Gesperrt durch automatische Informationskontrolle

M-E · 23.09.2012, 11:13

Hallo, leider wurde mein PC offenbar infiziert und ich leide nun unter dem Problem des gesperrten PCs durch die automatische Informationskontrolle!

Gegenwärtig bin ich im abgesicherten Modus mit Netzwerktreibern unterwegs, es gibt keinerlei erkennbare Probleme!

Wenn ich mich richtig eingelesen habe, sollte ich die OTL.exe entsprechend eingestellt ausführen und die Texte der beiden Dateien hier posten. Diese hänge i

Zitat:

Zitat von Extras.txt

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 23.09.2012 12:02:18 - Run 1
OTL by OldTimer - Version 3.2.66.0     Folder = C:\Users\Josh\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,00 Gb Total Physical Memory | 4,10 Gb Available Physical Memory | 81,96% Memory free
10,14 Gb Paging File | 9,39 Gb Available in Paging File | 92,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 498,51 Gb Total Space | 230,75 Gb Free Space | 46,29% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 152,39 Gb Free Space | 65,44% Space Free | Partition Type: NTFS
 
Computer Name: JOSH-PC | User Name: Josh | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = B5 9E EE A7 76 CF CB 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{160D19DD-BC58-4E7E-8506-C89C152F8FFF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{BD3E4155-750F-4C3A-A5FE-9FE98FEE1179}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F2032B-42BE-467D-AD98-AEE25DDE6348}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{02A20A6B-8691-4A3C-B10F-1C067C751D0A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe | 
"{09B404C9-FB05-4940-A14E-FB25BD744813}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\theatre of war\missioneditor\missiongen.exe | 
"{0CD5248B-E8E1-470C-B27A-9FDCD8E95ABE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{0EAAD489-88D2-4B22-9C49-2973CD18F026}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe | 
"{0F5BC3C9-1106-4A1C-AA84-B52F87EDF65C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | 
"{0FBCD604-EBFB-49FC-B8D6-F959C9C6D542}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{226B4757-894D-4E4A-A81A-B57777157EC9}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{24AE56D0-8A57-42EC-B67F-C017BDA103EE}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{27DF2E70-F809-4260-A1FC-152DADD7C425}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lara croft and the guardian of light\lcgol.exe | 
"{2BC4CDF2-3E27-403D-A3B7-E805D410311A}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{34DEB79E-636E-4BA0-B579-8D738D0E3DB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{3C178E0A-5F8D-4CA8-9ED8-386B3F70177C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{3CFB5E3C-68B0-49A3-83E6-C23886D1910B}" = protocol=17 | dir=in | app=d:\games\forces of corruption\swfoc.exe | 
"{44E34E4D-FC5E-4526-ADB8-54501927A68D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{4B136BCA-6A52-436F-BFED-B4662792C65C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex invisible war\system\dx2.exe | 
"{4B64B724-1DF8-49F4-8F68-B02EF7486967}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{4EB9DFBD-DB95-4E71-9370-334C146B1A04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{4F97F431-BAEC-4AE3-9B87-EF4236A27AA6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\marcusergalla2005\race 07\steamproxy.exe | 
"{50E49DE5-FD94-4DAC-AAEA-0FA50CCE5681}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{5262BED9-BC20-41BC-85C4-0397A5881D78}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{592B1B9A-E200-4144-8E9C-D4CDED01DB98}" = protocol=6 | dir=in | app=d:\games\forces of corruption\swfoc.exe | 
"{5C9EA48B-A929-4A47-AB69-4191C00B9B79}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\redorchestra2beta\binaries\win32\rogame.exe | 
"{6535FE6A-708A-4046-93CB-B97E59DDEB6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\theatre of war\missioneditor\editor.exe | 
"{6592D12D-C999-483E-B575-997A38DA2A43}" = protocol=17 | dir=in | app=d:\games\diablo iii\diablo iii.exe | 
"{65DC7B70-00F6-492A-8E72-1B9E618AC28D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{674B6A96-DA52-4900-952C-60167D9B3452}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{688A6D3E-E891-4A6A-A20E-95BADA50FAC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{6E46230B-BC3E-4206-946F-658AB480D18A}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{6EA171E7-8D30-49AE-B21D-462FFE71D388}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{721BEE5A-403B-4961-B183-8404040261D7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{721DF76E-1F9E-4854-A09B-5D30DA6B1A4F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{79F4277C-D432-43A4-859F-686D99E71584}" = protocol=6 | dir=in | app=d:\games\diablo iii\diablo iii.exe | 
"{7BBBC973-4B23-47A5-B871-32E0B865C7D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe | 
"{7EC46A99-DEDE-49D4-A952-EA906C0C8363}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7F359659-9CD3-40F3-9286-884E9220D60C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex invisible war\system\dx2.exe | 
"{89670DD9-0BB3-4681-8288-2A50E8B1D857}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{8A6447FF-5D9E-475B-B19D-3874647B1D02}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{8CD6C83C-DC6B-430C-B99C-0FC4E7D35678}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{91B1E305-7643-45AA-99B5-32CC1A0BBC3E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\marcusergalla2005\race 07\steamproxy.exe | 
"{92378756-B148-4153-A3BD-63740B5BD659}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{95F68F88-9A63-42D7-AD94-8D5B9BA0ED26}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{9664D13E-78F2-4622-A839-C24B9CC6CE96}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{98AFF6D5-A3D2-4F8F-914A-EF2CD7627E6C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{99476884-A321-4853-A93E-B14D2DF33443}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{9AF5088F-0F7E-43BC-AAF3-1AF03B5637EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{9BDADD8B-00F3-4DCC-A163-E73A5A8EB172}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\theatre of war\missioneditor\missiongen.exe | 
"{9C9E56D1-9443-4A59-BF4A-68EF5CBF94D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\marcusergalla2005\race 07\steamexpansionapp.exe | 
"{A2D2D1E7-7F5F-4A87-9F54-BC1DB7B4C8C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\redorchestra2beta\binaries\win32\rogame.exe | 
"{A37CC209-6931-466A-970D-B60FD5CE71B7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\theatre of war\missioneditor\editor.exe | 
"{A7EB3210-7938-436F-819F-D0702956865C}" = protocol=17 | dir=in | app=d:\games\empire at war\gamedata\sweaw.exe | 
"{A85BA803-9E7B-4271-913F-E6DE80928004}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{A86049B7-FEE3-4494-9059-3F39D5668F09}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{AA801FCF-2BA1-4230-80DF-93AE167EC0FB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{AAE793F2-B8BC-490A-B363-B57D84061D36}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{B05693D5-DD25-4389-91D3-49CA8AB9B433}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra\system\redorchestra.exe | 
"{B22C9717-2CDB-4271-9D37-643121A0BCFA}" = protocol=6 | dir=in | app=d:\games\empire at war\gamedata\sweaw.exe | 
"{B552F613-C195-4F88-A27B-97567A97D558}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{BDE1A23A-9ECB-4A23-AE5E-D4E892BC77B7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe | 
