langsames Internet, LyricsPal, Websearch.Mocaflix

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:51 on 19/07/2013 (Krystel)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

OTL logfile created on: 19.07.2013 18:52:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Krystel\Desktop\board
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 62,22% Memory free
8,20 Gb Paging File | 5,97 Gb Available in Paging File | 72,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 327,54 Gb Total Space | 154,63 Gb Free Space | 47,21% Space Free | Partition Type: NTFS
Drive E: | 592,25 Gb Total Space | 496,37 Gb Free Space | 83,81% Space Free | Partition Type: NTFS
 
Computer Name: KRYSTEL-PC | User Name: Krystel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.19 18:52:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Krystel\Desktop\board\OTL.exe
PRC - [2013.07.14 20:45:40 | 000,567,880 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
PRC - [2013.06.27 12:35:15 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.27 12:35:00 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.27 12:35:00 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.06.21 23:48:26 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Krystel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.06.05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Krystel\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.05.16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.14 20:45:40 | 000,567,880 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe
MOD - [2013.07.12 20:49:44 | 000,396,240 | ---- | M] () -- C:\Users\Krystel\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
MOD - [2013.07.12 20:49:42 | 004,052,944 | ---- | M] () -- C:\Users\Krystel\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013.07.12 20:48:52 | 000,601,552 | ---- | M] () -- C:\Users\Krystel\AppData\Local\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013.07.12 20:48:51 | 000,123,344 | ---- | M] () -- C:\Users\Krystel\AppData\Local\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013.07.12 20:48:49 | 001,597,392 | ---- | M] () -- C:\Users\Krystel\AppData\Local\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2013.07.12 14:19:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59375bfcbdf9a51a963b71c10f6204d4\System.Runtime.Remoting.ni.dll
MOD - [2013.07.12 14:19:34 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\798504f7455735fbc9abe8d6ebe73f03\System.Configuration.ni.dll
MOD - [2013.07.12 14:04:07 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4a249ccdc8817127b91bc36d1aa52b5e\System.Xml.ni.dll
MOD - [2013.07.12 14:03:53 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f58a8a55eda29b5a43af20c4568f7f91\System.Windows.Forms.ni.dll
MOD - [2013.07.12 14:03:45 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6ac6cab47b69e44769c726610e7f29bc\System.Drawing.ni.dll
MOD - [2013.07.12 14:02:47 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e3cc2cbffd5fb21da64e93d9b6c27c7c\System.ni.dll
MOD - [2013.07.12 14:02:29 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2009.03.29 22:40:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.07.15 13:11:29 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.07.06 20:34:55 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.27 12:35:15 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.27 12:35:00 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.14 02:00:00 | 004,722,728 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.04.26 12:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2009.03.29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.03.09 21:50:18 | 000,018,944 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.27 23:38:13 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.27 23:38:13 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.27 23:38:13 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.31 10:45:10 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2012.05.12 13:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 21:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.12.07 20:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.04.27 04:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010.04.27 04:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2010.04.27 04:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2008.02.22 19:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005.03.09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=db2f991b-106f-477d-a712-c771073b6e79&searchtype=ds&q={searchTerms}&installDate=10/07/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=db2f991b-106f-477d-a712-c771073b6e79&searchtype=ds&q={searchTerms}&installDate=10/07/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=db2f991b-106f-477d-a712-c771073b6e79&searchtype=hp&installDate=10/07/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=db2f991b-106f-477d-a712-c771073b6e79&searchtype=ds&q={searchTerms}&installDate=10/07/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=db2f991b-106f-477d-a712-c771073b6e79&searchtype=ds&q={searchTerms}&installDate=10/07/2013
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Bdf4e4df5-5cb7-46b0-9aef-6c784c3249f8%7D:1.2.0
FF - prefs.js..extensions.enabledAddons: firefox%40mega.co.nz:1.0.3
FF - prefs.js..extensions.enabledAddons: %7Bdb2f991b-106f-477d-a712-c771073b6e79%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B9309FA47-1B48-4768-AFA4-9E0556F5DC81%7D:1.122
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=db2f991b-106f-477d-a712-c771073b6e79&searchtype=ds&installDate=10/07/2013&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Krystel\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Krystel\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.06 20:34:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9309FA47-1B48-4768-AFA4-9E0556F5DC81}: C:\Program Files (x86)\LyricsPal\122.xpi [2013.07.15 13:07:57 | 000,007,431 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.06 20:34:48 | 000,000,000 | ---D | M]
 
