ok sorry! anbei die dateien richtig eingefügt und nein weitere funde habe ich leider nicht in gespeicherter form... Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:23 on 26/04/2013 (alopolo)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- Code:
OTL logfile created on: 26.04.2013 11:30:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\alopolosmann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 57,08% Memory free
6,22 Gb Paging File | 4,94 Gb Available in Paging File | 79,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,63 Gb Total Space | 24,48 Gb Free Space | 15,93% Space Free | Partition Type: NTFS
Drive D: | 303,34 Gb Total Space | 272,28 Gb Free Space | 89,76% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 907,91 Gb Free Space | 97,47% Space Free | Partition Type: NTFS
Computer Name: alopolo-PC | User Name: alopolo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.26 11:28:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\alopolosmann\Desktop\OTL.exe
PRC - [2013.04.26 11:19:03 | 000,050,477 | ---- | M] () -- C:\Users\alopolosmann\Desktop\Defogger.exe
PRC - [2013.03.28 13:46:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.28 13:46:25 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.28 13:46:24 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.28 13:46:24 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.20 17:38:00 | 002,350,216 | ---- | M] (DVDVideoSoft Ltd.) -- C:\Programme\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe
PRC - [2013.03.07 22:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\alopolosmann\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2012.08.09 10:16:35 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Programme\MyScrapNook_12\bar\1.bin\12barsvc.exe
PRC - [2012.08.09 10:16:35 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Programme\MyScrapNook_12\bar\1.bin\12brmon.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.03.21 23:10:00 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.05.27 10:07:48 | 002,230,024 | ---- | M] () -- D:\Tobit ClipInc\Server\ClipInc-Server.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.16 10:52:30 | 000,668,424 | ---- | M] (Tobit.Software) -- D:\Tobit ClipInc\Player\ClipIncTray.exe
PRC - [2008.12.18 14:21:16 | 000,341,264 | ---- | M] (Fujitsu Siemens Computers) -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2008.09.19 11:44:20 | 000,113,664 | ---- | M] (Fujitsu Siemens Computers GmbH) -- C:\Programme\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe
PRC - [2008.08.27 17:55:20 | 006,281,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 04:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2006.10.27 01:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2005.08.22 10:10:54 | 000,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Ulead Systems\Ulead Photo Express 6\CalCheck.exe
PRC - [2005.07.28 09:32:20 | 000,094,208 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe
PRC - [1998.09.17 17:34:26 | 000,055,296 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
========== Modules (No Company Name) ==========
MOD - [2013.04.26 11:19:03 | 000,050,477 | ---- | M] () -- C:\Users\alopolosmann\Desktop\Defogger.exe
MOD - [2013.03.20 17:42:54 | 000,235,144 | ---- | M] () -- C:\Programme\DVDVideoSoft\Free YouTube Download\DVDVideoSoft.Resources.dll
MOD - [2013.03.20 17:42:22 | 000,032,768 | ---- | M] () -- C:\Programme\DVDVideoSoft\Free YouTube Download\de-DE\DVDVideoSoft.Resources.resources.dll
MOD - [2013.03.07 22:32:40 | 021,014,960 | ---- | M] () -- C:\Users\alopolosmann\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013.03.07 22:32:38 | 000,292,272 | ---- | M] () -- C:\Users\alopolosmann\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013.03.07 22:32:38 | 000,179,632 | ---- | M] () -- C:\Users\alopolosmann\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2013.02.15 07:04:11 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll
MOD - [2013.01.10 15:42:54 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
MOD - [2013.01.10 15:12:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll
MOD - [2013.01.10 15:12:54 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013.01.10 15:12:31 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.10 15:12:18 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll
MOD - [2013.01.10 15:11:25 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.10 15:11:11 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.21 23:10:36 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 23:10:00 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.09.09 22:21:10 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll
MOD - [2009.05.27 17:20:18 | 000,187,904 | ---- | M] () -- D:\Tobit ClipInc\Player\ClipInc$.ger
MOD - [2009.05.27 14:35:44 | 006,317,568 | ---- | M] () -- D:\Tobit ClipInc\Player\tobitclt.dll
MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2005.08.22 10:23:50 | 000,561,152 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead Photo Express 6\uviplA6.dll
MOD - [2005.08.22 10:23:48 | 000,020,480 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead Photo Express 6\uvipl.dll
MOD - [2005.08.22 10:11:06 | 000,019,968 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead Photo Express 6\Cpuinf32.dll
MOD - [2005.07.28 09:32:10 | 000,028,672 | ---- | M] () -- C:\Programme\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
MOD - [1998.11.30 19:34:06 | 000,075,264 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\U32MISC.DLL
MOD - [1998.07.22 18:33:02 | 000,013,824 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\u32Spy.dll
========== Services (SafeList) ==========
SRV - [2013.03.28 13:46:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.28 13:46:24 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.13 16:11:19 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.04 17:39:18 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.08.09 10:16:35 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Programme\MyScrapNook_12\bar\1.bin\12barsvc.exe -- (MyScrapNook_12Service)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.05.27 10:07:48 | 002,230,024 | ---- | M] () [Auto | Running] -- D:\Tobit ClipInc\Server\ClipInc-Server.exe -- (ClipInc001)
SRV - [2008.12.18 14:21:16 | 000,341,264 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.10.27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013.03.28 13:46:35 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.28 13:46:35 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.28 13:46:35 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013.02.23 12:12:17 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.15 21:11:57 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.07.22 10:21:08 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008.07.08 03:32:52 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008.05.27 13:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2008.04.03 14:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2007.05.09 21:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.05.09 21:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm045YYDE&ptb=0QJQ7T5LqZfaA4ON.cOf2w&ind=2010122100&ptnrS=GRxdm045YYDE&si=&n=77d00774&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
IE - HKLM\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&lang=ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=109727&tt=120812_bandext_3212_5&babsrc=HP_ss&mntrId=884be055000000000000002185c6a2b0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=884B002185C6A2B0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKCU\..\URLSearchHook: {83821C2B-32A8-4DD7-B6D4-44309A78E668} - SOFTWARE\Classes\CLSID\{83821C2B-32A8-4DD7-B6D4-44309A78E668}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {b3b5c47e-61f7-4d81-af06-461fc86686ce} - No CLSID value found
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=884B002185C6A2B0
IE - HKCU\..\SearchScopes\{29412ADE-2012-4FC3-8A93-286B55FB73F9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=C63FFDB4-8162-4578-8254-7D0AB653552B&apn_sauid=FE4EEF3D-3A1A-489C-BB5C-638FBDACE1A3
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRxdm045YYDE&ptb=0QJQ7T5LqZfaA4ON.cOf2w&ind=2010122100&ptnrS=GRxdm045YYDE&si=&n=77d00774&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=dEx9mwMsLAF9Yf_Li5YNUqqEsDM?q={searchTerms}
IE - HKCU\..\SearchScopes\{D87887CC-08DA-431B-919B-2E509C9CC189}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&lang=ru
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..extensions.enabledAddons: autopager@mozilla.org:0.6.1.32
FF - prefs.js..extensions.enabledAddons: m3ffxtbr@mywebsearch.com:1.2
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.1.32
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
FF - prefs.js..browser.startup.homepage:
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MyScrapNook_12.com/Plugin: C:\Program Files\MyScrapNook_12\bar\1.bin\NP12Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.19 13:52:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.19 13:52:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\12ffxtbr@MyScrapNook_12.com: C:\Program Files\MyScrapNook_12\bar\1.bin [2012.08.09 10:16:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.20 23:34:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.20 23:34:18 | 000,000,000 | ---D | M]