"{C18A52ED-AC63-4F4E-B2C4-6E1D6B9CA98E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{C3DC0E3D-8E96-4658-BD3A-B572F5BA95D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{C4007983-536E-4683-B20F-D809ED9BB160}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C76F6137-2E86-431A-8D83-6B915E6ACE8B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C9E71FE3-3CD3-4C8D-A65E-ED39B8C3D8F6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\marcusergalla2005\race 07\steamexpansionapp.exe | 
"{CC6A5F72-FF1A-4751-BB2C-C225D143DE84}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{CC97D4DB-9EF9-49D9-B3EB-2E98219B4994}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{CD6037AF-9DC1-40E2-A5A8-CE3442626F9A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe | 
"{D122300C-3117-4519-97C0-55888F29C301}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\marcusergalla2005\race 07\config.exe | 
"{D337EF92-6D0C-4218-B24F-9F692E877795}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{D836F972-7164-4701-967D-1B79AAC6DB17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lara croft and the guardian of light\lcgol.exe | 
"{DA615663-7F23-4DD9-9946-BEAAAF90B3C8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra\system\redorchestra.exe | 
"{DC964A09-8A40-4A85-A659-43E4D64A0723}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{E0A56B3C-66CD-482D-903C-B3BCD9C71A1C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F4772B56-6B16-4D9D-9F83-AFE472289739}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe | 
"{FC928022-EA8E-4EBD-85C7-0900E8A8168B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\marcusergalla2005\race 07\config.exe | 
"{FFC69733-CE8F-4889-9D56-986EFDA606C0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | 
"TCP Query User{140E936F-39AA-46EE-ADC7-372F14E5B51C}C:\program files (x86)\steam\steamapps\common\juiced 2 hot import nights\juiced2_hin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\juiced 2 hot import nights\juiced2_hin.exe | 
"TCP Query User{2FD15FAA-FF2A-46B5-8A33-9EC7694E84CC}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{34722618-696C-4020-B279-60E8AA7FECC0}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe | 
"TCP Query User{41BB3871-CD03-4D42-9493-DAFDF39BF71D}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{452D3DBC-997B-4229-8CDE-D2118A2F4A7A}C:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe | 
"TCP Query User{88CA6EB0-84A3-4BB0-858A-8BC61C30F86A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{AFD987F8-3BED-46EA-9EDE-2442BE232154}D:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{B8295DFB-278C-4651-BF72-0020F0B13AA7}C:\program files (x86)\steam\steamapps\common\lost planet colonies\lostplanetcoloniesdx9.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet colonies\lostplanetcoloniesdx9.exe | 
"TCP Query User{D706631D-6863-4F43-BEEC-8C5C4B4FB34F}D:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{DFEEB064-C343-409E-ADBE-44F0D81F2A0B}C:\program files (x86)\steam\steamapps\marcusergalla2005\insurgency\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\marcusergalla2005\insurgency\hl2.exe | 
"UDP Query User{11C4F65B-ED00-40ED-9AE2-CC94826BBA34}D:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{1A3B81DC-2E7A-42C8-B0B9-C6C215C384C5}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{1AFD339D-BF31-4AC0-BFB1-4E5831674E48}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{382AEA2D-9BC6-4D28-B5B4-2DF9FDACA0CC}C:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dark souls prepare to die edition\data\data.exe | 
"UDP Query User{42C7438E-BEA4-45B0-8565-1DBBCB6F6E16}C:\program files (x86)\steam\steamapps\common\juiced 2 hot import nights\juiced2_hin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\juiced 2 hot import nights\juiced2_hin.exe | 
"UDP Query User{B72E2653-BDF0-43DC-B0CA-D097D0869084}C:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fable 3\fable3.exe | 
"UDP Query User{C8AFE408-8AAD-4087-A0AD-DD08C82A7B0B}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{CFC6B47B-68E7-4404-976D-5D7EADDF1938}C:\program files (x86)\steam\steamapps\marcusergalla2005\insurgency\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\marcusergalla2005\insurgency\hl2.exe | 
"UDP Query User{E211C88C-0E6F-46E7-B748-EB087A1D39DB}C:\program files (x86)\steam\steamapps\common\lost planet colonies\lostplanetcoloniesdx9.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lost planet colonies\lostplanetcoloniesdx9.exe | 
"UDP Query User{E47A2E61-2B01-4BB5-BE96-49E3069E210A}D:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\games\world_of_tanks\worldoftanks.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8753DF4D-64B0-474E-9A97-0AB5585D9A53}" = Logitech Gaming Software 5.04
"{9387E5ED-7D5D-A744-6BDC-8F6CB26DE09A}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1234C1F4-603F-4C34-8796-3544CF8A83F5}" = Facebook Messenger 2.1.4631.0
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}" = Sony Sound Forge Audio Studio 9.0
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = AMD VISION Engine Control Center
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F311E72-C27F-4DF0-8254-B739A1831668}_is1" = SUPER © v2012.build.53 (Sep 13, 2012) Version v2012.build.53
"{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7C7A59F-CF70-481E-A94F-7C2563AA5ADD}" = Sony DVD Architect Studio 4.5
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = BabylonObjectInstaller
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{F6C5F1A1-F459-498F-A50A-EE6C80799D3B}" = Cinescore Studio 1.0
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"BattlEye" = BattlEye Uninstall
"CarrierCommand" = CarrierCommand Uninstall
"DarthMod Ultimate Commander Edition" = DarthMod Ultimate Commander Edition
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"Fraps" = Fraps
"Gothic" = Gothic
"InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}" = Silent Hunter III
"NAVIGON Fresh" = NAVIGON Fresh 3.3.2
"NewBlue Cartoonr for Vegas" = NewBlue Cartoonr for Vegas
"OpenAL" = OpenAL
"Opera 12.02.1578" = Opera 12.02
"PunkBusterSvc" = PunkBuster Services
"Steam App 104320" = Red Orchestra 2: Heroes of Stalingrad Beta
"Steam App 1200" = Red Orchestra: Ostfront 41-45
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 1280" = Darkest Hour: Europe '44-'45
"Steam App 12900" = Audiosurf
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 220" = Half-Life 2
"Steam App 22330" = The Elder Scrolls IV: Oblivion 
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 35130" = Lara Croft and the Guardian of Light
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 380" = Half-Life 2: Episode One
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 44620" = STCC II
"Steam App 44630" = RACE 07 - Formula RaceRoom Add-On
"Steam App 44650" = GT Power Expansion
"Steam App 44660" = The Retro Expansion
"Steam App 44670" = The WTCC 2010 Pack
"Steam App 6920" = Deus Ex: Invisible War
"Steam App 8600" = RACE 07
"STLFR_eng_is1" = 'Steel Fury - Kharkov 1942'
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"U-Boote: Schlacht im Mittelmeer" = U-Boote: Schlacht im Mittelmeer
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.09.2012 09:43:29 | Computer Name = Josh-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.09.2012 00:58:52 | Computer Name = Josh-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Photoshop.exe, Version 8.0.1.0, Zeitstempel 
0x3fa7b7bb, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e39f,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00060bb0,  Prozess-ID 0x4040, Anwendungsstartzeit
 01cd97b5a6b81f65.
 