[2013.02.03 17:43:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krystel\AppData\Roaming\mozilla\Extensions
[2013.07.12 16:45:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krystel\AppData\Roaming\mozilla\Firefox\Profiles\8zu5s3ea.default\extensions
[2013.07.12 16:45:38 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\Krystel\AppData\Roaming\mozilla\Firefox\Profiles\8zu5s3ea.default\extensions\{db2f991b-106f-477d-a712-c771073b6e79}
[2013.07.07 05:59:36 | 000,000,000 | ---D | M] (FoxyDeal) -- C:\Users\Krystel\AppData\Roaming\mozilla\Firefox\Profiles\8zu5s3ea.default\extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D}
[2013.07.06 19:44:44 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\Krystel\AppData\Roaming\mozilla\firefox\profiles\8zu5s3ea.default\extensions\firebug@software.joehewitt.com.xpi
[2013.07.09 13:38:29 | 000,004,366 | ---- | M] () (No name found) -- C:\Users\Krystel\AppData\Roaming\mozilla\firefox\profiles\8zu5s3ea.default\extensions\firefox@mega.co.nz.xpi
[2013.06.07 13:32:21 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Krystel\AppData\Roaming\mozilla\firefox\profiles\8zu5s3ea.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.30 00:27:34 | 000,026,136 | ---- | M] () (No name found) -- C:\Users\Krystel\AppData\Roaming\mozilla\firefox\profiles\8zu5s3ea.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi
[2013.07.06 20:34:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions
[2013.07.06 20:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.07.06 20:34:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.07.15 13:07:57 | 000,007,431 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\LYRICSPAL\122.XPI
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Krystel\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Krystel\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Krystel\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Krystel\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: YouTube = C:\Users\Krystel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: AdBlock = C:\Users\Krystel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\
CHR - Extension: ProxMate - Improve your Internet! = C:\Users\Krystel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.3.8_0\
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Krystel\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [puush] C:\Program Files (x86)\puush\puush.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Krystel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED0AD528-8918-45F6-A371-C5AAF664B1A4}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Krystel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Krystel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.07.07 05:13:41 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8d8777ce-87f9-11e2-83fb-00242150365f}\Shell - "" = AutoRun
O33 - MountPoints2\{8d8777ce-87f9-11e2-83fb-00242150365f}\Shell\AutoRun\command - "" = L:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.19 18:50:56 | 000,000,000 | ---D | C] -- C:\Users\Krystel\Desktop\board
[2013.07.15 20:57:29 | 000,000,000 | ---D | C] -- C:\Users\Krystel\AppData\Local\NVIDIA
[2013.07.15 13:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsPal
[2013.07.14 05:57:11 | 000,000,000 | ---D | C] -- C:\Users\Krystel\AppData\Local\master131
[2013.07.14 05:40:25 | 000,000,000 | ---D | C] -- C:\Users\Krystel\AppData\Local\TrinityEntertainmentNetwo
[2013.07.11 21:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.07.10 17:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
[2013.07.10 17:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.2
[2013.07.07 05:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FoxyDeal
[2013.07.07 05:47:13 | 004,722,728 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2013.07.07 05:47:05 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2013.07.07 05:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2013.07.07 05:43:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.07.07 05:41:28 | 000,000,000 | ---D | C] -- C:\Users\Krystel\AppData\Roaming\PiccShare
[2013.07.07 05:41:28 | 000,000,000 | ---D | C] -- C:\Users\Krystel\AppData\Roaming\Common
[2013.07.07 05:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flyff
[2013.07.07 05:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\gPotato.eu
[2013.07.07 05:32:11 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2013.07.07 05:32:11 | 000,000,000 | ---D | C] -- C:\Users\Krystel\AppData\Local\Temp
[2013.07.07 05:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.07.07 05:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.07.07 00:14:00 | 000,000,000 | ---D | C] -- C:\Users\Krystel\Desktop\alex
[2013.07.06 20:34:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.07.03 23:26:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
[2013.07.03 23:26:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoIt3
[2013.07.01 18:05:13 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.07.01 15:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3
[2013.07.01 15:27:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6.3
[2013.06.26 22:53:03 | 000,000,000 | ---D | C] -- C:\Users\Krystel\AppData\Roaming\vlc
[2013.06.26 22:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.06.26 22:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.06.26 22:17:18 | 000,000,000 | ---D | C] -- C:\Users\Krystel\AppData\Roaming\Sony Creative Software Inc
[2013.06.23 23:06:05 | 000,000,000 | ---D | C] -- C:\Users\Krystel\AppData\Roaming\DivX
[2013.06.23 23:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013.06.23 22:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2013.06.23 22:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2013.06.23 22:53:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2013.06.23 22:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2013.06.23 22:36:41 | 000,000,000 | ---D | C] -- C:\Users\Krystel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2013.06.23 22:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haali
[2013.06.23 22:33:28 | 000,000,000 | ---D | C] -- C:\Users\Krystel\Desktop\idk
[2013.06.23 22:33:05 | 000,000,000 | ---D | C] -- C:\Users\Krystel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2013.06.23 22:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2013.06.23 22:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.19 18:57:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.19 18:51:31 | 000,000,000 | ---- | M] () -- C:\Users\Krystel\defogger_reenable
