| |
| |||||||
Log-Analyse und Auswertung: BAK 1.09 entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
01.04.2012, 13:41
| #1 |
| |  BAK 1.09 entfernen hallo, bräuchte bitte Hilfe beim Entfernen eines Trojaners (BAK 1.09), da ich selbst über wenig bis gar keine Computerkenntnisse verfüge=)!!! vielen dank im voraus!!! . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29 Run by *** at 12:02:08 on 2012-04-01 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1031.18.3070.2552 [GMT 2:00] . AV: Lavasoft Ad-Aware *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81} AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Lavasoft Ad-Aware *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C} FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\***\Downloads\Defogger.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.facemoods.com/?a=gppc uInternet Settings,ProxyOverride = *.local mSearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll uURLSearchHooks: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files\softonic-de3\tbsoft.dll uURLSearchHooks: BittorrentBar_DE Toolbar: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - c:\program files\bittorrentbar_de\tbBitt.dll mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll mURLSearchHooks: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files\softonic-de3\tbsoft.dll mURLSearchHooks: BittorrentBar_DE Toolbar: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - c:\program files\bittorrentbar_de\tbBitt.dll uWindows: Load=c:\users\***\locals~1\temp\msaign.cmd BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll BHO: BittorrentBar_DE Toolbar: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - c:\program files\bittorrentbar_de\tbBitt.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GR469A~1.DLL BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files\softonic-de3\tbsoft.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll TB: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files\softonic-de3\tbsoft.dll TB: BittorrentBar_DE Toolbar: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - c:\program files\bittorrentbar_de\tbBitt.dll TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" uRun: [UpdateStar] c:\users\***\appdata\roaming\updatestar\UpdateStar.exe -A uRun: [SightSpeed] "c:\program files\dell video chat\DellVideoChat.exe" -bootmode uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe" /md I mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2 mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe" StartupFolder: c:\users\***\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\***\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Free YouTube Download - c:\users\***\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm IE: Free YouTube to MP3 Converter - c:\users\***\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~1\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 10.0.0.138 TCP: Interfaces\{080B1618-368D-406D-90F7-286125D568DB} : DhcpNameServer = 10.0.0.138 TCP: Interfaces\{080B1618-368D-406D-90F7-286125D568DB}\4586F6D637F6E6033444644334 : DhcpNameServer = 10.0.0.138 10.0.0.138 TCP: Interfaces\{080B1618-368D-406D-90F7-286125D568DB}\849627F6378696D616 : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GRA32A~1.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GR469A~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\***\appdata\roaming\mozilla\firefox\profiles\ivmk2cvy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Facemoods Search FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/index.php?lh=bbcf3a9c356bfc94d50b6dd3bdee4691&eu=8iTS3ZoyvnZj0qVP9ONEzA FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&q= FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll . ============= SERVICES / DRIVERS =============== . R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-1 221784] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720] R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-1 78936] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-3-29 1161072] R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\engine\SBAMSvc.exe [2011-5-17 2804280] R3 k57nd60x;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-14 229888] R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-1 69208] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2011-5-1 136360] S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-1 269480] S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-1 66616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-19 136176] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-31 652360] S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-11 74968] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-19 136176] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-31 20464] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-21 15872] S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-1 69208] S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-1 94040] S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224] S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-2 1343400] . =============== Created Last 30 ================ . 