werner018 | 01.04.2012 17:39 | also, mein problem ist, dass beim start des laptop der desktophintergrund schwarz ist, kein zugriff auf diverse programme möglich ist und ein fenster vom bundeskriminalamt österreich aufscheint, wo 100 euro zu zahlen sind. wie erwähnt kein zugriff möglich, über den abgesicherten modus habe ich aber zugriff. hoffe das hilft weiter und das untenstehende ist das gewünschte=)?!OTL Logfile:
OTL EXTRAS Logfile:
OTL EXTRAS Logfile: Code:
OTL logfile created on: 01.04.2012 18:33:04 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\***\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 73,86% Memory free
5,99 Gb Paging File | 5,35 Gb Available in Paging File | 89,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 87,89 Gb Total Space | 61,59 Gb Free Space | 70,08% Space Free | Partition Type: NTFS
Drive D: | 144,76 Gb Total Space | 33,48 Gb Free Space | 23,13% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Ad-Aware Antivirus\Engine\SBAMSvc.exe (Sunbelt Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\components\RadioWMPCoreGecko11.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
========== Win32 Services (SafeList) ==========
SRV - (Ad-Aware Service) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SBAMSvc) -- C:\Programme\Ad-Aware Antivirus\Engine\SBAMSvc.exe (Sunbelt Software)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (ufdiqpog) -- C:\Users\***\AppData\Local\Temp\ufdiqpog.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (mbr) -- C:\Users\***\AppData\Local\Temp\mbr.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sbapifs) -- C:\Windows\System32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (SBRE) -- C:\Windows\System32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (SbFw) -- C:\Windows\System32\drivers\SbFw.sys (Sunbelt Software, Inc.)
DRV - (sbhips) -- C:\Windows\System32\drivers\sbhips.sys (Sunbelt Software, Inc.)
DRV - (SbTis) -- C:\Windows\System32\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV - (SBFWIMCLMP) -- C:\Windows\System32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV - (SBFWIMCL) -- C:\Windows\System32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/index.php?lh=bbcf3a9c356bfc94d50b6dd3bdee4691&eu=8iTS3ZoyvnZj0qVP9ONEzA"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.22 09:27:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.27 20:45:07 | 000,000,000 | ---D | M]
[2011.05.01 12:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.03.10 16:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions
[2012.03.10 16:34:03 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2012.02.17 09:35:32 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.05.03 16:42:13 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.14 17:45:52 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.05.15 17:55:59 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\engine@conduit.com
[2011.05.15 16:44:22 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\engine@plasmoo.com
[2011.05.15 17:55:59 | 000,000,935 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ivmk2cvy.default\searchplugins\conduit.xml
[2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ivmk2cvy.default\searchplugins\plasmoo.xml
[2012.01.13 06:38:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.10 10:29:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IVMK2CVY.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IVMK2CVY.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IVMK2CVY.DEFAULT\EXTENSIONS\VIDEO2MP3@VIDEO2MP3.DE.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IVMK2CVY.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012.03.22 09:27:45 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.08 20:09:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.23 20:37:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.23 20:37:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.23 20:37:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.15 16:45:59 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.23 20:37:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.23 20:37:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.23 20:37:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: Facemoods = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.3.0.1_0\
CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\
CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll (facemoods.com)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [UpdateStar] C:\Users\***\AppData\Roaming\UpdateStar\UpdateStar.exe (UpdateStar GmbH)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
F3 - HKCU WinNT: Load - (C:\Users\***\LOCALS~1\Temp\msaign.cmd) - C:\Users\***\LOCALS~1\Temp\msaign.cmd ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{080B1618-368D-406D-90F7-286125D568DB}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.04.01 14:25:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR
[2012.04.01 14:25:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.04.01 14:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.04.01 14:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.04.01 13:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.04.01 13:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.04.01 12:15:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2012.04.01 12:09:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner
[2012.04.01 10:42:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\adaware
[2012.04.01 10:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012.04.01 10:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012.04.01 10:42:42 | 000,094,040 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbhips.sys
[2012.04.01 10:42:41 | 000,078,936 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbtis.sys
[2012.04.01 10:42:28 | 000,221,784 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFw.sys
[2012.04.01 10:42:28 | 000,069,208 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFwIm.sys
[2012.04.01 10:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012.04.01 10:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012.04.01 10:28:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2012.04.01 10:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.04.01 10:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.03.31 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.03.31 20:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.31 20:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.31 20:03:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.31 20:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.31 19:19:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gizza
[2012.03.31 19:19:16 | 000,000,000 | ---D | C] -- C:\Users\***\Local Settings
[2012.03.06 22:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.04.01 14:27:17 | 000,002,811 | ---- | M] () -- C:\Users\***\Desktop\Logfiles.zip
[2012.04.01 11:57:00 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.01 11:57:00 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.01 11:57:00 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.01 11:57:00 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.01 11:52:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.01 11:52:38 | 2414,325,760 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.01 11:51:39 | 000,012,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.01 11:51:39 | 000,012,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.01 11:43:21 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.01 11:39:44 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.04.01 11:24:35 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.04.01 11:10:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.23 16:05:48 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.03.14 17:48:12 | 000,412,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.04.01 14:25:16 | 000,002,811 | ---- | C] () -- C:\Users\***\Desktop\Logfiles.zip
[2012.04.01 11:22:41 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.04.01 10:45:58 | 000,001,082 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2011.06.21 15:33:12 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.21 15:31:45 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.19 17:08:42 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2011.05.01 13:41:04 | 000,000,244 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.05.01 13:41:04 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.05.01 13:40:38 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.05.01 13:40:38 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.05.01 13:39:54 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011.05.01 13:39:50 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011.05.01 13:39:50 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.05.01 13:39:49 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011.05.01 12:11:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== LOP Check ==========
[2012.04.01 10:47:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2012.04.01 11:51:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent
[2012.04.01 11:45:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.05.15 17:25:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.05.15 16:44:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.31 19:20:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gizza
[2011.06.15 16:57:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UpdateStar
[2012.04.01 11:39:44 | 000,001,082 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.01.23 08:47:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< OTL Extras logfile created on: 01.04.2012 18:21:21 - Run 1 >
< OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\***\Downloads >
< Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation >
< Internet Explorer (Version = 8.0.7601.17514) >
< Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy >
< >
< 3,00 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 74,49% Memory free >
< 5,99 Gb Paging File | 5,38 Gb Available in Paging File | 89,72% Paging File free >
< Paging file location(s): ?:\pagefile.sys [binary data] >
< >
< %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files >
< Drive C: | 87,89 Gb Total Space | 61,60 Gb Free Space | 70,08% Space Free | Partition Type: NTFS >
< Drive D: | 144,76 Gb Total Space | 33,48 Gb Free Space | 23,13% Space Free | Partition Type: NTFS >
< >
< Computer Name: ***-PC | User Name: *** | Logged in as Administrator. >
< Boot Mode: SafeMode with Networking | Scan Mode: Current user >
< Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days >
< >
< ========== Extra Registry (SafeList) ========== >
Invalid Switch: color]
< >
< >