[2013.07.19 18:46:44 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.19 18:46:44 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.19 18:16:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029538542-3273361527-2256941593-1000UA.job
[2013.07.19 14:47:30 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\Lyrics-Pal Update.job
[2013.07.19 14:46:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.19 14:46:38 | 4294,172,672 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.19 14:45:55 | 000,001,501 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.07.17 14:16:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029538542-3273361527-2256941593-1000Core.job
[2013.07.17 01:46:50 | 000,056,320 | ---- | M] () -- C:\Users\Krystel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.07.14 15:28:35 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.07.13 19:22:30 | 000,002,058 | ---- | M] () -- C:\Users\Krystel\Desktop\Google Chrome.lnk
[2013.07.12 14:00:23 | 000,282,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.11 21:43:16 | 002,640,946 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.11 21:43:16 | 001,252,300 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.11 21:43:16 | 000,778,750 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.11 21:43:16 | 000,695,934 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.11 21:43:15 | 000,006,972 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.10 17:26:22 | 000,000,930 | ---- | M] () -- C:\Users\Krystel\Desktop\Cheat Engine.lnk
[2013.07.07 05:41:21 | 000,001,513 | ---- | M] () -- C:\Users\Public\Desktop\Flyff.lnk
[2013.07.07 05:19:09 | 001,273,625 | ---- | M] () -- C:\Users\Krystel\Desktop\zoek.exe
[2013.07.07 05:13:41 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.07.03 23:47:22 | 000,000,377 | ---- | M] () -- C:\Users\Krystel\SciTE.session
[2013.06.21 14:06:36 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.06.21 14:06:36 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.06.21 14:06:36 | 000,021,578 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.19 18:51:31 | 000,000,000 | ---- | C] () -- C:\Users\Krystel\defogger_reenable
[2013.07.14 15:28:35 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.07.10 17:44:28 | 000,002,294 | ---- | C] () -- C:\Users\Krystel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013.07.10 17:26:22 | 000,000,930 | ---- | C] () -- C:\Users\Krystel\Desktop\Cheat Engine.lnk
[2013.07.07 05:59:24 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\Lyrics-Pal Update.job
[2013.07.07 05:47:05 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2013.07.07 05:41:21 | 000,001,513 | ---- | C] () -- C:\Users\Public\Desktop\Flyff.lnk
[2013.07.07 05:19:07 | 001,273,625 | ---- | C] () -- C:\Users\Krystel\Desktop\zoek.exe
[2013.07.07 05:13:41 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.07.03 23:32:25 | 000,000,377 | ---- | C] () -- C:\Users\Krystel\SciTE.session
[2013.07.01 18:18:23 | 000,021,578 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.06.23 22:53:30 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.06.04 16:05:06 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\dtsdecoderdll.dll
[2013.06.04 16:05:06 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2013.06.02 10:59:13 | 000,000,680 | ---- | C] () -- C:\Users\Krystel\AppData\Local\d3d9caps.dat
[2013.03.03 19:00:27 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\qzpz.dll
[2013.03.03 04:12:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013.03.03 04:12:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2013.03.03 04:10:37 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2013.02.24 16:54:09 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2013.02.23 12:09:32 | 000,007,823 | ---- | C] () -- C:\Users\Krystel\ESt2012_Moncayo_Nuhn_Jose_Manuel.elfo
[2013.02.20 09:49:26 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013.02.20 09:49:26 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2013.02.20 09:19:30 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2013.02.20 09:07:58 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2013.02.13 14:15:02 | 000,000,854 | ---- | C] () -- C:\Users\Krystel\AppData\Local\recently-used.xbel
[2013.02.04 00:24:13 | 001,634,798 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.03 18:27:50 | 000,056,320 | ---- | C] () -- C:\Users\Krystel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 01:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.18 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\Aeria Games & Entertainment
[2013.05.18 19:59:27 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\Awesomium
[2013.07.19 16:14:55 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\BoL
[2013.07.07 05:41:28 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\Common
[2013.02.23 11:38:30 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\elsterformular
[2013.04.08 21:21:40 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\EPSON
[2013.02.24 15:19:13 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\fltk.org
[2013.05.06 02:28:14 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\GarenaPlus
[2013.02.14 07:38:13 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\ICQ-Profile
[2013.02.14 07:33:47 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\ICQM
[2013.02.03 21:18:02 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\LolClient
[2013.02.24 16:31:52 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\MotioninJoy
[2013.07.07 05:41:28 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\PiccShare
[2013.03.03 15:45:39 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\Publish Providers
[2013.06.15 21:27:11 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\puush
[2013.03.03 15:53:32 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\Red Giant Link
[2013.02.24 18:33:32 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\Samsung
[2013.05.23 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\Screaming Bee
[2013.06.22 23:38:15 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\Sony
[2013.06.26 22:17:18 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\Sony Creative Software Inc
[2013.07.11 23:45:14 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\Spotify
[2013.06.12 16:20:31 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\TeamViewer
[2013.07.18 17:29:05 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\TS3Client
[2013.02.23 12:43:57 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\VBA-M
[2013.02.23 13:41:12 | 000,000,000 | ---D | M] -- C:\Users\Krystel\AppData\Roaming\WinISO Computing
 