2012-04-01 08:42:58 -------- d-----w- c:\users\***\appdata\local\adaware 2012-04-01 08:42:56 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2012-04-01 08:42:42 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys 2012-04-01 08:42:41 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys 2012-04-01 08:42:28 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys 2012-04-01 08:42:28 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys 2012-04-01 08:42:25 -------- d-----w- c:\program files\Ad-Aware Antivirus 2012-04-01 08:28:18 -------- d-----w- c:\users\***\appdata\roaming\Ad-Aware Antivirus 2012-04-01 08:23:14 -------- d-----w- c:\program files\CCleaner 2012-03-31 18:03:25 -------- d-----w- c:\users\***\appdata\roaming\Malwarebytes 2012-03-31 18:03:20 -------- d-----w- c:\programdata\Malwarebytes 2012-03-31 18:03:19 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-31 18:03:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-31 17:19:17 -------- d-----w- c:\users\***\appdata\roaming\gizza 2012-03-22 07:27:45 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2012-03-22 07:27:45 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll 2012-03-13 19:09:29 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 19:09:26 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 19:08:37 919040 ----a-w- c:\windows\system32\rdpcorets.dll 2012-03-13 19:08:37 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-13 19:08:37 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 19:08:37 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-13 19:08:35 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-13 19:08:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 19:08:35 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll . ==================== Find3M ==================== . 2012-01-08 18:09:21 472808 ----a-w- c:\windows\system32\deployJava1.dll . ============= FINISH: 12:02:54,08 =============== |
|
01.04.2012, 13:59
| #2 |
| /// Malware-holic   | BAK 1.09 entfernen hi,
__________________1. fängt man immer mit ner problem beschreibung an. welches programm zeigt trojaner? fundmeldungen posten. des weiteren, gibts probleme mit dem pc, wenn ja, welche? Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
01.04.2012, 17:39
| #3 |
| | BAK 1.09 entfernen also, mein problem ist, dass beim start des laptop der desktophintergrund schwarz ist, kein zugriff auf diverse programme möglich ist und ein fenster vom bundeskriminalamt österreich aufscheint, wo 100 euro zu zahlen sind. wie erwähnt kein zugriff möglich, über den abgesicherten modus habe ich aber zugriff. hoffe das hilft weiter und das untenstehende ist das gewünschte=)?!OTL Logfile:
__________________OTL EXTRAS Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 01.04.2012 18:33:04 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\***\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 73,86% Memory free
5,99 Gb Paging File | 5,35 Gb Available in Paging File | 89,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 87,89 Gb Total Space | 61,59 Gb Free Space | 70,08% Space Free | Partition Type: NTFS
Drive D: | 144,76 Gb Total Space | 33,48 Gb Free Space | 23,13% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Ad-Aware Antivirus\Engine\SBAMSvc.exe (Sunbelt Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\components\RadioWMPCoreGecko11.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
========== Win32 Services (SafeList) ==========
SRV - (Ad-Aware Service) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SBAMSvc) -- C:\Programme\Ad-Aware Antivirus\Engine\SBAMSvc.exe (Sunbelt Software)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (ufdiqpog) -- C:\Users\***\AppData\Local\Temp\ufdiqpog.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (mbr) -- C:\Users\***\AppData\Local\Temp\mbr.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sbapifs) -- C:\Windows\System32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (SBRE) -- C:\Windows\System32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (SbFw) -- C:\Windows\System32\drivers\SbFw.sys (Sunbelt Software, Inc.)
DRV - (sbhips) -- C:\Windows\System32\drivers\sbhips.sys (Sunbelt Software, Inc.)
