"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde gesperrt."

Zu.oft · 02.08.2012, 19:42

Hey,
mich hats jetzt auch erwischt.
Der Sperrtrojaner, der mir vorgaukelt, das ich pornografische Inhalte mit Kindern runtergeladen hätte und die Copyright´s von Softwarefirmen verletzt hätte.

Mir ist natürlich erstmal der Magen in die Kniee gerutscht, da ich zwar ganz gut zurecht komme, aber kein echter Kenner bin, wenns um Computer geht.
Denn selbst bei so einem Blösinn, weiß man ja nie, welche unserer so geliebten Pop-ups sich jetzt schon wieder geöffnet haben.
Aber allein die Rechtschreibfehler, die zu überweisenden 100€ und der blödsinnige Inhalt bringen dann ja doch jeden Leien darauf, dass es ein Virus ist.

Ich hab mir bereits den Thread zur Beseitigung durchgelesen, OTL gedownloaded, alles wie verlangt ausgeführt und wollte meine beiden Txt-Dateien posten.

Otl.Txt:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 02.08.2012 20:09:49 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Julius\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 86,83% Memory free
6,19 Gb Paging File | 5,97 Gb Available in Paging File | 96,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,99 Gb Total Space | 260,48 Gb Free Space | 57,50% Space Free | Partition Type: NTFS
Drive D: | 3,96 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 15,10 Gb Total Space | 15,10 Gb Free Space | 99,97% Space Free | Partition Type: FAT32
 
Computer Name: JULIUS-PC | User Name: Julius | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Julius\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (OverwolfUpdaterService) -- C:\Program Files\Overwolf\\OverwolfUpdater.exe ()
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (HiPatchService) -- C:\Programme\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (VMCService) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (IGBASVC) -- c:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (ByakkoDriver) -- C:\Programme\Games Pirate\Cabal Reloaded\Byakko.K32 ()
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (AlfaFF) -- C:\Windows\System32\drivers\AlfaFF.sys (Alfa Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.)
DRV - (FPSensor) -- C:\Windows\System32\drivers\FPSensor.sys (Egis)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1011&m=aspire_7738
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1011&m=aspire_7738
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1011&m=aspire_7738
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.linkury.com
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=c13sRr2xiA-IZqjNU98LFU3u-dk?q={searchTerms}
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\..\SearchScopes\{E829B46B-3033-4E62-B4D5-B5FD6D019BA5}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://search.linkury.com"
FF - prefs.js..keyword.URL: "hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2011.10.10 14:53:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.09 00:51:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.09 00:51:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.10.04 12:06:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julius\AppData\Roaming\mozilla\Extensions
[2012.05.18 21:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\ux7aupr0.default\extensions
[2012.04.24 18:44:16 | 000,000,000 | ---D | M] (Site Launcher) -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\ux7aupr0.default\extensions\{20291fcc-1471-46c8-8213-5911f5ce6d67}
[2012.05.18 21:01:59 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\ux7aupr0.default\extensions\ich@maltegoetz.de
[2011.12.04 22:55:06 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\ux7aupr0.default\extensions\linkuryfirefoxremoteplugin@linkury.com
[2011.12.04 22:55:09 | 000,002,072 | ---- | M] () -- C:\Users\Julius\AppData\Roaming\Mozilla\Firefox\Profiles\ux7aupr0.default\searchplugins\Linkury Smartbar Search.xml
[2012.01.22 12:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.04 12:15:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.11.18 16:58:07 | 000,002,060 | ---- | M] () (No name found) -- C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX7AUPR0.DEFAULT\EXTENSIONS\EXPORTCOOKIES@AAG.XPI
[2012.07.09 00:51:14 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012.02.27 19:57:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.27 19:57:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.27 19:57:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.27 19:57:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.27 19:57:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.27 19:57:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Linkury Smartbar Search (Enabled)
CHR - default_search_provider: search_url = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.linkury.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Julius\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Shockwave Flash = C:\Users\Julius\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: Skype Click to Call = C:\Users\Julius\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] c:\Programme\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3107128103-2528048141-270171397-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3107128103-2528048141-270171397-1000..\Run: [ihoha.exe] C:\Users\Julius\AppData\Roaming\Omuhd\ihoha.exe ()
O4 - HKU\S-1-5-21-3107128103-2528048141-270171397-1000..\Run: [Ikyfre] C:\Users\Julius\AppData\Roaming\Ansen\edofp.exe (Dynapower USA)
O4 - HKU\S-1-5-21-3107128103-2528048141-270171397-1000..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKU\S-1-5-21-3107128103-2528048141-270171397-1000..\Run: [Linkury Chrome Smartbar] C:\Program Files\Linkury\Linkury.exe (Linkury)
O4 - HKU\S-1-5-21-3107128103-2528048141-270171397-1000..\Run: [Overwolf] C:\Program Files\Overwolf\Overwolf.exe (Overwolf)
O4 - HKU\S-1-5-21-3107128103-2528048141-270171397-1000..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKU\S-1-5-21-3107128103-2528048141-270171397-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3107128103-2528048141-270171397-1000..\Run: [WSManMigrationPlugin] C:\Users\Julius\AppData\Local\Microsoft\Windows\4911\WSManMigrationPlugin.exe ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A1B3162-A7D5-4441-AE4F-925D477006B8}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CE2D4F1-7CCF-4ECD-A6A6-ED6A93738E48}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BC19EA9-159D-4FE2-BE2B-854A65D6F6E8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD49DA4E-420D-4099-9E85-3C4D5EB7E5A8}: DhcpNameServer = 139.7.30.126 139.7.30.125
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Overwolf\SKYPE4~2.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Julius\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Julius\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.11.30 18:35:13 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{40ec3c2e-f255-11e0-869b-001f16bdfb48}\Shell - "" = AutoRun
O33 - MountPoints2\{40ec3c2e-f255-11e0-869b-001f16bdfb48}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{40ec3c39-f255-11e0-869b-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{40ec3c39-f255-11e0-869b-001e101f79c9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c3373fc0-6f4d-11e1-aaf4-001f16bdfb48}\Shell - "" = AutoRun
O33 - MountPoints2\{c3373fc0-6f4d-11e1-aaf4-001f16bdfb48}\Shell\AutoRun\command - "" = F:\sources\sperr32.exe x64
O33 - MountPoints2\{ca2af8d1-ee76-11e0-ad9e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ca2af8d1-ee76-11e0-ad9e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launch.exe -- [2004.10.21 20:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.02 20:08:46 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Julius\Desktop\OTL.exe
[2012.08.02 19:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Overwolf
[2012.08.02 19:47:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.02 18:13:50 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\hellomoto
[2012.07.14 11:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War
[2012.07.14 11:48:32 | 000,000,000 | ---D | C] -- C:\Program Files\The Creative Assembly
[2012.07.11 15:14:37 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\Ruki
[2012.07.11 15:14:37 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\Omuhd
[2012.07.11 14:20:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.07.11 14:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2012.07.10 00:47:23 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\Ovypb
[2012.07.10 00:47:23 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\Haip
[2012.07.10 00:47:23 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\Ansen
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.02 20:02:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.02 19:48:50 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.08.02 19:48:50 | 000,007,808 | ---- | M] () -- C:\Users\Julius\AppData\Local\d3d9caps.dat
[2012.08.02 19:48:49 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.08.02 19:48:49 | 000,000,552 | ---- | M] () -- C:\Users\Julius\AppData\Local\d3d8caps.dat
[2012.08.02 19:45:08 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Julius\Desktop\OTL.exe
[2012.08.02 19:41:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.02 19:40:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 19:40:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 19:17:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.02 15:20:06 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.14 19:41:05 | 000,037,376 | ---- | M] () -- C:\Users\Julius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.14 11:57:08 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Rome - Total War.lnk
[2012.07.12 18:53:48 | 000,735,501 | ---- | M] () -- C:\Users\Julius\Documents\IMG_12072012_174539.png
[2012.07.09 23:39:08 | 191,376,356 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.02 19:48:49 | 000,000,552 | ---- | C] () -- C:\Users\Julius\AppData\Local\d3d8caps.dat
[2012.07.14 11:57:08 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\Rome - Total War.lnk
[2012.07.12 18:53:22 | 000,735,501 | ---- | C] () -- C:\Users\Julius\Documents\IMG_12072012_174539.png
[2011.11.15 17:23:26 | 000,141,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.11.15 17:23:25 | 000,138,056 | ---- | C] () -- C:\Users\Julius\AppData\Roaming\PnkBstrK.sys
[2011.11.15 17:23:07 | 000,281,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.11.15 17:23:01 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.10.15 09:58:23 | 000,007,808 | ---- | C] () -- C:\Users\Julius\AppData\Local\d3d9caps.dat
[2011.10.09 20:44:52 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.10.04 21:18:58 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2011.10.04 18:34:09 | 000,037,376 | ---- | C] () -- C:\Users\Julius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.04 12:59:39 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.10.04 12:57:10 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.10.04 12:14:01 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011.10.04 12:14:01 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2011.10.04 12:14:00 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2011.10.04 12:12:10 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2011.10.04 12:12:10 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2011.10.04 12:12:10 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011.10.04 12:12:09 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2011.10.04 12:12:09 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2011.10.04 12:12:09 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011.05.31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011.05.31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== LOP Check ==========
 