[2009.01.21 20:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alopolo\AppData\Roaming\mozilla\Extensions
[2013.04.25 09:06:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions
[2010.12.21 07:25:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.19 07:47:48 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012.07.05 23:30:36 | 000,000,000 | ---D | M] (Freeware.de) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2012.08.09 10:16:38 | 000,000,000 | ---D | M] (My Scrap Nook) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\12ffxtbr@MyScrapNook_12.com
[2010.12.21 07:24:10 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\autopager@mozilla.org
[2013.04.18 14:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\ffxtlbr@babylon.com
[2012.08.12 12:49:20 | 000,000,000 | ---D | M] (Claro Toolbar) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\ffxtlbr@claro.com
[2011.03.19 07:47:46 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Users\alopolo\AppData\Roaming\mozilla\Firefox\Profiles\2zpm80sg.default\extensions\finder@meingutscheincode.de
[2012.12.20 12:05:44 | 000,002,627 | ---- | M] () -- C:\Users\alopolo\AppData\Roaming\mozilla\firefox\profiles\2zpm80sg.default\searchplugins\askcom.xml
[2012.12.20 12:05:54 | 000,002,444 | ---- | M] () -- C:\Users\alopolo\AppData\Roaming\mozilla\firefox\profiles\2zpm80sg.default\searchplugins\babylon1.xml
[2012.12.20 12:09:01 | 000,002,188 | ---- | M] () -- C:\Users\alopolo\AppData\Roaming\mozilla\firefox\profiles\2zpm80sg.default\searchplugins\BabylonMngr.xml
[2013.04.18 14:43:05 | 000,001,294 | ---- | M] () -- C:\Users\alopolo\AppData\Roaming\mozilla\firefox\profiles\2zpm80sg.default\searchplugins\delta.xml
[2009.01.21 20:10:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.20 12:09:01 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.18 14:42:58 | 000,006,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.12.20 12:09:01 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.20 12:09:01 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.12 12:46:08 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.20 12:09:01 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (Toolbar BHO) - {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\Programme\MyScrapNook_12\bar\1.bin\12bar.dll (MindSpark)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Search Assistant BHO) - {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Programme\MyScrapNook_12\bar\1.bin\12SrcAs.dll (MindSpark)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ñïóòíèê@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (My Scrap Nook) - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Programme\MyScrapNook_12\bar\1.bin\12bar.dll (MindSpark)
O3 - HKCU\..\Toolbar\WebBrowser: (Ñïóòíèê@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Programme\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O3 - HKCU\..\Toolbar\WebBrowser: (My Scrap Nook) - {FE6F06FB-0FC0-4499-828F-EE48088F504F} - C:\Programme\MyScrapNook_12\bar\1.bin\12bar.dll (MindSpark)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EnergySettings] C:\Programme\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe (Fujitsu Siemens Computers GmbH)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [My Scrap Nook Search Scope Monitor] C:\Programme\MyScrapNook_12\bar\1.bin\12SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [MyScrapNook_12 Browser Plugin Loader] C:\Programme\MyScrapNook_12\bar\1.bin\12brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PE2CKFNT SE] C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Ulead Calendar Checker] C:\Programme\Ulead Systems\Ulead Photo Express 6\CalCheck.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ClipIncSrvTray] D:\Tobit ClipInc\Player\ClipIncTray.exe (Tobit.Software)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [dvdstyler] File not found
O4 - Startup: C:\Users\alopolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Medien-Prüfung.lnk = C:\Programme\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Ïîèñê@Mail.Ru - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Ñëîâàðè@Mail.Ru - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6C9CDA8-C6B7-477D-9E42-8375C52BB421}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\alopolo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\alopolo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2f2d5955-cd24-11dd-b1f5-002185c6a2b0}\Shell\AutoRun\command - "" = K:\menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.18 14:43:11 | 000,000,000 | ---D | C] -- C:\Users\alopolo\Local Settings