DRV - (SbTis) -- C:\Windows\System32\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV - (SBFWIMCLMP) -- C:\Windows\System32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV - (SBFWIMCL) -- C:\Windows\System32\drivers\SbFwIm.sys (Sunbelt Software, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/index.php?lh=bbcf3a9c356bfc94d50b6dd3bdee4691&eu=8iTS3ZoyvnZj0qVP9ONEzA"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.22 09:27:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.27 20:45:07 | 000,000,000 | ---D | M]
[2011.05.01 12:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.03.10 16:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions
[2012.03.10 16:34:03 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2012.02.17 09:35:32 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.05.03 16:42:13 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.14 17:45:52 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.05.15 17:55:59 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\engine@conduit.com
[2011.05.15 16:44:22 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\engine@plasmoo.com
[2011.05.15 17:55:59 | 000,000,935 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ivmk2cvy.default\searchplugins\conduit.xml
[2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ivmk2cvy.default\searchplugins\plasmoo.xml
[2012.01.13 06:38:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.10 10:29:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IVMK2CVY.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IVMK2CVY.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IVMK2CVY.DEFAULT\EXTENSIONS\VIDEO2MP3@VIDEO2MP3.DE.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IVMK2CVY.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012.03.22 09:27:45 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.08 20:09:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.23 20:37:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.23 20:37:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.23 20:37:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.15 16:45:59 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.23 20:37:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.23 20:37:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.23 20:37:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: Facemoods = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.3.0.1_0\
CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\
CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll (facemoods.com)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [UpdateStar] C:\Users\***\AppData\Roaming\UpdateStar\UpdateStar.exe (UpdateStar GmbH)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
F3 - HKCU WinNT: Load - (C:\Users\***\LOCALS~1\Temp\msaign.cmd) - C:\Users\***\LOCALS~1\Temp\msaign.cmd ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{080B1618-368D-406D-90F7-286125D568DB}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.04.01 14:25:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR
[2012.04.01 14:25:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.04.01 14:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.04.01 14:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.04.01 13:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.04.01 13:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.04.01 12:15:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2012.04.01 12:09:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner
[2012.04.01 10:42:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\adaware
[2012.04.01 10:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012.04.01 10:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012.04.01 10:42:42 | 000,094,040 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbhips.sys
[2012.04.01 10:42:41 | 000,078,936 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbtis.sys
[2012.04.01 10:42:28 | 000,221,784 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFw.sys
[2012.04.01 10:42:28 | 000,069,208 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFwIm.sys
[2012.04.01 10:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012.04.01 10:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012.04.01 10:28:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2012.04.01 10:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.04.01 10:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.03.31 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.03.31 20:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.31 20:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.31 20:03:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.31 20:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.31 19:19:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gizza
[2012.03.31 19:19:16 | 000,000,000 | ---D | C] -- C:\Users\***\Local Settings
[2012.03.06 22:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.04.01 14:27:17 | 000,002,811 | ---- | M] () -- C:\Users\***\Desktop\Logfiles.zip
[2012.04.01 11:57:00 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.01 11:57:00 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.01 11:57:00 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.01 11:57:00 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.01 11:52:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.01 11:52:38 | 2414,325,760 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.01 11:51:39 | 000,012,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.01 11:51:39 | 000,012,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.01 11:43:21 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.01 11:39:44 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.04.01 11:24:35 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.04.01 11:10:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.23 16:05:48 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.03.14 17:48:12 | 000,412,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.04.01 14:25:16 | 000,002,811 | ---- | C] () -- C:\Users\***\Desktop\Logfiles.zip