Error - 21.09.2012 00:58:54 | Computer Name = Josh-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Photoshop.exe, Version 8.0.1.0, Zeitstempel 
0x3fa7b7bb, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e39f,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00053287,  Prozess-ID 0x4040, Anwendungsstartzeit
 01cd97b5a6b81f65.
 
Error - 21.09.2012 00:59:55 | Computer Name = Josh-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Photoshop.exe, Version 8.0.1.0, Zeitstempel 
0x3fa7b7bb, fehlerhaftes Modul Photoshop.exe, Version 8.0.1.0, Zeitstempel 0x3fa7b7bb,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0040df52,  Prozess-ID 0x618, Anwendungsstartzeit
 01cd97b5cfd8afe5.
 
Error - 21.09.2012 00:59:57 | Computer Name = Josh-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Photoshop.exe, Version 8.0.1.0, Zeitstempel 
0x3fa7b7bb, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e39f,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00053287,  Prozess-ID 0x618, Anwendungsstartzeit
 01cd97b5cfd8afe5.
 
Error - 22.09.2012 09:42:34 | Computer Name = Josh-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.09.2012 09:43:56 | Computer Name = Josh-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.09.2012 10:52:03 | Computer Name = Josh-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Photoshop.exe, Version 8.0.1.0, Zeitstempel 
0x3fa7b7bb, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e39f,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00053800,  Prozess-ID 0xbd8, Anwendungsstartzeit
 01cd98cf7af5403d.
 
Error - 22.09.2012 21:19:11 | Computer Name = Josh-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.09.2012 21:19:55 | Computer Name = Josh-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 23.09.2012 05:53:11 | Computer Name = Josh-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 23.09.2012 05:53:11 | Computer Name = Josh-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 23.09.2012 05:53:11 | Computer Name = Josh-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 23.09.2012 05:53:11 | Computer Name = Josh-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 23.09.2012 05:59:21 | Computer Name = Josh-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 23.09.2012 05:59:28 | Computer Name = Josh-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 23.09.2012 05:59:46 | Computer Name = Josh-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 23.09.2012 05:59:46 | Computer Name = Josh-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 23.09.2012 06:00:37 | Computer Name = Josh-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 23.09.2012 06:00:37 | Computer Name = Josh-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

--- --- ---

Zitat:

Zitat von OTL.txt

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 23.09.2012 12:02:18 - Run 1
OTL by OldTimer - Version 3.2.66.0     Folder = C:\Users\Josh\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,00 Gb Total Physical Memory | 4,10 Gb Available Physical Memory | 81,96% Memory free
10,14 Gb Paging File | 9,39 Gb Available in Paging File | 92,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 498,51 Gb Total Space | 230,75 Gb Free Space | 46,29% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 152,39 Gb Free Space | 65,44% Space Free | Partition Type: NTFS
 
Computer Name: JOSH-PC | User Name: Josh | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Josh\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\DRIVERS\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek                                            )
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\DRIVERS\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\DRIVERS\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (AMD, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10013&barid={81F12D75-055C-11E2-B919-002421B513CD}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10013&barid={81F12D75-055C-11E2-B919-002421B513CD}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=110184&tt=120912_pcp_3812_3&babsrc=HP_ss&mntrId=aaa805bd0000000000000022436b5ea6
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110184&tt=120912_pcp_3812_3&babsrc=HP_ss&mntrId=aaa805bd0000000000000022436b5ea6
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CB D9 6F D6 A7 96 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - No CLSID value found
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110184&tt=120912_pcp_3812_3&babsrc=SP_ss&mntrId=aaa805bd0000000000000022436b5ea6
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10013&barid={81F12D75-055C-11E2-B919-002421B513CD}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Josh\AppData\Local\Facebook\Messenger\2.1.4631.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.09.23 11:12:28 | 000,000,000 | ---D | M]
 