[2013.04.18 14:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDStyler
[2013.04.18 14:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\DVDStyler
[2013.04.17 14:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.04.17 14:29:02 | 000,000,000 | ---D | C] -- C:\Users\alopolo\AppData\Roaming\DVDVideoSoft
[2013.04.17 14:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013.04.17 14:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013.04.17 14:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.04.17 14:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.04.26 11:23:00 | 000,000,000 | ---- | M] () -- C:\Users\alopolo\defogger_reenable
[2013.04.26 11:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.26 10:54:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 10:54:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 10:40:59 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_alopolo.job
[2013.04.26 10:01:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2100976069-891764606-4081223034-1001UA.job
[2013.04.26 07:01:36 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.26 07:01:36 | 000,596,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.26 07:01:36 | 000,126,486 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.26 07:01:36 | 000,104,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.26 06:54:52 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_alopolo.job
[2013.04.26 06:54:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.26 06:54:10 | 3220,328,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.25 11:39:00 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_alopolo.job
[2013.04.24 22:01:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2100976069-891764606-4081223034-1001Core.job
[2013.04.18 23:46:38 | 000,001,038 | ---- | M] () -- C:\Users\alopolo\Desktop\DVDVideoSoft Free Studio.lnk
[2013.04.18 23:46:37 | 000,002,058 | ---- | M] () -- C:\Users\alopolo\Desktop\Free MP4 Video Converter.lnk
[2013.04.18 14:42:47 | 000,000,908 | ---- | M] () -- C:\Users\alopolo\Desktop\DVDStyler.lnk
[2013.04.18 12:15:22 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2013.04.18 09:03:39 | 000,001,197 | ---- | M] () -- C:\Users\alopolo\Desktop\Free YouTube to DVD Converter.lnk
[2013.04.18 09:03:39 | 000,001,106 | ---- | M] () -- C:\Users\alopolo\Desktop\Free DVD Video Burner.lnk
[2013.04.17 14:29:11 | 000,001,101 | ---- | M] () -- C:\Users\alopolo\Desktop\Free YouTube Download.lnk
[2013.04.12 12:49:06 | 000,789,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.28 13:46:35 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.28 13:46:35 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.28 13:46:35 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.04.26 11:23:00 | 000,000,000 | ---- | C] () -- C:\Users\alopolo\defogger_reenable
[2013.04.18 23:46:37 | 000,002,058 | ---- | C] () -- C:\Users\alopolo\Desktop\Free MP4 Video Converter.lnk
[2013.04.18 14:42:47 | 000,000,908 | ---- | C] () -- C:\Users\alopolo\Desktop\DVDStyler.lnk
[2013.04.18 09:03:39 | 000,001,197 | ---- | C] () -- C:\Users\alopolo\Desktop\Free YouTube to DVD Converter.lnk
[2013.04.18 09:01:08 | 000,001,106 | ---- | C] () -- C:\Users\alopolo\Desktop\Free DVD Video Burner.lnk
[2013.04.17 14:29:12 | 000,001,038 | ---- | C] () -- C:\Users\alopolo\Desktop\DVDVideoSoft Free Studio.lnk
[2013.04.17 14:29:11 | 000,001,101 | ---- | C] () -- C:\Users\alopolo\Desktop\Free YouTube Download.lnk
[2012.08.20 14:36:16 | 000,001,235 | ---- | C] () -- C:\Users\alopolo\AppData\Local\recently-used.xbel
[2009.12.30 14:59:13 | 000,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2009.11.15 21:18:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.03.08 15:36:56 | 000,000,680 | RHS- | C] () -- C:\Users\alopolo\ntuser.pol
[2009.03.07 11:50:23 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.01.25 12:48:22 | 000,000,680 | ---- | C] () -- C:\Users\alopolo\AppData\Local\d3d9caps.dat
[2008.12.21 20:02:48 | 000,012,800 | ---- | C] () -- C:\Users\alopolo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.08.12 12:46:24 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\Babylon
[2012.12.20 12:08:19 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\DesktopIconForAmazon
[2009.03.04 19:51:49 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\digital publishing
[2013.04.18 23:46:36 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\DVDVideoSoft
[2011.12.16 20:50:21 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\elsterformular
[2009.03.12 19:45:21 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\Engelmann Media