[2012.04.01 11:22:41 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.04.01 10:45:58 | 000,001,082 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2011.06.21 15:33:12 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.21 15:31:45 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.19 17:08:42 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2011.05.01 13:41:04 | 000,000,244 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011.05.01 13:41:04 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011.05.01 13:40:38 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.05.01 13:40:38 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.05.01 13:39:54 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011.05.01 13:39:50 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011.05.01 13:39:50 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.05.01 13:39:49 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011.05.01 12:11:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== LOP Check ==========
[2012.04.01 10:47:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2012.04.01 11:51:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent
[2012.04.01 11:45:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.05.15 17:25:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.05.15 16:44:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.31 19:20:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gizza
[2011.06.15 16:57:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UpdateStar
[2012.04.01 11:39:44 | 000,001,082 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012.01.23 08:47:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< OTL Extras logfile created on: 01.04.2012 18:21:21 - Run 1 >
< OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\***\Downloads >
< Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation >
< Internet Explorer (Version = 8.0.7601.17514) >
< Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy >
< >
< 3,00 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 74,49% Memory free >
< 5,99 Gb Paging File | 5,38 Gb Available in Paging File | 89,72% Paging File free >
< Paging file location(s): ?:\pagefile.sys [binary data] >
< >
< %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files >
< Drive C: | 87,89 Gb Total Space | 61,60 Gb Free Space | 70,08% Space Free | Partition Type: NTFS >
< Drive D: | 144,76 Gb Total Space | 33,48 Gb Free Space | 23,13% Space Free | Partition Type: NTFS >
< >
< Computer Name: ***-PC | User Name: *** | Logged in as Administrator. >
< Boot Mode: SafeMode with Networking | Scan Mode: Current user >
< Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days >
< >
< ========== Extra Registry (SafeList) ========== >
Invalid Switch: color]
< >
< >
< ========== File Associations ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] >
< .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) >
< .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) >
< .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) >
< >
< [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] >
< .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) >
< >
< ========== Shell Spawning ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] >
< batfile [open] -- "%1" %* >
< cmdfile [open] -- "%1" %* >
< comfile [open] -- "%1" %* >
< cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) >
< exefile [open] -- "%1" %* >
< helpfile [open] -- Reg Error: Key error. >
< hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) >
< http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) >
< https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) >
< inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) >
< piffile [open] -- "%1" %* >
< regfile [merge] -- Reg Error: Key error. >
< scrfile [config] -- "%1" >
< scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l >
< scrfile [open] -- "%1" /S >
< txtfile [edit] -- Reg Error: Key error. >
< Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 >
< Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) >
< Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
< Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) >
< Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
< Folder [explore] -- Reg Error: Value error. >
< Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) >
< >
< ========== Security Center Settings ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] >
< "cval" = 0 >
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] >
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] >
< "VistaSp1" = Reg Error: Unknown registry data type -- File not found >
< "AntiVirusOverride" = 0 >
< "AntiSpywareOverride" = 0 >
< "FirewallOverride" = 0 >
< >
< ========== Firewall Settings ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] >
< "DisableNotifications" = 0 >
< "EnableFirewall" = 0 >
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] >
< "DisableNotifications" = 0 >
< "EnableFirewall" = 0 >
< >
< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] >
< "DisableNotifications" = 0 >
< "EnableFirewall" = 0 >
< >
< ========== Authorized Applications List ========== >
Invalid Switch: color]
< >
< >
< ========== HKEY_LOCAL_MACHINE Uninstall List ========== >
Invalid Switch: color]
< >
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >
< "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour >
< "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime >
< "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 >
< "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29 >
< "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile >
< "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support >
< "{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-5490CN >
< "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater >
< "{5C4D532E-4EC9-11E1-9544-B8AC6F97B88E}" = Google Earth Plug-in >
< "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator >
< "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update >
< "{7B309654-086F-4231-BED8-30CCDBB23DCF}" = UpdateStar >
< "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 >
< "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 >
< "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 >
< "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 >
< "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 >
< "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 >
< "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 >
< "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 >
< "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 >
< "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 >
< "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 >
< "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 >
< "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 >
< "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 >
< "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 >
< "{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme >
< "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 >
< "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper >
< "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 >
< "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support >
< "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch >
< "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call >
< "{cc937cbc-4be2-4227-9660-ff2f2a1d9467}" = Ad-Aware Antivirus >
< "{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes >
< "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack >
< "7-Zip" = 7-Zip 9.20 >
< "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection >
< "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX >
< "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin >
< "Advanced Audio FX Engine" = Advanced Audio FX Engine >
< "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus >
< "BitTorrent" = BitTorrent >
< "BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar >
< "CCleaner" = CCleaner >
< "conduitEngine" = Conduit Engine >
< "Dell Video Chat" = Dell Video Chat >
< "Dell Webcam Central" = Dell Webcam Central >
< "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar >
< "ENTERPRISE" = Microsoft Office Enterprise 2007 >
< "facemoods" = Facemoods Toolbar >
< "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8 >
< "Free Studio_is1" = Free Studio version 5.0.9 >
< "Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324 >
< "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426 >
< "Google Chrome" = Google Chrome >
< "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000 >
< "McAfee Security Scan" = McAfee Security Scan Plus >
< "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile >
< "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack >
< "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) >
< "softonic-de3 Toolbar" = softonic-de3 Toolbar >
< "Uninstall_is1" = Uninstall 1.0.0.1 >
< "WinRAR archiver" = WinRAR 4.11 (32-Bit) >
< >
< ========== HKEY_CURRENT_USER Uninstall List ========== >
Invalid Switch: color]
< >
< [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] >
< "Dropbox" = Dropbox >
< "f031ef6ac137efc5" = Dell Driver Download Manager >
< >
< ========== Last 10 Event Log Errors ========== >
Invalid Switch: color]
< >
< [ Application Events ] >
< Error - 31.03.2012 14:54:48 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001 >
< Description = STI BrtSTI: [2012/03/31 20:54:48.989]: [00001780]: GetDeviceIpAddress: >
Invalid Switch: 31 20:54:48.989]: [00001780]: GetDeviceIpAddress:
< GetAddressByName [BRN001BA90813A6] Error >
< >
< Error - 31.03.2012 14:57:37 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001 >
< Description = STI BrtSTI: [2012/03/31 20:57:37.139]: [00001764]: GetDeviceIpAddress: >
Invalid Switch: 31 20:57:37.139]: [00001764]: GetDeviceIpAddress:
< GetAddressByName [BRN001BA90813A6] Error >
< >
< Error - 31.03.2012 15:01:27 | Computer Name = ***-PC | Source = Software Protection Platform Service | ID = 8198 >
< Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: 0x8007043C >
< >
< Error - 31.03.2012 15:01:27 | Computer Name = ***-PC | Source = Winlogon | ID = 4103 >
< Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000. >
< >
< Error - 31.03.2012 15:19:29 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001 >
< Description = STI BrtSTI: [2012/03/31 21:19:29.956]: [00001796]: GetDeviceIpAddress: >
Invalid Switch: 31 21:19:29.956]: [00001796]: GetDeviceIpAddress:
< GetAddressByName [BRN001BA90813A6] Error >
< >
< Error - 31.03.2012 15:20:00 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001 >
< Description = STI BrtSTI: [2012/03/31 21:20:00.064]: [00001796]: GetDeviceIpAddress: >
Invalid Switch: 31 21:20:00.064]: [00001796]: GetDeviceIpAddress:
< GetAddressByName [BRN001BA90813A6] Error >
< >
< Error - 31.03.2012 15:20:30 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001 >
< Description = STI BrtSTI: [2012/03/31 21:20:30.129]: [00001796]: GetDeviceIpAddress: >
Invalid Switch: 31 21:20:30.129]: [00001796]: GetDeviceIpAddress:
< GetAddressByName [BRN001BA90813A6] Error >
< >
< Error - 01.04.2012 04:18:31 | Computer Name = ***-PC | Source = Software Protection Platform Service | ID = 8198 >
< Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: 0x8007043C >
< >
< Error - 01.04.2012 04:18:31 | Computer Name = ***-PC | Source = Winlogon | ID = 4103 >
< Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000. >
< >
< Error - 01.04.2012 04:33:29 | Computer Name = ***-PC | Source = Application Error | ID = 0 >
< Description = >
< >
< [ OSession Events ] >
< Error - 18.07.2011 16:07:27 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 >
< Description = ID: 0, Application Name: Microsoft Office Word, Application Version: >
< 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 40931 >
< seconds with 4620 seconds of active time. This session ended with a crash. >
< >
< [ System Events ] >