[2012.09.23 11:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Josh\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [toieivqokhvxirr] C:\ProgramData\toieivqo.exe ()
O4 - HKLM..\RunOnce: [awdevlcvideoconverter3058]  File not found
O4 - Startup: C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Josh\AppData\Local\Facebook\Messenger\2.1.4631.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82A8B594-E807-455B-BC1F-4BA43A7F8785}: DhcpNameServer = 82.212.62.62 78.42.43.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Josh\Pictures\Hintergründe\Unbenannt-1.jpg
O24 - Desktop BackupWallPaper: C:\Users\Josh\Pictures\Hintergründe\Unbenannt-1.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{446a256d-36b7-11e0-88bc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{446a256d-36b7-11e0-88bc-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LaunchEAWG.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.23 12:01:19 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
[2012.09.23 11:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\obgeqakwkgcexbs
[2012.09.23 11:35:29 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.09.23 11:15:04 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2012.09.23 11:15:04 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2012.09.23 11:15:04 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2012.09.23 11:15:04 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2012.09.23 11:15:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2012.09.23 11:13:26 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.09.23 11:13:25 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.09.23 11:13:25 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.09.23 11:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.09.23 11:13:16 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\TuneUp Software
[2012.09.23 11:13:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.09.23 11:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.09.23 11:13:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.09.23 11:13:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.09.23 11:12:58 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll
[2012.09.23 11:12:58 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2012.09.23 11:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
[2012.09.23 11:12:57 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2012.09.23 11:12:57 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2012.09.23 11:12:57 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2012.09.23 11:12:57 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2012.09.23 11:12:57 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2012.09.23 11:12:57 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2012.09.23 11:12:57 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2012.09.23 11:12:57 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2012.09.23 11:12:56 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2012.09.23 11:12:56 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2012.09.23 11:12:55 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2012.09.23 11:12:36 | 000,000,000 | ---D | C] -- C:\Users\Josh\Start Menu
[2012.09.23 11:12:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012.09.23 11:12:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012.09.23 11:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.09.23 11:12:27 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\BabylonToolbar
[2012.09.23 11:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012.09.23 11:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.23 11:12:10 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Babylon
[2012.09.23 11:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.09.23 11:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2012.09.23 11:01:58 | 051,531,533 | ---- | C] (eRightSoft                                                  ) -- C:\Users\Josh\Desktop\SUPERsetup.exe
[2012.09.23 10:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.09.23 10:56:45 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\{87FCE318-5E20-429E-9898-8054CFFFFC45}
[2012.09.23 10:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2012.09.23 10:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
[2012.09.23 10:46:29 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\Wajam
[2012.09.23 10:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2012.09.23 03:00:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.23 03:00:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.23 03:00:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.23 03:00:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.23 03:00:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.09.23 03:00:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.09.23 03:00:47 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.23 03:00:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.23 03:00:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.09.23 03:00:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.09.23 03:00:45 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.09.23 03:00:45 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.23 03:00:43 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.09.23 03:00:43 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.09.23 03:00:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.09.15 19:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.09.15 19:33:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.09.15 19:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.09.11 21:42:52 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\R1 2013
[2012.09.08 20:05:20 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\l
[2012.09.08 20:02:14 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\Neuer Ordner
[2012.09.08 16:53:51 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012.08.24 19:38:06 | 000,000,000 | ---D | C] -- C:\Users\Josh\Documents\NBGI
[2012.08.24 19:35:02 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\NBGI
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.23 12:01:19 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Desktop\OTL.exe
[2012.09.23 12:00:24 | 000,001,356 | ---- | M] () -- C:\Users\Josh\AppData\Local\d3d9caps.dat
[2012.09.23 11:59:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.23 11:49:32 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.23 11:49:32 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.23 11:42:59 | 191,899,648 | ---- | M] () -- C:\Users\Josh\Desktop\MF MartinQ Zolder 19 05 2012 Minder snel sessie 3.mp4.MPG
[2012.09.23 11:37:37 | 000,076,350 | ---- | M] () -- C:\ProgramData\pxynlfilspfluac
[2012.09.23 11:35:32 | 000,087,040 | ---- | M] () -- C:\ProgramData\toieivqo.exe
[2012.09.23 11:35:32 | 000,087,040 | ---- | M] () -- C:\Users\Josh\0.9440952711130924.exe
[2012.09.23 11:35:08 | 041,773,056 | ---- | M] () -- C:\Users\Josh\Desktop\Dutch Adrenalin # 3 Lalala.mp4.MPG
[2012.09.23 11:29:52 | 171,024,384 | ---- | M] () -- C:\Users\Josh\Desktop\29-07-2012 Nürburgring Nordschleife Yamaha R1 0852.mp4.MPG
[2012.09.23 11:23:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.23 11:20:30 | 060,667,904 | ---- | M] () -- C:\Users\Josh\Desktop\Dutch Adrenalin #4 Rasen ist in!.mp4.MPG
[2012.09.23 11:13:23 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.09.23 11:13:23 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.09.23 11:12:18 | 000,000,315 | ---- | M] () -- C:\user.js
[2012.09.23 11:12:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1775772143-215352430-2348080800-1008UA.job
[2012.09.23 11:03:39 | 051,531,533 | ---- | M] (eRightSoft                                                  ) -- C:\Users\Josh\Desktop\SUPERsetup.exe
[2012.09.23 10:55:55 | 000,000,219 | ---- | M] () -- C:\Users\Josh\Desktop\Search the Web.url
[2012.09.23 10:55:55 | 000,000,213 | ---- | M] () -- C:\Users\Josh\Desktop\SweetPcFix.url