[2012.08.20 14:14:33 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\inkscape
[2011.08.03 08:15:10 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\MAGIX
[2012.08.17 02:59:40 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\MS-Buchhalter
[2012.08.22 13:02:10 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\MusE
[2012.08.12 12:45:54 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\OCS
[2012.08.12 12:46:08 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\Opera
[2009.11.16 10:43:17 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\Samsung
[2009.03.13 20:20:36 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\Serif
[2012.12.20 12:35:13 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\Systweak
[2009.03.12 19:13:03 | 000,000,000 | ---D | M] -- C:\Users\alopolo\AppData\Roaming\Tobit
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2009.01.09 20:46:16 | 000,000,000 | ---D | M](C:\Users\alopolo\Documents\????? Mail.Ru ??????) -- C:\Users\alopolo\Documents\Файлы Mail.Ru Агента
[2009.01.09 20:46:16 | 000,000,000 | ---D | C](C:\Users\alopolo\Documents\????? Mail.Ru ??????) -- C:\Users\alopolo\Documents\Файлы Mail.Ru Агента
< End of report > Code:
OTL Extras logfile created on: 26.04.2013 11:30:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\alopolosmann\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 57,08% Memory free
6,22 Gb Paging File | 4,94 Gb Available in Paging File | 79,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,63 Gb Total Space | 24,48 Gb Free Space | 15,93% Space Free | Partition Type: NTFS
Drive D: | 303,34 Gb Total Space | 272,28 Gb Free Space | 89,76% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 907,91 Gb Free Space | 97,47% Space Free | Partition Type: NTFS
Computer Name: alopolo-PC | User Name: alopolo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Müller Foto\Müller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files\Müller Foto\Müller Foto\Müller Foto.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{079FC0CC-D153-4A89-87EE-EDCAFBA3D83D}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) |
"{17436347-8224-4707-B059-310136E7CF38}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) |
"{5C2FDDCC-FCDE-4BB8-8844-E376CB7AE995}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5D7E5C46-EA15-4A58-A062-6F4ECF063674}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B8C64A64-088D-441C-87C2-1FD2527A1548}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BCF745C0-1C29-45AC-82D4-F4B6A15BE17E}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server |
"{D7D85808-E747-4F87-81D3-14E28DC69C45}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E304ED96-7E9F-41C6-BD44-F02FCE65053F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14F651D9-AAA3-4874-A74B-999E523F0671}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2E4DC274-68B5-4703-AB89-D8A2740E69FB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{325E52A9-72F2-45B3-97F3-2375704A0BF7}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{52733A88-A04B-4B21-AD91-6DFD04FFD29F}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{8DC3C739-0B3C-4EE4-8100-F07A8F58FC51}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9868F1CF-0712-4F4D-8D6E-5FBDBBDA7DB8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9CD49C33-6C55-4F3A-A539-DAA9D9D21507}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{A7FFE30C-7E9A-4E39-BBE8-59AAAEC7AF96}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A9EB14C7-7E68-4EF9-A51F-7A48E9117097}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AE0001D3-221A-4852-BC78-EBA774B2071E}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{D21B1B05-C88D-4738-A7D3-99852993EC0B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E4C2BADF-ECAE-4298-9619-E9B6BCDD8CEB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{630F4783-5DE1-4318-A04A-A8B52C8796FD}C:\users\alopolosmann\appdata\roaming\mail.ru\agent\magent.exe" = protocol=6 | dir=in | app=c:\users\alopolosmann\appdata\roaming\mail.ru\agent\magent.exe |
"TCP Query User{F6A58D04-65DA-44DC-A2E1-04C024C73048}C:\program files\mail.ru\agent\magent.exe" = protocol=6 | dir=in | app=c:\program files\mail.ru\agent\magent.exe |
"UDP Query User{E3A03FAA-814E-4E82-AA71-6A19B27B04A6}C:\program files\mail.ru\agent\magent.exe" = protocol=17 | dir=in | app=c:\program files\mail.ru\agent\magent.exe |
"UDP Query User{E55D5BD9-EA44-4E94-ADA4-BDC97E20236F}C:\users\alopolosmann\appdata\roaming\mail.ru\agent\magent.exe" = protocol=17 | dir=in | app=c:\users\alopolosmann\appdata\roaming\mail.ru\agent\magent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D9DD45B-E79A-4F04-898E-B2C3769AB729}" = Serif DrawPlus X2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C4D233-4F03-4A5D-8EFE-C651D221146D}" = Serif Digital Scrapbook Artist