< ========== File Associations ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] >
< .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) >
< .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) >
< .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) >
< >
< [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] >
< .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) >
< >
< ========== Shell Spawning ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] >
< batfile [open] -- "%1" %* >
< cmdfile [open] -- "%1" %* >
< comfile [open] -- "%1" %* >
< cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) >
< exefile [open] -- "%1" %* >
< helpfile [open] -- Reg Error: Key error. >
< hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) >
< http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) >
< https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) >
< inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) >
< piffile [open] -- "%1" %* >
< regfile [merge] -- Reg Error: Key error. >
< scrfile [config] -- "%1" >
< scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l >
< scrfile [open] -- "%1" /S >
< txtfile [edit] -- Reg Error: Key error. >
< Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 >
< Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) >
< Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
< Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) >
< Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
< Folder [explore] -- Reg Error: Value error. >
< Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
< >
< ========== Security Center Settings ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] >
< "cval" = 0 >
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] >
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] >
< "VistaSp1" = Reg Error: Unknown registry data type -- File not found >
< "AntiVirusOverride" = 0 >
< "AntiSpywareOverride" = 0 >
< "FirewallOverride" = 0 >
< >
< ========== Firewall Settings ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] >
< "DisableNotifications" = 0 >
< "EnableFirewall" = 0 >
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] >
< "DisableNotifications" = 0 >
< "EnableFirewall" = 0 >
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] >
< "DisableNotifications" = 0 >
< "EnableFirewall" = 0 >
< >
< ========== Authorized Applications List ========== >
Invalid Switch: color]
< >
< >
< ========== HKEY_LOCAL_MACHINE Uninstall List ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >
< "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour >
< "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime >
< "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 >
< "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29 >
< "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile >
< "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support >
< "{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-5490CN >
< "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater >
< "{5C4D532E-4EC9-11E1-9544-B8AC6F97B88E}" = Google Earth Plug-in >
< "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator >
< "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update >
< "{7B309654-086F-4231-BED8-30CCDBB23DCF}" = UpdateStar >
< "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 >
< "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 >
< "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 >
< "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 >
< "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 >
< "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 >
< "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 >
< "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 >
< "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 >
< "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 >
< "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 >
< "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 >
< "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 >
< "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 >
< "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 >
< "{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme >
< "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 >
< "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper >
< "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 >
< "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support >
< "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch >
< "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call >
< "{cc937cbc-4be2-4227-9660-ff2f2a1d9467}" = Ad-Aware Antivirus >
< "{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes >
< "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack >
< "7-Zip" = 7-Zip 9.20 >
< "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection >
< "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX >
< "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin >
< "Advanced Audio FX Engine" = Advanced Audio FX Engine >
< "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus >
< "BitTorrent" = BitTorrent >
< "BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar >
< "CCleaner" = CCleaner >
< "conduitEngine" = Conduit Engine >
< "Dell Video Chat" = Dell Video Chat >
< "Dell Webcam Central" = Dell Webcam Central >
< "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar >
< "ENTERPRISE" = Microsoft Office Enterprise 2007 >
< "facemoods" = Facemoods Toolbar >
< "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8 >
< "Free Studio_is1" = Free Studio version 5.0.9 >
< "Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324 >
< "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426 >
< "Google Chrome" = Google Chrome >
< "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000 >
< "McAfee Security Scan" = McAfee Security Scan Plus >
< "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile >
< "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack >
< "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) >
< "softonic-de3 Toolbar" = softonic-de3 Toolbar >
< "Uninstall_is1" = Uninstall 1.0.0.1 >
< "WinRAR archiver" = WinRAR 4.11 (32-Bit) >
< >
< ========== HKEY_CURRENT_USER Uninstall List ========== >
Invalid Switch: color]
< >
< [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >
< "Dropbox" = Dropbox >
< "f031ef6ac137efc5" = Dell Driver Download Manager >
< >
< ========== Last 10 Event Log Errors ========== >
Invalid Switch: color]
< >
< [ Application Events ] >
< Error - 31.03.2012 14:54:48 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001 >
< Description = STI BrtSTI: [2012/03/31 20:54:48.989]: [00001780]: GetDeviceIpAddress: >
Invalid Switch: 31 20:54:48.989]: [00001780]: GetDeviceIpAddress:
< GetAddressByName [BRN001BA90813A6] Error >
< >
< Error - 31.03.2012 14:57:37 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001 >
< Description = STI BrtSTI: [2012/03/31 20:57:37.139]: [00001764]: GetDeviceIpAddress: >
Invalid Switch: 31 20:57:37.139]: [00001764]: GetDeviceIpAddress:
< GetAddressByName [BRN001BA90813A6] Error >
< >
< Error - 31.03.2012 15:01:27 | Computer Name = ***-PC | Source = Software Protection Platform Service | ID = 8198 >
< Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: 0x8007043C >
< >
< Error - 31.03.2012 15:01:27 | Computer Name = ***-PC | Source = Winlogon | ID = 4103 >
< Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000. >
< >
< Error - 31.03.2012 15:19:29 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001 >
< Description = STI BrtSTI: [2012/03/31 21:19:29.956]: [00001796]: GetDeviceIpAddress: >
Invalid Switch: 31 21:19:29.956]: [00001796]: GetDeviceIpAddress:
< GetAddressByName [BRN001BA90813A6] Error >
< >
< Error - 31.03.2012 15:20:00 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001 >
< Description = STI BrtSTI: [2012/03/31 21:20:00.064]: [00001796]: GetDeviceIpAddress: >
Invalid Switch: 31 21:20:00.064]: [00001796]: GetDeviceIpAddress:
< GetAddressByName [BRN001BA90813A6] Error >
< >
< Error - 31.03.2012 15:20:30 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001 >
< Description = STI BrtSTI: [2012/03/31 21:20:30.129]: [00001796]: GetDeviceIpAddress: >
Invalid Switch: 31 21:20:30.129]: [00001796]: GetDeviceIpAddress:
< GetAddressByName [BRN001BA90813A6] Error >
< >
< Error - 01.04.2012 04:18:31 | Computer Name = ***-PC | Source = Software Protection Platform Service | ID = 8198 >
< Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: 0x8007043C >
< >
< Error - 01.04.2012 04:18:31 | Computer Name = ***-PC | Source = Winlogon | ID = 4103 >
< Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000. >
< >
< Error - 01.04.2012 04:33:29 | Computer Name = ***-PC | Source = Application Error | ID = 0 >
< Description = >
< >
< [ OSession Events ] >
< Error - 18.07.2011 16:07:27 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 >
< Description = ID: 0, Application Name: Microsoft Office Word, Application Version: >
< 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 40931 >
< seconds with 4620 seconds of active time. This session ended with a crash. >
< >
< [ System Events ] >
< Error - 01.04.2012 06:53:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 >
< Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der >
< aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 >
< >
< Error - 01.04.2012 06:53:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 >
< Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der >
< aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 >
< >
< Error - 01.04.2012 06:53:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 >
< Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" >
< abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 >
< >
< Error - 01.04.2012 06:53:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 >
< Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der >
< aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 >
< >
< Error - 01.04.2012 06:53:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 >
< Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der >
< aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 >
< >
< Error - 01.04.2012 06:53:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 >
< Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der >
< aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 >
< >
< Error - 01.04.2012 06:53:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 >
< Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der >
< aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 >
< >
< Error - 01.04.2012 06:53:20 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 >
< Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der >
< aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 >
