15-25FF12672B93}C:\program files\sony\vegas pro 12.0\vegas120.exe" = protocol=6 | dir=in | app=c:\program files\sony\vegas pro 12.0\vegas120.exe | 
"TCP Query User{56B4A59C-9871-430B-BED3-E867FA345865}C:\users\****\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{6FDFC0F6-19AA-480C-94C7-9EF184804384}C:\users\****\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{9D6945AB-E8D5-4B44-967A-1AAB4C50DC8F}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{F34C0192-2DCA-4FD3-9B6A-88DB939B0A4F}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{FF70EFCD-31F9-4EEA-B6C9-8A6525F0447C}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{1A10EA5A-FA70-4646-A6E1-B9FF1F880AB8}C:\users\****\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{2D23FD89-9D75-4E71-96AC-122900221501}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{32E43DF8-7692-4A7B-9B18-AEED8EFC7111}C:\program files\sony\vegas pro 12.0\vegas120.exe" = protocol=17 | dir=in | app=c:\program files\sony\vegas pro 12.0\vegas120.exe | 
"UDP Query User{3324D9C1-8BF3-42BC-862C-A4F73F65A0C6}C:\users\****\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{6EC3397E-2A83-4372-89C6-1B226F93AA46}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"UDP Query User{98F70B9F-91CD-4AF6-BC01-B47A5876399F}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{E382F0CD-92A3-4CCA-A719-F26D30C93A6F}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.5.0002
"{3C09DE13-867C-4289-9F95-4510BB3A5F57}" = Magic Bullet Suite 64-bit
"{7A0D09B0-6575-11E2-89D5-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{7E708ADE-6575-11E2-8713-F04DA23A5C58}" = MSVCRT Redists
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{080FE95E-5A89-4A54-BAAA-D769971B7C2D}" = Corel Home Office 5.0.36
"{2F04C9DA-94DA-4361-8B34-02CD8187861F}" = SystemDiagnostics
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7613592F-B20C-4E1B-B2DD-67F0784D4373}" = Energy Settings
"{88BFE745-3D1F-4B80-8C40-E626E5A8E613}" = Samsung S5230 Wallpaper Creator
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FCFE3F81-C977-4D31-877B-2778BB2A02DE}" = Preset Manager 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Crossfire Europe" = Crossfire Europe
"ElsterFormular" = ElsterFormular
"EPSON Scanner" = EPSON Scan
"Fraps" = Fraps (remove only)
"InstallShield_{3C09DE13-867C-4289-9F95-4510BB3A5F57}" = Magic Bullet Suite 64-bit
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"LOLReplay" = LOLReplay
"LoLTW" = Garena *^¶¯Áp·ù¡]¥xÆW¡^
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 240" = Counter-Strike: Source
"UltraISO_is1" = UltraISO Premium V9.53
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"ICQ" = ICQ 8.0 (build 5999, für aktuellen Benutzer)
"MyFreeCodec" = MyFreeCodec
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.06.2013 09:47:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790,  Prozess-ID 0x1110,
 Anwendungsstartzeit 01ce62bc5173d350.
 
Error - 06.06.2013 09:48:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790,  Prozess-ID 0x920, 
Anwendungsstartzeit 01ce62bc7536f240.
 
Error - 06.06.2013 09:49:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790,  Prozess-ID 0x130c,
 Anwendungsstartzeit 01ce62bc98faad70.
 
Error - 06.06.2013 09:50:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790,  Prozess-ID 0x46c, 
Anwendungsstartzeit 01ce62bcbcbe4190.
 
Error - 06.06.2013 09:51:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790,  Prozess-ID 0xf10, 
Anwendungsstartzeit 01ce62bce0809d30.
 
Error - 06.06.2013 09:52:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790,  Prozess-ID 0x934, 
Anwendungsstartzeit 01ce62bd04445860.
 
Error - 06.06.2013 09:53:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790,  Prozess-ID 0x914, 
Anwendungsstartzeit 01ce62bd280617c0.
 
Error - 06.06.2013 09:54:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790,  Prozess-ID 0xff0, 
Anwendungsstartzeit 01ce62bd4bca4820.
 
Error - 06.06.2013 09:55:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790,  Prozess-ID 0x840, 
Anwendungsstartzeit 01ce62bd6f8e9f90.
 
Error - 06.06.2013 09:56:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790,  Prozess-ID 0x970, 
Anwendungsstartzeit 01ce62bd93514950.
 