========== Purity Check ==========
 
 

< End of report >
         

OTL Extras logfile created on: 19.07.2013 18:52:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Krystel\Desktop\board
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 62,22% Memory free
8,20 Gb Paging File | 5,97 Gb Available in Paging File | 72,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 327,54 Gb Total Space | 154,63 Gb Free Space | 47,21% Space Free | Partition Type: NTFS
Drive E: | 592,25 Gb Total Space | 496,37 Gb Free Space | 83,81% Space Free | Partition Type: NTFS
 
Computer Name: KRYSTEL-PC | User Name: Krystel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.WH4Z4YUIFPG32HKJS2UOICFTJY] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 01 01 19 11 B9 17 CE 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3029538542-3273361527-2256941593-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01636551-7CC5-4EE5-8543-62D68242C9B7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{06AD667A-BBC1-4220-BEA1-21325B2CF1FB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{10A68F17-165D-448E-AB9F-0676DD87608A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{27B6AB97-EA85-443E-B0E5-9742E5C559D1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{339278FE-36BF-4C56-B893-85E68ACEAA4B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4A125863-6C26-45EC-BD59-FE75468FDFD5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A492887F-31C2-4AFE-8693-C8A006D81A9D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BD140B85-88E7-4321-AFB7-5D2AD954CAB3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BFCC4477-9A11-43D3-8300-D867CC8F741E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D39BBEF5-905D-4D36-B0E1-67224E4E9E0C}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08F13F5F-5B46-47A7-B508-4369EBA38806}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{13F5FB11-577B-48C0-BEBD-F4E76216FF48}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{283D7D60-C0CF-44FC-B002-26C53760464F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2FA48411-C177-48BA-A1AA-499DAD52E5FC}" = protocol=17 | dir=in | app=c:\users\krystel\appdata\roaming\icqm\icq.exe | 
"{3420D4AF-E962-41AD-8244-1959B030C1EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{39E4E0F0-41D1-48A7-A82C-FD6BBA2BD29C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{3CF79118-4239-429D-8EE4-A5262C9CC717}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{4A2F25C0-26F6-4DCE-8E60-5344E0026949}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{759D7E9E-82EA-43BF-B53B-AD468309ABE2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7A52D970-0279-4EA3-8FA3-C386FAA8DC41}" = protocol=6 | dir=in | app=c:\users\krystel\appdata\roaming\icqm\icq.exe | 
"{88DB35B8-FE8E-47B2-B051-BA42548843FF}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{9A173262-FB38-45F5-923B-86D628F0650F}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{BD2EB19D-0869-40EB-98CD-DDBD2C374DB5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BE2AE9EF-185A-44B0-8CDA-891CFC307AA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D8061530-FCD9-4263-AF17-11F120F4B609}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{DA258A29-C300-46D7-9103-E218832FC662}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{F16B2782-0E39-44A6-B90E-46E4B233A298}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{FD26B9B3-0AC0-46B1-B64C-4FFA4182A679}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"TCP Query User{0031EC39-E16A-42EC-B79E-45A0EF0529FE}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{2CF4E4E2-F0F8-45A7-AE15-25FF12672B93}C:\program files\sony\vegas pro 12.0\vegas120.exe" = protocol=6 | dir=in | app=c:\program files\sony\vegas pro 12.0\vegas120.exe | 