< >
< Error - 01.04.2012 06:53:20 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 >
< Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der >
< aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 >
< >
< Error - 01.04.2012 08:43:18 | Computer Name = ***-PC | Source = DCOM | ID = 10005 >
< Description = >
< >
< >
< < End of report >
--- --- ---
--- --- ---
--- --- ---
>
< End of report >
glaub da war vorhin ein fehler drinn, da sind jetz mal beide inhalte:OTL EXTRAS Logfile:
OTL EXTRAS Logfile:
OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 01.04.2012 19:30:31 - Run 4
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\***\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 73,14% Memory free
5,99 Gb Paging File | 5,34 Gb Available in Paging File | 89,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 87,89 Gb Total Space | 61,59 Gb Free Space | 70,07% Space Free | Partition Type: NTFS
Drive D: | 144,76 Gb Total Space | 33,48 Gb Free Space | 23,13% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-5490CN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C4D532E-4EC9-11E1-9544-B8AC6F97B88E}" = Google Earth Plug-in
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B309654-086F-4231-BED8-30CCDBB23DCF}" = UpdateStar
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{cc937cbc-4be2-4227-9660-ff2f2a1d9467}" = Ad-Aware Antivirus
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"facemoods" = Facemoods Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free Studio_is1" = Free Studio version 5.0.9
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 31.03.2012 14:54:48 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/31 20:54:48.989]: [00001780]: GetDeviceIpAddress:
GetAddressByName [BRN001BA90813A6] Error
Error - 31.03.2012 14:57:37 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/31 20:57:37.139]: [00001764]: GetDeviceIpAddress:
GetAddressByName [BRN001BA90813A6] Error
Error - 31.03.2012 15:01:27 | Computer Name = ***-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: 0x8007043C
Error - 31.03.2012 15:01:27 | Computer Name = ***-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
Error - 31.03.2012 15:19:29 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/31 21:19:29.956]: [00001796]: GetDeviceIpAddress:
GetAddressByName [BRN001BA90813A6] Error
Error - 31.03.2012 15:20:00 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/31 21:20:00.064]: [00001796]: GetDeviceIpAddress:
GetAddressByName [BRN001BA90813A6] Error
Error - 31.03.2012 15:20:30 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/31 21:20:30.129]: [00001796]: GetDeviceIpAddress:
GetAddressByName [BRN001BA90813A6] Error
Error - 01.04.2012 04:18:31 | Computer Name = ***-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: 0x8007043C
Error - 01.04.2012 04:18:31 | Computer Name = ***-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
Error - 01.04.2012 04:33:29 | Computer Name = ***-PC | Source = Application Error | ID = 0
Description =
[ OSession Events ]
Error - 18.07.2011 16:07:27 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 40931
seconds with 4620 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 01.04.2012 06:53:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2012 06:53:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2012 06:53:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2012 06:53:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2012 06:53:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2012 06:53:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2012 06:53:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2012 06:53:20 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2012 06:53:20 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2012 08:43:18 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
< End of report > --- --- ---
--- --- ---
--- --- ---
OTL Logfile:
OTL EXTRAS Logfile: Code:
OTL logfile created on: 01.04.2012 19:30:31 - Run 4
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\***\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 73,14% Memory free
5,99 Gb Paging File | 5,34 Gb Available in Paging File | 89,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 87,89 Gb Total Space | 61,59 Gb Free Space | 70,07% Space Free | Partition Type: NTFS
Drive D: | 144,76 Gb Total Space | 33,48 Gb Free Space | 23,13% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Ad-Aware Antivirus\Engine\SBAMSvc.exe (Sunbelt Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\components\RadioWMPCoreGecko11.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
========== Win32 Services (SafeList) ==========
SRV - (Ad-Aware Service) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SBAMSvc) -- C:\Programme\Ad-Aware Antivirus\Engine\SBAMSvc.exe (Sunbelt Software)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (ufdiqpog) -- C:\Users\***\AppData\Local\Temp\ufdiqpog.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (mbr) -- C:\Users\***\AppData\Local\Temp\mbr.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sbapifs) -- C:\Windows\System32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (SBRE) -- C:\Windows\System32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (SbFw) -- C:\Windows\System32\drivers\SbFw.sys (Sunbelt Software, Inc.)
DRV - (sbhips) -- C:\Windows\System32\drivers\sbhips.sys (Sunbelt Software, Inc.)