[2012.09.23 10:55:20 | 000,161,904 | ---- | M] () -- C:\Users\Josh\Desktop\VLCVideoConverterSetup.exe
[2012.09.23 10:53:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1775772143-215352430-2348080800-1000UA.job
[2012.09.23 10:52:38 | 000,000,000 | ---- | M] () -- C:\Users\Josh\Desktop\29-07-2012 Nürburgring Nordschleife Yamaha R1 0852_0.mov
[2012.09.23 10:45:21 | 001,127,320 | ---- | M] () -- C:\Users\Josh\Desktop\VideoConverterSetup.exe
[2012.09.23 08:12:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1775772143-215352430-2348080800-1008Core.job
[2012.09.22 23:02:14 | 394,383,841 | ---- | M] () -- C:\Users\Josh\Desktop\MF MartinQ Zolder 19 05 2012 Minder snel sessie 3.mp4
[2012.09.22 23:00:53 | 240,001,155 | ---- | M] () -- C:\Users\Josh\Desktop\MF MartinQ Mettet 7 Juni 2012 Rookies sessie 2.no-conversion
[2012.09.22 22:54:52 | 088,029,377 | ---- | M] () -- C:\Users\Josh\Desktop\Dutch Adrenalin # 3 Lalala.mp4
[2012.09.22 22:53:20 | 077,297,487 | ---- | M] () -- C:\Users\Josh\Desktop\Circuit Zolder 31-08-12 + 01-09-12 compilatie.no-conversion
[2012.09.22 22:53:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1775772143-215352430-2348080800-1000Core.job
[2012.09.22 22:39:19 | 227,204,259 | ---- | M] () -- C:\Users\Josh\Desktop\29-07-2012 Nürburgring Nordschleife Yamaha R1 0852.mp4
[2012.09.22 22:27:18 | 086,777,100 | ---- | M] () -- C:\Users\Josh\Desktop\Dutch Adrenalin #4 Rasen ist in!.mp4
[2012.09.22 18:34:41 | 000,708,771 | ---- | M] () -- C:\Users\Josh\Desktop\000000.jpg
[2012.09.22 18:34:09 | 000,499,551 | ---- | M] () -- C:\Users\Josh\Desktop\533569912_d79f789132_b.jpg
[2012.09.22 17:22:05 | 000,248,101 | ---- | M] () -- C:\Users\Josh\Desktop\0002.jpg
[2012.09.22 17:21:39 | 000,213,136 | ---- | M] () -- C:\Users\Josh\Desktop\0001.jpg
[2012.09.22 17:20:31 | 003,431,645 | ---- | M] () -- C:\Users\Josh\Desktop\20120922_121219.jpg
[2012.09.22 17:20:18 | 003,135,444 | ---- | M] () -- C:\Users\Josh\Desktop\20120922_121155.jpg
[2012.09.22 16:53:21 | 000,335,287 | ---- | M] () -- C:\Users\Josh\Desktop\000.jpg
[2012.09.22 16:51:08 | 002,598,890 | ---- | M] () -- C:\Users\Josh\Desktop\20120922_142948.jpg
[2012.09.22 16:37:09 | 000,564,609 | ---- | M] () -- C:\Users\Josh\Desktop\20120922_143620.jpg
[2012.09.21 07:20:14 | 000,584,758 | ---- | M] () -- C:\Users\Josh\Desktop\3082699631_480282d02a_o.jpg
[2012.09.21 07:00:48 | 000,297,215 | ---- | M] () -- C:\Users\Josh\Desktop\3030144213_721be36d5f_o.jpg
[2012.09.21 06:57:16 | 000,657,711 | ---- | M] () -- C:\Users\Josh\Desktop\2725079873_4fc47eea28_o.jpg
[2012.09.21 06:56:48 | 001,337,930 | ---- | M] () -- C:\Users\Josh\Desktop\2950391048_1ef0787fc5_o.jpg
[2012.09.21 06:53:59 | 000,051,572 | ---- | M] () -- C:\Users\Josh\Desktop\3559892324_360fb9ca19_o.jpg
[2012.09.21 06:52:11 | 000,077,164 | ---- | M] () -- C:\Users\Josh\Desktop\4167694654_9ba3c44abf_o.jpg
[2012.09.20 23:23:09 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.09.20 23:23:09 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.09.20 21:02:28 | 000,028,282 | ---- | M] () -- C:\Users\Josh\Desktop\34208729.png
[2012.09.20 20:56:17 | 000,078,179 | ---- | M] () -- C:\Users\Josh\Desktop\Unbenannt-1.jpg
[2012.09.19 22:36:54 | 000,293,731 | ---- | M] () -- C:\Users\Josh\Desktop\CIMG4521_cri.jpg
[2012.09.19 22:36:33 | 000,242,982 | ---- | M] () -- C:\Users\Josh\Desktop\CIMG2564_cri.jpg
[2012.09.19 22:32:18 | 000,535,291 | ---- | M] () -- C:\Users\Josh\Desktop\CIMG6487_cri.jpg
[2012.09.19 22:31:45 | 000,938,129 | ---- | M] () -- C:\Users\Josh\Desktop\4376502058_452866012a_o.jpg
[2012.09.19 22:29:00 | 001,714,091 | ---- | M] () -- C:\Users\Josh\Desktop\CIMG2599_cri.jpg
[2012.09.19 22:15:41 | 000,075,371 | ---- | M] () -- C:\Users\Josh\Desktop\30781182_61092cdb49_o.jpg
[2012.09.19 21:25:41 | 000,016,225 | ---- | M] () -- C:\Users\Josh\Desktop\AnSpringer_19092012.odt
[2012.09.17 15:26:09 | 000,305,573 | ---- | M] () -- C:\Users\Josh\Desktop\476336_156536184485204_1827587436_o.jpg
[2012.09.16 15:06:19 | 000,315,380 | ---- | M] () -- C:\Users\Josh\Desktop\2012-09-16_00008.jpg
[2012.09.16 10:15:08 | 000,551,539 | ---- | M] () -- C:\Users\Josh\Desktop\Anlage05.jpg
[2012.09.16 10:14:53 | 000,420,265 | ---- | M] () -- C:\Users\Josh\Desktop\Anlage02.jpg
[2012.09.16 10:14:33 | 000,377,249 | ---- | M] () -- C:\Users\Josh\Desktop\Anlage04.jpg
[2012.09.16 10:14:17 | 000,412,341 | ---- | M] () -- C:\Users\Josh\Desktop\Anlage03.jpg
[2012.09.16 10:12:41 | 002,100,118 | ---- | M] () -- C:\Users\Josh\Desktop\20120916_100005.jpg
[2012.09.16 10:12:37 | 001,920,736 | ---- | M] () -- C:\Users\Josh\Desktop\20120916_100009.jpg
[2012.09.16 10:12:33 | 002,700,132 | ---- | M] () -- C:\Users\Josh\Desktop\20120916_100055.jpg
[2012.09.16 10:12:27 | 002,614,073 | ---- | M] () -- C:\Users\Josh\Desktop\20120916_100104.jpg
[2012.09.16 10:11:29 | 000,101,677 | ---- | M] () -- C:\Users\Josh\Desktop\anlage00.jpg
[2012.09.16 10:11:13 | 000,529,723 | ---- | M] () -- C:\Users\Josh\Desktop\Anlage01.jpg
[2012.09.16 10:10:15 | 002,531,088 | ---- | M] () -- C:\Users\Josh\Desktop\20120916_095910.jpg
[2012.09.16 10:10:11 | 002,367,683 | ---- | M] () -- C:\Users\Josh\Desktop\20120916_095939.jpg
[2012.09.16 10:10:06 | 002,388,299 | ---- | M] () -- C:\Users\Josh\Desktop\20120916_095944.jpg
[2012.09.16 10:10:00 | 002,479,143 | ---- | M] () -- C:\Users\Josh\Desktop\20120916_095949.jpg
[2012.09.16 10:07:33 | 002,942,388 | ---- | M] () -- C:\Users\Josh\Desktop\20120916_095838.jpg
[2012.09.16 10:07:28 | 003,104,837 | ---- | M] () -- C:\Users\Josh\Desktop\20120916_095847.jpg
[2012.09.13 21:14:17 | 000,099,573 | ---- | M] () -- C:\Users\Josh\Desktop\IMG-20120913-WA0007.jpg
[2012.09.09 08:56:09 | 000,013,282 | ---- | M] () -- C:\Users\Josh\.TransferManager.db
[2012.09.08 16:53:51 | 000,001,120 | ---- | M] () -- C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012.09.01 18:39:04 | 000,021,504 | ---- | M] () -- C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.01 18:12:43 | 000,084,752 | ---- | M] () -- C:\Users\Josh\Desktop\DSfix05.zip
[2012.09.01 17:47:54 | 000,789,156 | ---- | M] () -- C:\Users\Josh\Desktop\Unbenannt-2.jpg
[2012.08.28 17:04:53 | 001,445,546 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.28 17:04:53 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.28 17:04:53 | 000,596,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.28 17:04:53 | 000,126,486 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.28 17:04:53 | 000,104,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.24 12:31:32 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.24 12:20:11 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.24 12:18:46 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.24 12:14:45 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.24 12:14:34 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.24 12:13:29 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.08.24 12:11:57 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.08.24 12:10:14 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.23 11:37:37 | 000,087,040 | ---- | C] () -- C:\ProgramData\toieivqo.exe
[2012.09.23 11:35:33 | 000,076,350 | ---- | C] () -- C:\ProgramData\pxynlfilspfluac
[2012.09.23 11:35:31 | 000,087,040 | ---- | C] () -- C:\Users\Josh\0.9440952711130924.exe
[2012.09.23 11:35:22 | 191,899,648 | ---- | C] () -- C:\Users\Josh\Desktop\MF MartinQ Zolder 19 05 2012 Minder snel sessie 3.mp4.MPG
[2012.09.23 11:30:09 | 041,773,056 | ---- | C] () -- C:\Users\Josh\Desktop\Dutch Adrenalin # 3 Lalala.mp4.MPG
[2012.09.23 11:20:44 | 171,024,384 | ---- | C] () -- C:\Users\Josh\Desktop\29-07-2012 Nürburgring Nordschleife Yamaha R1 0852.mp4.MPG
[2012.09.23 11:15:10 | 060,667,904 | ---- | C] () -- C:\Users\Josh\Desktop\Dutch Adrenalin #4 Rasen ist in!.mp4.MPG
[2012.09.23 11:15:04 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.09.23 11:13:23 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.09.23 11:13:23 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.09.23 11:13:22 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.09.23 11:12:57 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax
[2012.09.23 11:12:57 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.09.23 11:12:57 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2012.09.23 11:12:56 | 000,195,584 | RHS- | C] () -- C:\Windows\SysWow64\MatroskaDX.ax
[2012.09.23 11:12:56 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2012.09.23 11:12:56 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2012.09.23 11:12:56 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2012.09.23 11:12:56 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2012.09.23 11:12:56 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2012.09.23 11:12:55 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2012.09.23 11:12:55 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2012.09.23 11:12:17 | 000,000,315 | ---- | C] () -- C:\user.js
[2012.09.23 10:55:55 | 000,000,219 | ---- | C] () -- C:\Users\Josh\Desktop\Search the Web.url
[2012.09.23 10:55:55 | 000,000,213 | ---- | C] () -- C:\Users\Josh\Desktop\SweetPcFix.url
[2012.09.23 10:55:20 | 000,161,904 | ---- | C] () -- C:\Users\Josh\Desktop\VLCVideoConverterSetup.exe
[2012.09.23 10:52:38 | 000,000,000 | ---- | C] () -- C:\Users\Josh\Desktop\29-07-2012 Nürburgring Nordschleife Yamaha R1 0852_0.mov
[2012.09.23 10:45:21 | 001,127,320 | ---- | C] () -- C:\Users\Josh\Desktop\VideoConverterSetup.exe
[2012.09.22 22:57:04 | 240,001,155 | ---- | C] () -- C:\Users\Josh\Desktop\MF MartinQ Mettet 7 Juni 2012 Rookies sessie 2.no-conversion
[2012.09.22 22:57:00 | 394,383,841 | ---- | C] () -- C:\Users\Josh\Desktop\MF MartinQ Zolder 19 05 2012 Minder snel sessie 3.mp4
[2012.09.22 22:52:16 | 077,297,487 | ---- | C] () -- C:\Users\Josh\Desktop\Circuit Zolder 31-08-12 + 01-09-12 compilatie.no-conversion
[2012.09.22 22:52:12 | 088,029,377 | ---- | C] () -- C:\Users\Josh\Desktop\Dutch Adrenalin # 3 Lalala.mp4
[2012.09.22 22:37:12 | 227,204,259 | ---- | C] () -- C:\Users\Josh\Desktop\29-07-2012 Nürburgring Nordschleife Yamaha R1 0852.mp4
[2012.09.22 22:26:14 | 086,777,100 | ---- | C] () -- C:\Users\Josh\Desktop\Dutch Adrenalin #4 Rasen ist in!.mp4
[2012.09.22 18:34:41 | 000,708,771 | ---- | C] () -- C:\Users\Josh\Desktop\000000.jpg
[2012.09.22 18:34:09 | 000,499,551 | ---- | C] () -- C:\Users\Josh\Desktop\533569912_d79f789132_b.jpg
[2012.09.22 17:22:04 | 000,248,101 | ---- | C] () -- C:\Users\Josh\Desktop\0002.jpg
[2012.09.22 17:21:39 | 000,213,136 | ---- | C] () -- C:\Users\Josh\Desktop\0001.jpg
[2012.09.22 17:20:28 | 003,431,645 | ---- | C] () -- C:\Users\Josh\Desktop\20120922_121219.jpg
[2012.09.22 17:20:15 | 003,135,444 | ---- | C] () -- C:\Users\Josh\Desktop\20120922_121155.jpg
[2012.09.22 16:53:20 | 000,335,287 | ---- | C] () -- C:\Users\Josh\Desktop\000.jpg
[2012.09.22 16:51:10 | 002,598,890 | ---- | C] () -- C:\Users\Josh\Desktop\20120922_142948.jpg
[2012.09.22 16:35:09 | 000,564,609 | ---- | C] () -- C:\Users\Josh\Desktop\20120922_143620.jpg
[2012.09.21 07:20:13 | 000,584,758 | ---- | C] () -- C:\Users\Josh\Desktop\3082699631_480282d02a_o.jpg
[2012.09.21 06:57:16 | 000,657,711 | ---- | C] () -- C:\Users\Josh\Desktop\2725079873_4fc47eea28_o.jpg
[2012.09.21 06:56:48 | 001,337,930 | ---- | C] () -- C:\Users\Josh\Desktop\2950391048_1ef0787fc5_o.jpg
[2012.09.21 06:56:37 | 000,297,215 | ---- | C] () -- C:\Users\Josh\Desktop\3030144213_721be36d5f_o.jpg
[2012.09.21 06:53:59 | 000,051,572 | ---- | C] () -- C:\Users\Josh\Desktop\3559892324_360fb9ca19_o.jpg
[2012.09.21 06:52:11 | 000,077,164 | ---- | C] () -- C:\Users\Josh\Desktop\4167694654_9ba3c44abf_o.jpg
[2012.09.20 21:02:28 | 000,028,282 | ---- | C] () -- C:\Users\Josh\Desktop\34208729.png
[2012.09.20 20:56:15 | 000,078,179 | ---- | C] () -- C:\Users\Josh\Desktop\Unbenannt-1.jpg
[2012.09.19 22:32:17 | 000,535,291 | ---- | C] () -- C:\Users\Josh\Desktop\CIMG6487_cri.jpg
[2012.09.19 22:31:45 | 000,938,129 | ---- | C] () -- C:\Users\Josh\Desktop\4376502058_452866012a_o.jpg
[2012.09.19 22:29:00 | 001,714,091 | ---- | C] () -- C:\Users\Josh\Desktop\CIMG2599_cri.jpg
[2012.09.19 22:26:38 | 000,293,731 | ---- | C] () -- C:\Users\Josh\Desktop\CIMG4521_cri.jpg
[2012.09.19 22:17:01 | 000,242,982 | ---- | C] () -- C:\Users\Josh\Desktop\CIMG2564_cri.jpg
[2012.09.19 22:15:41 | 000,075,371 | ---- | C] () -- C:\Users\Josh\Desktop\30781182_61092cdb49_o.jpg
[2012.09.19 21:25:40 | 000,016,225 | ---- | C] () -- C:\Users\Josh\Desktop\AnSpringer_19092012.odt
[2012.09.17 14:18:01 | 000,305,573 | ---- | C] () -- C:\Users\Josh\Desktop\476336_156536184485204_1827587436_o.jpg
[2012.09.16 15:06:18 | 000,315,380 | ---- | C] () -- C:\Users\Josh\Desktop\2012-09-16_00008.jpg
[2012.09.16 10:15:07 | 000,551,539 | ---- | C] () -- C:\Users\Josh\Desktop\Anlage05.jpg
[2012.09.16 10:14:52 | 000,420,265 | ---- | C] () -- C:\Users\Josh\Desktop\Anlage02.jpg
[2012.09.16 10:14:33 | 000,377,249 | ---- | C] () -- C:\Users\Josh\Desktop\Anlage04.jpg
[2012.09.16 10:14:17 | 000,412,341 | ---- | C] () -- C:\Users\Josh\Desktop\Anlage03.jpg
[2012.09.16 10:12:37 | 002,100,118 | ---- | C] () -- C:\Users\Josh\Desktop\20120916_100005.jpg
[2012.09.16 10:12:33 | 001,920,736 | ---- | C] () -- C:\Users\Josh\Desktop\20120916_100009.jpg
[2012.09.16 10:12:27 | 002,700,132 | ---- | C] () -- C:\Users\Josh\Desktop\20120916_100055.jpg
[2012.09.16 10:12:21 | 002,614,073 | ---- | C] () -- C:\Users\Josh\Desktop\20120916_100104.jpg
[2012.09.16 10:11:28 | 000,101,677 | ---- | C] () -- C:\Users\Josh\Desktop\anlage00.jpg
[2012.09.16 10:11:13 | 000,529,723 | ---- | C] () -- C:\Users\Josh\Desktop\Anlage01.jpg
[2012.09.16 10:10:11 | 002,531,088 | ---- | C] () -- C:\Users\Josh\Desktop\20120916_095910.jpg
[2012.09.16 10:10:06 | 002,367,683 | ---- | C] () -- C:\Users\Josh\Desktop\20120916_095939.jpg
[2012.09.16 10:10:00 | 002,388,299 | ---- | C] () -- C:\Users\Josh\Desktop\20120916_095944.jpg
[2012.09.16 10:09:55 | 002,479,143 | ---- | C] () -- C:\Users\Josh\Desktop\20120916_095949.jpg
[2012.09.16 10:07:28 | 002,942,388 | ---- | C] () -- C:\Users\Josh\Desktop\20120916_095838.jpg
[2012.09.16 10:07:21 | 003,104,837 | ---- | C] () -- C:\Users\Josh\Desktop\20120916_095847.jpg
[2012.09.13 21:09:45 | 000,099,573 | ---- | C] () -- C:\Users\Josh\Desktop\IMG-20120913-WA0007.jpg
[2012.09.09 08:56:09 | 000,013,282 | ---- | C] () -- C:\Users\Josh\.TransferManager.db
[2012.09.07 19:42:51 | 000,001,356 | ---- | C] () -- C:\Users\Josh\AppData\Local\d3d9caps.dat
[2012.09.01 18:12:42 | 000,084,752 | ---- | C] () -- C:\Users\Josh\Desktop\DSfix05.zip
[2012.09.01 17:47:53 | 000,789,156 | ---- | C] () -- C:\Users\Josh\Desktop\Unbenannt-2.jpg
[2012.08.16 13:54:39 | 003,771,300 | ---- | C] () -- C:\Users\Josh\20120816_124716.jpg
[2012.04.12 10:08:42 | 000,005,339 | ---- | C] () -- C:\Users\Josh\checkFileList.lst
[2012.04.12 10:02:16 | 000,001,040 | ---- | C] () -- C:\Users\Josh\CCGM_P_C_Beta.exe.md5
[2012.04.12 09:44:19 | 1348,477,947 | ---- | C] () -- C:\Users\Josh\CCGM_P_C_Beta.exe
[2012.01.07 10:57:44 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.01.07 10:57:44 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.01.07 10:57:44 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.01.07 10:16:15 | 000,031,048 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.04 13:10:22 | 000,281,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.04 13:10:20 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.07.04 13:10:20 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.21 14:31:57 | 000,000,370 | ---- | C] () -- C:\Users\Josh\Dokumente.lnk
[2011.03.11 09:26:30 | 000,021,504 | ---- | C] () -- C:\Users\Josh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.14 19:51:37 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.02.14 19:51:12 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.02.14 19:50:50 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.02.12 23:36:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.02.12 19:35:09 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011.02.12 16:58:25 | 000,000,732 | ---- | C] () -- C:\Users\Josh\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