"TCP Query User{56B4A59C-9871-430B-BED3-E867FA345865}C:\users\krystel\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\krystel\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{6FDFC0F6-19AA-480C-94C7-9EF184804384}C:\users\krystel\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\krystel\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{9D6945AB-E8D5-4B44-967A-1AAB4C50DC8F}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{F34C0192-2DCA-4FD3-9B6A-88DB939B0A4F}C:\users\krystel\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\krystel\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{FF70EFCD-31F9-4EEA-B6C9-8A6525F0447C}C:\users\krystel\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\krystel\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{1A10EA5A-FA70-4646-A6E1-B9FF1F880AB8}C:\users\krystel\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\krystel\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{2D23FD89-9D75-4E71-96AC-122900221501}C:\users\krystel\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\krystel\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{32E43DF8-7692-4A7B-9B18-AEED8EFC7111}C:\program files\sony\vegas pro 12.0\vegas120.exe" = protocol=17 | dir=in | app=c:\program files\sony\vegas pro 12.0\vegas120.exe | 
"UDP Query User{3324D9C1-8BF3-42BC-862C-A4F73F65A0C6}C:\users\krystel\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\krystel\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{6EC3397E-2A83-4372-89C6-1B226F93AA46}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"UDP Query User{98F70B9F-91CD-4AF6-BC01-B47A5876399F}C:\users\krystel\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\krystel\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{E382F0CD-92A3-4CCA-A719-F26D30C93A6F}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.5.0002
"{3C09DE13-867C-4289-9F95-4510BB3A5F57}" = Magic Bullet Suite 64-bit
"{7A0D09B0-6575-11E2-89D5-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{7E708ADE-6575-11E2-8713-F04DA23A5C58}" = MSVCRT Redists
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.7
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{080FE95E-5A89-4A54-BAAA-D769971B7C2D}" = Corel Home Office 5.0.36
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7613592F-B20C-4E1B-B2DD-67F0784D4373}" = Energy Settings
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FCFE3F81-C977-4D31-877B-2778BB2A02DE}" = Preset Manager 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AutoItv3" = AutoIt v3.3.8.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"Cheat Engine 6.3_is1" = Cheat Engine 6.3
"Crossfire Europe" = Crossfire Europe
"ElsterFormular" = ElsterFormular
"EPSON Scanner" = EPSON Scan
"ffdshow_is1" = ffdshow v1.3.4513 [2013-05-25]
"Fraps" = Fraps (remove only)
"HaaliMkx" = Haali Media Splitter
"InstallShield_{3C09DE13-867C-4289-9F95-4510BB3A5F57}" = Magic Bullet Suite 64-bit
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"LOLReplay" = LOLReplay
"LoLTW" = Garena *^¶¯Áp·ù¡]¥xÆW¡^
"MacroGamer" = MacroGamer 2.7.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 240" = Counter-Strike: Source
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{939d5956-f9bb-438a-9df7-a457f5a95992}" = Snap.Do Engine
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"ICQ" = ICQ 8.0 (build 5999, für aktuellen Benutzer)
"MyFreeCodec" = MyFreeCodec
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.07.2013 06:47:30 | Computer Name = Krystel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.07.2013 14:07:36 | Computer Name = Krystel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.07.2013 16:52:45 | Computer Name = Krystel-PC | Source = Application Error | ID = 1000
Error - 16.07.2013 19:42:25 | Computer Name = Krystel-PC | Source = Application 
Hang | ID = 1002
 