< Error - 01.04.2012 06:53:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 >
< Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der >
< aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 >
< >
< Error - 01.04.2012 06:53:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 >
< Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der >
< aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 >
< >
< Error - 01.04.2012 06:53:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 >
< Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" >
< abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 >
< >
< Error - 01.04.2012 06:53:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 >
< Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der >
< aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 >
< >
< Error - 01.04.2012 06:53:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 >
< Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der >
< aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 >
< >
< Error - 01.04.2012 06:53:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 >
< Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der >
< aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 >
< >
< Error - 01.04.2012 06:53:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 >
< Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der >
< aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 >
< >
< Error - 01.04.2012 06:53:20 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 >
< Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der >
< aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 >
< >
< Error - 01.04.2012 06:53:20 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 >
< Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der >
< aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 >
< >
< Error - 01.04.2012 08:43:18 | Computer Name = ***-PC | Source = DCOM | ID = 10005 >
< Description = >
< >
< >
< < End of report >
--- --- --- --- --- --- --- --- --- > < End of report > glaub da war vorhin ein fehler drinn, da sind jetz mal beide inhalte:OTL EXTRAS Logfile: OTL EXTRAS Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.04.2012 19:30:31 - Run 4
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\***\Downloads
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 73,14% Memory free
5,99 Gb Paging File | 5,34 Gb Available in Paging File | 89,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 87,89 Gb Total Space | 61,59 Gb Free Space | 70,07% Space Free | Partition Type: NTFS
Drive D: | 144,76 Gb Total Space | 33,48 Gb Free Space | 23,13% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-5490CN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C4D532E-4EC9-11E1-9544-B8AC6F97B88E}" = Google Earth Plug-in
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B309654-086F-4231-BED8-30CCDBB23DCF}" = UpdateStar
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{cc937cbc-4be2-4227-9660-ff2f2a1d9467}" = Ad-Aware Antivirus
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"facemoods" = Facemoods Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free Studio_is1" = Free Studio version 5.0.9
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 31.03.2012 14:54:48 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/31 20:54:48.989]: [00001780]: GetDeviceIpAddress:
GetAddressByName [BRN001BA90813A6] Error
Error - 31.03.2012 14:57:37 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/31 20:57:37.139]: [00001764]: GetDeviceIpAddress:
GetAddressByName [BRN001BA90813A6] Error
Error - 31.03.2012 15:01:27 | Computer Name = ***-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: 0x8007043C
Error - 31.03.2012 15:01:27 | Computer Name = ***-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
Error - 31.03.2012 15:19:29 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/31 21:19:29.956]: [00001796]: GetDeviceIpAddress:
GetAddressByName [BRN001BA90813A6] Error
Error - 31.03.2012 15:20:00 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/31 21:20:00.064]: [00001796]: GetDeviceIpAddress:
GetAddressByName [BRN001BA90813A6] Error
Error - 31.03.2012 15:20:30 | Computer Name = ***-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/31 21:20:30.129]: [00001796]: GetDeviceIpAddress:
GetAddressByName [BRN001BA90813A6] Error
Error - 01.04.2012 04:18:31 | Computer Name = ***-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: 0x8007043C
Error - 01.04.2012 04:18:31 | Computer Name = ***-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
Error - 01.04.2012 04:33:29 | Computer Name = ***-PC | Source = Application Error | ID = 0
Description =
[ OSession Events ]
Error - 18.07.2011 16:07:27 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 40931
seconds with 4620 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 01.04.2012 06:53:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2012 06:53:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2012 06:53:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2012 06:53:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2012 06:53:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2012 06:53:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2012 06:53:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2012 06:53:20 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2012 06:53:20 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2012 08:43:18 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
< End of report >