--- --- ---

Ich hoffe das war so korrekt. Wie geht es nun weiter?

Zitat:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.23.03

Windows Vista Service Pack 2 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Josh :: JOSH-PC [Administrator]

23.09.2012 16:12:45
mbam-log-2012-09-23 (16-12-45).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 197236
Laufzeit: 3 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|toieivqokhvxirr (Trojan.Winlock) -> Daten: C:\ProgramData\toieivqo.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\toieivqo.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Hier noch das Log von Malewarebytes!

cosinus · 23.09.2012, 15:32

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

M-E · 23.09.2012, 17:51

Großes Dankeschön für die Hilfe!

Maleware, groér Durchlauf

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.23.03

Windows Vista Service Pack 2 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Josh :: JOSH-PC [Administrator]

23.09.2012 17:12:51
mbam-log-2012-09-23 (17-12-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 470562
Laufzeit: 1 Stunde(n), 27 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESET Log.txt

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-23 04:40:07
# local_time=2012-09-23 06:40:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775166 100 94 336966 84943825 81838 0
# compatibility_mode=5892 16776573 100 56 16792 185934475 0 0
# compatibility_mode=8192 67108863 100 0 96 96 0 0
# scanned=283249
# found=6
# cleaned=6
# scan_time=7837
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarApp.dll	a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarsrv.exe	probably a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\ProgramData\obgeqakwkgcexbs\main.html	HTML/Ransom.B trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Josh\AppData\Local\Temp\biclient.exe	a variant of Win32/Somoto.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Josh\AppData\Local\Temp\27370141.Uninstall\Uninstall.exe	a variant of Win32/InstallCore.AW application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Josh\AppData\Local\Temp\is357113909\FunmoodsLatest.exe	a variant of Win32/Toolbar.Funmoods application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

cosinus · 23.09.2012, 19:21

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

M-E · 23.09.2012, 19:25

Hallo, ja hatte das Log weiter oben gepostet! Hier nochmal:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.0.1400
 www.malwarebytes.org