Description = Programm Neuz.exe, Version 3.8.22.1 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 808
Anfangszeit: 01ce827e142ddd35
Zeitpunkt der Beendigung: 82
Error - 17.07.2013 07:51:28 | Computer Name = Krystel-PC | Source = WinMgmt | ID
 = 10
 
Description = 
Error - 17.07.2013 13:32:09 | Computer Name = Krystel-PC | Source = WinMgmt | ID
 = 10
 
Description = 
Error - 18.07.2013 09:28:49 | Computer Name = Krystel-PC | Source = WinMgmt | ID
 = 10
 
Description = 
Error - 18.07.2013 12:49:59 | Computer Name = Krystel-PC | Source = Application 
Error | ID = 1000
 
Description = Fehlerhafte Anwendung rads_user_kernel.exe, Version 0.0.0.0, Zeitstempel 0x4e65c1ac, fehlerhaftes Modul rads_user_kernel.exe, Version 0.0.0.0, Zeitstempel 0x4e65c1ac, Ausnahmecode 0xc0000005, Fehleroffset 0x000b8554,
Prozess-ID 0xd1c, Anwendungsstartzeit 01ce83d6d2ad98d7.
Error - 18.07.2013 12:50:04 | Computer Name = Krystel-PC | Source = Application 
Error | ID = 1000
 
Description = Fehlerhafte Anwendung rads_user_kernel.exe, Version 0.0.0.0, Zeitstempel 0x4e65c1ac, fehlerhaftes Modul rads_user_kernel.exe, Version 0.0.0.0, Zeitstempel 0x4e65c1ac, Ausnahmecode 0xc0000005, Fehleroffset 0x000b8554,
Prozess-ID 0x1464, Anwendungsstartzeit 01ce83d6da05bfe4.
Error - 19.07.2013 08:40:16 | Computer Name = Krystel-PC | Source = WinMgmt | ID
 = 10
 
Description = 
Error - 19.07.2013 08:48:26 | Computer Name = Krystel-PC | Source = WinMgmt | ID
 = 10
 
Description = 
 
Error encountered while reading event logs.
 