"{760B29F2-8663-419B-A025-5A55066E130B}" = Ulead Photo Express 6
"{7613592F-B20C-4E1B-B2DD-67F0784D4373}" = Energy Settings
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{9605D5C2-F545-40F2-B39A-0462E4CD3811}" = Windows Vista Demo Screen Saver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B00B1355-DD54-4314-90B1-161C6A7D3FD3}" = Serif PagePlus X2
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B6E9A977-C2C7-4CA0-0001-98605B7C7D3E}" = MyTube Recorder
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload-Software
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5A716E5-6E7E-40F8-BB46-6FAEF98FB6FC}" = SystemDiagnostics
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA200000-0001-0000-0000-074957833700}" = ABBYY PDF Transformer 2.0
"{FC935397-C56E-4EE3-B9BC-1F7F3EA6CE41}" = Serif PhotoPlus X2
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVDStyler_is1" = DVDStyler v2.4.3
"ElsterFormular 11.5.0.4546" = ElsterFormular
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.2.6.320
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.23.320
"Freemake Audio Converter_is1" = Freemake Audio Converter Version 1.1.0
"GIMP-2_is1" = GIMP 2.8.0
"Google Desktop" = Google Desktop
"ifolor-OrderClient21" = ifolor Designer
"Inkscape" = Inkscape 0.48.3.1
"MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.3.351 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX FunPix Maker D" = MAGIX FunPix Maker 1.0.0.0 (D)
"MAGIX Media Suite D" = MAGIX Media Suite 1.12.0.89 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.2.0.76 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX Ringtone Maker SE D" = MAGIX Ringtone Maker SE 3.1.0.4 (D)
"MailRuSputnik" = Mail.Ru Спутник 2.0.1.54
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MS-Buchhalter Start" = MS-Buchhalter Start 3.0
"Müller Foto" = Müller Foto
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"MyScrapNook_12bar Uninstall" = My Scrap Nook Toolbar
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Sweet Home 3D_is1" = Sweet Home 3D version 3.1
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
"Ulead Photo Express 2.0 SE" = Ulead Photo Express 2.0 SE
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.01.2011 10:43:31 | Computer Name = alopolo-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.01.2011 00:55:27 | Computer Name = alopolo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.01.2011 00:55:27 | Computer Name = alopolo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.01.2011 00:56:39 | Computer Name = alopolo-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.01.2011 02:26:38 | Computer Name = alopolo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.01.2011 02:26:38 | Computer Name = alopolo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.01.2011 02:27:55 | Computer Name = alopolo-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.01.2011 06:53:55 | Computer Name = alopolo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.01.2011 06:53:55 | Computer Name = alopolo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.01.2011 06:54:47 | Computer Name = alopolo-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 12.04.2013 06:47:19 | Computer Name = alopolo-PC | Source = netbt | ID = 4300
Description = Der Treiber konnte nicht erstellt werden.
Error - 12.04.2013 16:21:22 | Computer Name = alopolo-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 14.04.2013 08:03:07 | Computer Name = alopolo-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 14.04.2013 18:39:10 | Computer Name = alopolo-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 15.04.2013 07:50:16 | Computer Name = alopolo-PC | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "\\?...d8e-11dd-a313-806e6f6e6963}"
wurden aufgrund von einem fehlgeschlagenen Rechenvorgang bezüglich verfügbarem Speicher
abgebrochen.
Error - 15.04.2013 07:50:33 | Computer Name = alopolo-PC | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "D:" wurden aufgrund von einem fehlgeschlagenen
Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
Error - 15.04.2013 11:46:34 | Computer Name = alopolo-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 18.04.2013 15:17:06 | Computer Name = alopolo-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 25.04.2013 04:09:36 | Computer Name = alopolo-PC | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "\\?...d8e-11dd-a313-806e6f6e6963}"
wurden aufgrund von einem fehlgeschlagenen Rechenvorgang bezüglich verfügbarem Speicher
abgebrochen.