 
< End of report >
         

# AdwCleaner v2.301 - Datei am 05/06/2013 um 09:12:43 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : **** - ****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Downloads\adwcleaner_2.3.0.1.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\searchplugins\claro.xml
Gelöscht mit Neustart : C:\ProgramData\Babylon
Gelöscht mit Neustart : C:\Users\****\AppData\Local\Temp\OCS
Gelöscht mit Neustart : C:\Users\****\AppData\Roaming\BabSolution
Gelöscht mit Neustart : C:\Users\****\AppData\Roaming\Babylon
Gelöscht mit Neustart : C:\Users\****\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\5b48fdeb769ba41
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5b48fdeb769ba41
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM
Schlüssel Gelöscht : HKU\S-1-5-21-3029538542-3273361527-2256941593-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=120129&babsrc=HP_ss&mntrId=02a73ef000000000000000242150365f --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\prefs.js

C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.selectedEngine", "Claro Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=120129&babsrc=HP_ss&mntrId[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=120129&babsrc[...]
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gelöscht : user_pref("extensions.claro.autoRvrt", "false");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "02a73ef000000000000000242150365f");
Gelöscht : user_pref("extensions.claro.instlDay", "15750");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.rvrt", "false");
Gelöscht : user_pref("extensions.claro.tlbrId", "base");
Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.claro.vrsn", "1.8.8.5");
Gelöscht : user_pref("extensions.claro.vrsni", "1.8.8.5");
Gelöscht : user_pref("extensions.claro_i.excTlbr", false);
Gelöscht : user_pref("extensions.claro_i.newTab", false);
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.8.57:33:32");

-\\ Google Chrome v27.0.1453.94

Datei : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [5999 octets] - [05/06/2013 09:11:42]
AdwCleaner[S1].txt - [5781 octets] - [05/06/2013 09:12:43]

########## EOF - C:\AdwCleaner[S1].txt - [5841 octets] ##########
         

# AdwCleaner v2.301 - Datei am 05/06/2013 um 15:51:40 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : **** - ****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Downloads\adwcleaner_2.3.0.1.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Gelöscht mit Neustart : C:\ProgramData\Babylon

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.94

Datei : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.43] : icon_url = "hxxp://www.delta-search.com/favicon.ico",
Gelöscht [l.46] : keyword = "delta-search.com",
Gelöscht [l.50] : search_url = "hxxp://www.delta-search.com/?q={searchTerms}&affID=121562&tt=gc_&babsrc=SP_ss&m[...]
Gelöscht [l.2717] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=121562&tt=gc_&babsrc=HP_ss[...]

*************************

AdwCleaner[R1].txt - [5999 octets] - [05/06/2013 09:11:42]
AdwCleaner[R2].txt - [1882 octets] - [05/06/2013 15:49:00]
AdwCleaner[S1].txt - [5904 octets] - [05/06/2013 09:12:43]
AdwCleaner[S2].txt - [1780 octets] - [05/06/2013 15:51:40]

########## EOF - C:\AdwCleaner[S2].txt - [1840 octets] ##########
         

# AdwCleaner v2.301 - Datei am 05/06/2013 um 18:27:13 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Downloads\adwcleaner_2.3.0.1.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\ProgramData\Babylon

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.94

Datei : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.2203] : homepage = "hxxp://websearch.mocaflix.com/",
Gelöscht [l.2900] : urls_to_restore_on_startup = [ "hxxp://websearch.mocaflix.com/", "" ]

*************************

AdwCleaner[R1].txt - [5999 octets] - [05/06/2013 09:11:42]
AdwCleaner[R2].txt - [1882 octets] - [05/06/2013 15:49:00]
AdwCleaner[R3].txt - [1439 octets] - [05/06/2013 18:26:28]
AdwCleaner[S1].txt - [5904 octets] - [05/06/2013 09:12:43]
AdwCleaner[S2].txt - [1909 octets] - [05/06/2013 15:51:40]
AdwCleaner[S3].txt - [1378 octets] - [05/06/2013 18:27:13]

########## EOF - C:\AdwCleaner[S3].txt - [1438 octets] ##########
         

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.05.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
**** :: ****-PC [Administrator]

Schutz: Aktiviert

05.06.2013 16:04:25
mbam-log-2013-06-05 (16-04-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|J:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 626064
Laufzeit: 2 Stunde(n), 11 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 5
HKCR\CLSID\{EF94624F-EAAE-47CA-BE5B-86FDBF0B2BBA} (Backdoor.Hupigon) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80} (Backdoor.Hupigon) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{DF4F905C-0961-4464-8460-DD2A1F274D1F} (Backdoor.Hupigon) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\QMDispatch.QMFunction.1 (Backdoor.Hupigon) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\QMDispatch.QMFunction (Backdoor.Hupigon) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Windows\QMDispatch.dll (Backdoor.Hupigon) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\****\AppData\Local\Temp\pricepeep_130001_1001.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\****\Desktop\qmacro\QMacro6.exe (Malware.Packer.as) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\****\Desktop\qmacro\QMacro6.exe.BAK (Malware.Packer.as) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\****\Downloads\Crossfire simple Injector_mpgh.net.rar (Hacktool.Injector) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)