< End of report >
         

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.19.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Krystel :: KRYSTEL-PC [Administrator]

19.07.2013 04:35:34
mbam-log-2013-07-19 (04-35-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 689144
Laufzeit: 2 Stunde(n), 4 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCR\QMDispatch.QMFunction (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Program Files (x86)\LyricsPal\Lyrics.exe (PUP.LyricsAd) -> Keine Aktion durchgeführt.
C:\Users\Krystel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSCH54ZI\LyricsPal_1060-8101_v122[1] (PUP.LyricsAd) -> Keine Aktion durchgeführt.
C:\Users\Krystel\AppData\Local\Temp\lyricsPaltmp.exe (PUP.LyricsAd) -> Keine Aktion durchgeführt.
C:\Users\Krystel\Downloads\Toms.rar (HackTool.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

# AdwCleaner v2.305 - Datei am 15/07/2013 um 22:27:45 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Krystel - KRYSTEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Krystel\Downloads\AdwCleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Krystel\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\foxydeal.sqlite
Gelöscht mit Neustart : C:\Program Files (x86)\FoxyDeal
Gelöscht mit Neustart : C:\Program Files (x86)\LyricsPal

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C8FBE488-BAF5-4019-A7F7-C888045987D3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C8FBE488-BAF5-4019-A7F7-C888045987D3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\lrcspal@lyricspal.co

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Krystel\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\prefs.js

C:\Users\Krystel\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gelöscht : user_pref("extensions.helperbar.Visibility", false);

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Krystel\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.2681] : urls_to_restore_on_startup = [ "hxxp://websearch.mocaflix.com/", "" ]

*************************

AdwCleaner[R1].txt - [2531 octets] - [02/07/2013 13:38:05]
AdwCleaner[R2].txt - [6753 octets] - [13/07/2013 14:06:29]
AdwCleaner[R3].txt - [2249 octets] - [15/07/2013 22:26:20]
AdwCleaner[S1].txt - [2455 octets] - [02/07/2013 13:38:43]
AdwCleaner[S2].txt - [6790 octets] - [13/07/2013 14:06:56]
AdwCleaner[S3].txt - [2295 octets] - [15/07/2013 22:27:45]

########## EOF - C:\AdwCleaner[S3].txt - [2355 octets] ##########
         

# AdwCleaner v2.305 - Datei am 19/07/2013 um 14:45:05 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Krystel - KRYSTEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Krystel\Downloads\AdwCleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Krystel\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\foxydeal.sqlite
Gelöscht mit Neustart : C:\Program Files (x86)\FoxyDeal
Gelöscht mit Neustart : C:\Program Files (x86)\LyricsPal

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Krystel\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\prefs.js

Gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gelöscht : user_pref("extensions.helperbar.Visibility", false);

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Krystel\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.2863] : urls_to_restore_on_startup = [ "hxxp://websearch.mocaflix.com/", "" ]

*************************

AdwCleaner[R1].txt - [2531 octets] - [02/07/2013 13:38:05]
AdwCleaner[R2].txt - [6753 octets] - [13/07/2013 14:06:29]
AdwCleaner[R3].txt - [2249 octets] - [15/07/2013 22:26:20]
AdwCleaner[R4].txt - [1915 octets] - [19/07/2013 14:44:34]
AdwCleaner[S1].txt - [2455 octets] - [02/07/2013 13:38:43]
AdwCleaner[S2].txt - [6790 octets] - [13/07/2013 14:06:56]
AdwCleaner[S3].txt - [2424 octets] - [15/07/2013 22:27:45]
AdwCleaner[S4].txt - [1860 octets] - [19/07/2013 14:45:05]

########## EOF - C:\AdwCleaner[S4].txt - [1920 octets] ##########