 Datenbank Version: v2012.09.23.03

 Windows Vista Service Pack 2 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
 Internet Explorer 9.0.8112.16421
 Josh :: JOSH-PC [Administrator]

 23.09.2012 16:12:45
 mbam-log-2012-09-23 (16-12-45).txt

 Art des Suchlaufs: Quick-Scan
 Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
 Deaktivierte Suchlaufeinstellungen: P2P
 Durchsuchte Objekte: 197236
 Laufzeit: 3 Minute(n), 

 Infizierte Speicherprozesse: 0
 (Keine bösartigen Objekte gefunden)

 Infizierte Speichermodule: 0
 (Keine bösartigen Objekte gefunden)

 Infizierte Registrierungsschlüssel: 0
 (Keine bösartigen Objekte gefunden)

 Infizierte Registrierungswerte: 1
 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|toieivqokhvxirr (Trojan.Winlock) -> Daten: C:\ProgramData\toieivqo.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

 Infizierte Dateiobjekte der Registrierung: 0
 (Keine bösartigen Objekte gefunden)

 Infizierte Verzeichnisse: 0
 (Keine bösartigen Objekte gefunden)

 Infizierte Dateien: 1
 C:\ProgramData\toieivqo.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.

 (Ende)

Ich kann den PC nun ohne weiteres nutzen im Normalen Modus, eventuell hat Maleware bereits die Dateien gelöscht? Oder doch nur verschoben?

cosinus · 23.09.2012, 19:43

Ich hab doch nciht nach bereits geposteten Logs gefragt

Sondern ob da noch irgendwelche Logs von Malwarebytes sind, die du noch NICHT gepostet hast!

M-E · 23.09.2012, 19:45

Hoppla, falsch verstanden, tut mir leid! Nein, das waren alle Durchgänge!

cosinus · 23.09.2012, 19:54

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

M-E · 23.09.2012, 21:01

Code:

ATTFilter

# AdwCleaner v2.002 - Datei am 09/23/2012 um 22:00:24 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Josh - JOSH-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Josh\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : Browser Manager

***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Ordner Gefunden : C:\Program Files (x86)\Babylon
Ordner Gefunden : C:\Program Files (x86)\BabylonToolbar
Ordner Gefunden : C:\Program Files (x86)\SweetIM
Ordner Gefunden : C:\Program Files (x86)\Wajam
Ordner Gefunden : C:\Program Files\Babylon
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\Browser Manager
Ordner Gefunden : C:\ProgramData\SweetIM
Ordner Gefunden : C:\Users\Josh\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Josh\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\Josh\AppData\Local\Wajam
Ordner Gefunden : C:\Users\Josh\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Josh\AppData\Roaming\BabylonToolbar

***** [Registrierungsdatenbank] *****

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gefunden : HKCU\Software\BabylonToolbar
Schlüssel Gefunden : HKCU\Software\BrowserMngr
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\ilivid
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\SweetIm
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\BabylonToolbar
Schlüssel Gefunden : HKLM\Software\Bandoo
Schlüssel Gefunden : HKLM\Software\BrowserMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\b
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gefunden : HKLM\Software\SweetIm
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gefunden : HKU\S-1-5-21-1775772143-215352430-2348080800-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-1775772143-215352430-2348080800-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10013&barid={81F12D75-055C-11E2-B919-002421B513CD}
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110184&tt=120912_pcp_3812_3&babsrc=HP_ss&mntrId=aaa805bd0000000000000022436b5ea6
[HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=110184&tt=120912_pcp_3812_3&babsrc=HP_ss&mntrId=aaa805bd0000000000000022436b5ea6
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110184&tt=120912_pcp_3812_3&babsrc=NT_ss&mntrId=aaa805bd0000000000000022436b5ea6

-\\ Opera v12.2.1578.0

Datei : C:\Users\Josh\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [16843 octets] - [23/09/2012 22:00:24]

########## EOF - C:\AdwCleaner[R1].txt - [16904 octets] ##########

Hier der Code!

cosinus · 24.09.2012, 13:29

Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

M-E · 24.09.2012, 17:20

Code:

ATTFilter

# AdwCleaner v2.003 - Datei am 09/24/2012 um 18:20:35 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Josh - JOSH-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Josh\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden : Browser Manager

***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Ordner Gefunden : C:\Program Files (x86)\Babylon
Ordner Gefunden : C:\Program Files (x86)\BabylonToolbar
Ordner Gefunden : C:\Program Files (x86)\SweetIM
Ordner Gefunden : C:\Program Files (x86)\Wajam
Ordner Gefunden : C:\Program Files\Babylon
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\Browser Manager
Ordner Gefunden : C:\ProgramData\SweetIM
Ordner Gefunden : C:\Users\Josh\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Josh\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\Josh\AppData\Local\Wajam
Ordner Gefunden : C:\Users\Josh\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Josh\AppData\Roaming\BabylonToolbar

***** [Registrierungsdatenbank] *****

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gefunden : HKCU\Software\BabylonToolbar
Schlüssel Gefunden : HKCU\Software\BrowserMngr
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\ilivid
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\SweetIm
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\BabylonToolbar
Schlüssel Gefunden : HKLM\Software\Bandoo
Schlüssel Gefunden : HKLM\Software\BrowserMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\b
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gefunden : HKLM\Software\SweetIm
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gefunden : HKU\S-1-5-21-1775772143-215352430-2348080800-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-1775772143-215352430-2348080800-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10013&barid={81F12D75-055C-11E2-B919-002421B513CD}
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110184&tt=120912_pcp_3812_3&babsrc=HP_ss&mntrId=aaa805bd0000000000000022436b5ea6
[HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=110184&tt=120912_pcp_3812_3&babsrc=HP_ss&mntrId=aaa805bd0000000000000022436b5ea6
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110184&tt=120912_pcp_3812_3&babsrc=NT_ss&mntrId=aaa805bd0000000000000022436b5ea6

-\\ Opera v12.2.1578.0

Datei : C:\Users\Josh\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [16900 octets] - [23/09/2012 22:00:24]
AdwCleaner[R2].txt - [17034 octets] - [24/09/2012 18:20:35]

Hier das Log

cosinus · 24.09.2012, 20:25

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

23.09.2012, 19:43	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Gesperrt durch automatische Informationskontrolle Ich hab doch nciht nach bereits geposteten Logs gefragt Sondern ob da noch irgendwelche Logs von Malwarebytes sind, die du noch NICHT gepostet hast! __________________ --> Gesperrt durch automatische Informationskontrolle

Gesperrt durch automatische Informationskontrolle

Log-Analyse und Auswertung: Gesperrt durch automatische Informationskontrolle