DRV - (SbTis) -- C:\Windows\System32\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV - (SBFWIMCLMP) -- C:\Windows\System32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV - (SBFWIMCL) -- C:\Windows\System32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=gppc
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/index.php?lh=bbcf3a9c356bfc94d50b6dd3bdee4691&eu=8iTS3ZoyvnZj0qVP9ONEzA"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.22 09:27:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.27 20:45:07 | 000,000,000 | ---D | M]
[2011.05.01 12:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.03.10 16:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions
[2012.03.10 16:34:03 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2012.02.17 09:35:32 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.05.03 16:42:13 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.14 17:45:52 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.05.15 17:55:59 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\engine@conduit.com
[2011.05.15 16:44:22 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\engine@plasmoo.com
[2011.05.15 17:55:59 | 000,000,935 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ivmk2cvy.default\searchplugins\conduit.xml
[2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ivmk2cvy.default\searchplugins\plasmoo.xml
[2012.01.13 06:38:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.10 10:29:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IVMK2CVY.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IVMK2CVY.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IVMK2CVY.DEFAULT\EXTENSIONS\VIDEO2MP3@VIDEO2MP3.DE.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IVMK2CVY.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012.03.22 09:27:45 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.08 20:09:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.23 20:37:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.23 20:37:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.23 20:37:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.15 16:45:59 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.23 20:37:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.23 20:37:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.23 20:37:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: Facemoods = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.3.0.1_0\
CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\
CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll (facemoods.com)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [UpdateStar] C:\Users\***\AppData\Roaming\UpdateStar\UpdateStar.exe (UpdateStar GmbH)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
F3 - HKCU WinNT: Load - (C:\Users\***\LOCALS~1\Temp\msaign.cmd) - C:\Users\***\LOCALS~1\Temp\msaign.cmd ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{080B1618-368D-406D-90F7-286125D568DB}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.04.01 14:25:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR
[2012.04.01 14:25:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.04.01 14:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.04.01 14:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.04.01 13:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.04.01 13:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.04.01 12:15:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2012.04.01 12:09:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner
[2012.04.01 10:42:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\adaware
[2012.04.01 10:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012.04.01 10:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012.04.01 10:42:42 | 000,094,040 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbhips.sys
[2012.04.01 10:42:41 | 000,078,936 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbtis.sys
[2012.04.01 10:42:28 | 000,221,784 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFw.sys
[2012.04.01 10:42:28 | 000,069,208 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFwIm.sys
[2012.04.01 10:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012.04.01 10:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012.04.01 10:28:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2012.04.01 10:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.04.01 10:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.03.31 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.03.31 20:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.31 20:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.31 20:03:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.31 20:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.31 19:19:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gizza
[2012.03.31 19:19:16 | 000,000,000 | ---D | C] -- C:\Users\***\Local Settings
[2012.03.13 21:09:29 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.13 21:09:26 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.13 21:08:37 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012.03.13 21:08:37 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012.03.13 21:08:35 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.03.13 21:08:35 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.03.13 21:08:35 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.03.06 22:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.04.01 14:27:17 | 000,002,811 | ---- | M] () -- C:\Users\***\Desktop\Logfiles.zip
[2012.04.01 11:57:00 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.01 11:57:00 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.01 11:57:00 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.01 11:57:00 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.01 11:52:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.01 11:52:38 | 2414,325,760 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.01 11:51:39 | 000,012,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.01 11:51:39 | 000,012,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.01 11:43:21 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.01 11:39:44 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.04.01 11:24:35 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.04.01 11:10:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.23 16:05:48 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.03.14 17:48:12 | 000,412,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.04.01 14:25:16 | 000,002,811 | ---- | C] () -- C:\Users\***\Desktop\Logfiles.zip
[2012.04.01 11:22:41 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.04.01 10:45:58 | 000,001,082 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2011.06.21 15:33:12 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.21 15:31:45 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.19 17:08:42 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2011.05.01 13:41:04 | 000,000,244 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.05.01 13:41:04 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.05.01 13:40:38 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.05.01 13:40:38 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.05.01 13:39:54 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011.05.01 13:39:50 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011.05.01 13:39:50 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.05.01 13:39:49 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011.05.01 12:11:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
< End of report > --- --- ---
--- --- --- |