Error - 25.04.2013 04:09:48 | Computer Name = alopolo-PC | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "D:" wurden aufgrund von einem fehlgeschlagenen
Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
< End of report > Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-27 18:24:10
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-07A7B0 rev.01.03B01 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\alopolo\AppData\Local\Temp\uwlorpog.sys
---- System - GMER 2.1 ----
SSDT 8DECB5D6 ZwCreateSection
SSDT 8DECB5E0 ZwRequestWaitReplyPort
SSDT 8DECB5DB ZwSetContextThread
SSDT 8DECB5E5 ZwSetSecurityObject
SSDT 8DECB5EA ZwSystemDebugControl
SSDT 8DECB577 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!KeInsertQueue + 405 828BFA3C 4 Bytes [D6, B5, EC, 8D]
.text ntoskrnl.exe!KeInsertQueue + 729 828BFD60 4 Bytes [E0, B5, EC, 8D]
.text ntoskrnl.exe!KeInsertQueue + 75E 828BFD95 3 Bytes [B5, EC, 8D]
.text ntoskrnl.exe!KeInsertQueue + 7C1 828BFDF8 4 Bytes [E5, B5, EC, 8D]
.text ntoskrnl.exe!KeInsertQueue + 809 828BFE40 4 Bytes [EA, B5, EC, 8D]
.text ...
---- User code sections - GMER 2.1 ----
.text D:\Tobit ClipInc\Server\ClipInc-Server.exe[308] kernel32.dll!SetUnhandledExceptionFilter 75ECA8B5 5 Bytes JMP 0049F8A0 D:\Tobit ClipInc\Server\ClipInc-Server.exe
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!SetScrollRange 76DED185 5 Bytes JMP 10053D40 D:\Tobit ClipInc\Player\TOBITCLT.dll
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!GetSysColorBrush 76DEE21C 5 Bytes JMP 100482E0 D:\Tobit ClipInc\Player\TOBITCLT.dll
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!GetScrollInfo 76DEF073 7 Bytes JMP 10053C10 D:\Tobit ClipInc\Player\TOBITCLT.dll
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!ShowScrollBar 76DEF8AE 5 Bytes JMP 10053D90 D:\Tobit ClipInc\Player\TOBITCLT.dll
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!SetScrollInfo 76DF71D8 7 Bytes JMP 10053CC0 D:\Tobit ClipInc\Player\TOBITCLT.dll
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!GetSysColor 76DF9BF6 5 Bytes JMP 100482A0 D:\Tobit ClipInc\Player\TOBITCLT.dll
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!DrawFrameControl 76E0676D 7 Bytes JMP 100475B0 D:\Tobit ClipInc\Player\TOBITCLT.dll
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!EnableScrollBar 76E0AF53 7 Bytes JMP 10053BD0 D:\Tobit ClipInc\Player\TOBITCLT.dll
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!GetScrollPos 76E1337D 5 Bytes JMP 10053C50 D:\Tobit ClipInc\Player\TOBITCLT.dll
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!GetScrollRange 76E134A5 5 Bytes JMP 10053C80 D:\Tobit ClipInc\Player\TOBITCLT.dll
.text D:\Tobit ClipInc\Player\ClipIncTray.exe[2128] USER32.dll!SetScrollPos 76E13602 5 Bytes JMP 10053D00 D:\Tobit ClipInc\Player\TOBITCLT.dll
---- EOF - GMER 2.1 ---- Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.04.04.07
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
alopolo :: alopolo-PC [Administrator]
28.04.2013 20:16:58
MBAM-log-2013-04-28 (20-28-01).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 231648
Laufzeit: 7 Minute(n), 12 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\ProgramData\sysReserve.ini (Malware.Trace) -> Keine Aktion durchgeführt.
(Ende)
zur Info: ich seh grad da sind einige kyrilische Buchstaben mit drinne oder eben welche die dann aber durch ganz viele fragezeichen ersetzt wurden. wenn da probleme bestehen, versuch ich soweit es geht bei zu helfen. ist eine russische mmmh sowas wie icq... |