--- --- --- --- --- --- OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 01.04.2012 19:30:31 - Run 4 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\***\Downloads Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 73,14% Memory free 5,99 Gb Paging File | 5,34 Gb Available in Paging File | 89,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 87,89 Gb Total Space | 61,59 Gb Free Space | 70,07% Space Free | Partition Type: NTFS Drive D: | 144,76 Gb Total Space | 33,48 Gb Free Space | 23,13% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Ad-Aware Antivirus\Engine\SBAMSvc.exe (Sunbelt Software) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\components\RadioWMPCoreGecko11.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () ========== Win32 Services (SafeList) ========== SRV - (Ad-Aware Service) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (SBAMSvc) -- C:\Programme\Ad-Aware Antivirus\Engine\SBAMSvc.exe (Sunbelt Software) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (ufdiqpog) -- C:\Users\***\AppData\Local\Temp\ufdiqpog.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found DRV - (mbr) -- C:\Users\***\AppData\Local\Temp\mbr.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sbapifs) -- C:\Windows\System32\drivers\sbapifs.sys (Sunbelt Software) DRV - (SBRE) -- C:\Windows\System32\drivers\SBREDrv.sys (Sunbelt Software) DRV - (SbFw) -- C:\Windows\System32\drivers\SbFw.sys (Sunbelt Software, Inc.) DRV - (sbhips) -- C:\Windows\System32\drivers\sbhips.sys (Sunbelt Software, Inc.) DRV - (SbTis) -- C:\Windows\System32\drivers\sbtis.sys (Sunbelt Software, Inc.) DRV - (SBFWIMCLMP) -- C:\Windows\System32\drivers\SbFwIm.sys (Sunbelt Software, Inc.) DRV - (SBFWIMCL) -- C:\Windows\System32\drivers\SbFwIm.sys (Sunbelt Software, Inc.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=gppc IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A} IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855 IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Facemoods Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/index.php?lh=bbcf3a9c356bfc94d50b6dd3bdee4691&eu=8iTS3ZoyvnZj0qVP9ONEzA" FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.22 09:27:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.27 20:45:07 | 000,000,000 | ---D | M] [2011.05.01 12:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.03.10 16:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions [2012.03.10 16:34:03 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} [2012.02.17 09:35:32 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.05.03 16:42:13 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.02.14 17:45:52 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011.05.15 17:55:59 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\engine@conduit.com [2011.05.15 16:44:22 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ivmk2cvy.default\extensions\engine@plasmoo.com [2011.05.15 17:55:59 | 000,000,935 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ivmk2cvy.default\searchplugins\conduit.xml [2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ivmk2cvy.default\searchplugins\plasmoo.xml [2012.01.13 06:38:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.10 10:29:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IVMK2CVY.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IVMK2CVY.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IVMK2CVY.DEFAULT\EXTENSIONS\VIDEO2MP3@VIDEO2MP3.DE.XPI () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IVMK2CVY.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI [2012.03.22 09:27:45 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.01.08 20:09:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.23 20:37:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.23 20:37:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.23 20:37:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.06.15 16:45:59 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2012.02.23 20:37:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.23 20:37:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.23 20:37:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: Facemoods = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.3.0.1_0\ CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\ CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Programme\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll (facemoods.com) O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [SightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.) O4 - HKCU..\Run: [UpdateStar] C:\Users\***\AppData\Roaming\UpdateStar\UpdateStar.exe (UpdateStar GmbH) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) F3 - HKCU WinNT: Load - (C:\Users\***\LOCALS~1\Temp\msaign.cmd) - C:\Users\***\LOCALS~1\Temp\msaign.cmd () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{080B1618-368D-406D-90F7-286125D568DB}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.04.01 14:25:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR [2012.04.01 14:25:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.04.01 14:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.04.01 14:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.04.01 13:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.04.01 13:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.04.01 12:15:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2012.04.01 12:09:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner [2012.04.01 10:42:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\adaware [2012.04.01 10:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2012.04.01 10:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus [2012.04.01 10:42:42 | 000,094,040 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbhips.sys [2012.04.01 10:42:41 | 000,078,936 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\sbtis.sys [2012.04.01 10:42:28 | 000,221,784 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFw.sys [2012.04.01 10:42:28 | 000,069,208 | ---- | C] (Sunbelt Software, Inc.) -- C:\Windows\System32\drivers\SbFwIm.sys [2012.04.01 10:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2012.04.01 10:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus [2012.04.01 10:28:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus [2012.04.01 10:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.04.01 10:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.03.31 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.03.31 20:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.31 20:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.31 20:03:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.31 20:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.31 19:19:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gizza [2012.03.31 19:19:16 | 000,000,000 | ---D | C] -- C:\Users\***\Local Settings [2012.03.13 21:09:29 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.03.13 21:09:26 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.03.13 21:08:37 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll [2012.03.13 21:08:37 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll [2012.03.13 21:08:35 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012.03.13 21:08:35 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012.03.13 21:08:35 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012.03.06 22:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.01 14:27:17 | 000,002,811 | ---- | M] () -- C:\Users\***\Desktop\Logfiles.zip [2012.04.01 11:57:00 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.01 11:57:00 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.01 11:57:00 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.01 11:57:00 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.01 11:52:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.01 11:52:38 | 2414,325,760 | -HS- | M] () -- C:\hiberfil.sys [2012.04.01 11:51:39 | 000,012,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.01 11:51:39 | 000,012,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.01 11:43:21 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.04.01 11:39:44 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job [2012.04.01 11:24:35 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.04.01 11:10:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.23 16:05:48 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.03.14 17:48:12 | 000,412,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.01 14:25:16 | 000,002,811 | ---- | C] () -- C:\Users\***\Desktop\Logfiles.zip [2012.04.01 11:22:41 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.04.01 10:45:58 | 000,001,082 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job [2011.06.21 15:33:12 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.06.21 15:31:45 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.19 17:08:42 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin [2011.05.01 13:41:04 | 000,000,244 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2011.05.01 13:41:04 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2011.05.01 13:40:38 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.05.01 13:40:38 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.05.01 13:39:54 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2011.05.01 13:39:50 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2011.05.01 13:39:50 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2011.05.01 13:39:49 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2011.05.01 12:11:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin < End of report > --- --- --- |
|
01.04.2012, 19:16
| #4 |
| /// Malware-holic | BAK 1.09 entfernen hi ersetze *** durch nutzernamen im folgendem script: dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
F3 - HKCU WinNT: Load - (C:\Users\***\LOCALS~1\Temp\msaign.cmd) - C:\Users\***\LOCALS~1\Temp\msaign.cmd ()
:Files
C:\Users\***\LOCALS~1\Temp\msaign.cmd
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.04.2012, 19:47
| #5 |
| | BAK 1.09 entfernen also, hab vorher malware drüber laufen lassen, hat 2 dinge gefunden, nach dem entfernen is jetz ein normaler neustart möglich, das fenster scheint nicht mehr auf und alle programme können ausgeführt werden!! möchte sicherheitshalber das jetz trotzdem zu ende machen. upload hat problemlos geklappt!! All processes killed ========== OTL ========== File C:\Users\***\LOCALS~1\Temp\msaign.cmd not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\***\LOCALS~1\Temp\msaign.cmd deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Werner ->Flash cache emptied: 2501 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Werner ->Temp folder emptied: 1034824 bytes ->Temporary Internet Files folder emptied: 1823090 bytes ->Java cache emptied: 181 bytes ->FireFox cache emptied: 81436611 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2432 bytes RecycleBin emptied: 85935 bytes Total Files Cleaned = 80,00 mb OTL by OldTimer - Version 3.2.39.2 log created on 04012012_203839 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
02.04.2012, 14:03
| #6 |
| /// Malware-holic | BAK 1.09 entfernen hatte ich was von Malwarebytes geschrieben? wo ist das log?
__________________ --> BAK 1.09 entfernen |
|
02.04.2012, 17:45
| #7 |
| | BAK 1.09 entfernen zumindest kann ich wieder normal weiterarbeiten was grad sehr wichtig ist, welches log meinstn? |
|
03.04.2012, 09:52
| #8 |
| /// Malware-holic | BAK 1.09 entfernen das Malwarebytes log natürlich.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.04.2012, 11:12
| #9 |
| | BAK 1.09 entfernen des is unglücklicherweise nimmer vorhanden=)... mach ma jetz trotzdem normal weiter oder brauchst des dringend? weiß leider net wie i des wieder abrufen könnte... |
|
03.04.2012, 15:52
| #10 |
| /// Malware-holic | BAK 1.09 entfernen wieso ists nicht mehr vorhanden, gucke unter malwarebytes, berichte, da wirds automatisch gespeichert.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.04.2012, 21:20
| #11 |
| | BAK 1.09 entfernen tud mir leid ich finde das leider nicht... |
|
04.04.2012, 09:13
| #12 | |
| /// Malware-holic | BAK 1.09 entfernenCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu BAK 1.09 entfernen |
| acrobat update, ad-aware, adobe, antivir, antivir guard, antivirus, avg, avgnt, avira, bka 1.09, conduit, converter, defender, desktop, entfernen, firefox, google, google earth, helper, mozilla, mp3, object, plug-in, scan, security, security scan, software, svchost.exe, system, trojaner, updates, windows |
Linear-Darstellung