[2011.10.04 12:27:12 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2011.10.04 12:27:12 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2012.02.19 15:14:45 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\.minecraft
[2011.10.04 12:18:24 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Acer
[2011.10.04 12:27:12 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Acer GameZone Console
[2012.07.10 00:47:23 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Ansen
[2011.10.10 14:53:42 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Bytemobile
[2012.03.16 13:48:10 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\DAEMON Tools Lite
[2012.08.01 22:01:59 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Haip
[2012.08.02 18:14:22 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\hellomoto
[2012.05.02 21:54:51 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\LolClient
[2012.05.28 19:21:40 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\LolClient2
[2012.07.11 15:14:37 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Omuhd
[2011.11.15 16:26:57 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\OpenCandy
[2012.07.10 00:47:23 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Ovypb
[2011.11.16 23:42:58 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\PowerCinema
[2012.01.29 12:37:51 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\redsn0w
[2012.07.15 01:11:02 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Ruki
[2011.11.15 21:04:19 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\SoftDMA
[2012.05.16 23:18:43 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\TS3Client
[2011.10.10 14:54:13 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Vodafone
[2011.10.10 14:56:20 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Vodafone Mobile Connect
[2012.08.01 23:12:25 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F

< End of report >

--- --- ---

Extras.Txt:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 02.08.2012 20:09:49 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Julius\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 86,83% Memory free
6,19 Gb Paging File | 5,97 Gb Available in Paging File | 96,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,99 Gb Total Space | 260,48 Gb Free Space | 57,50% Space Free | Partition Type: NTFS
Drive D: | 3,96 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 15,10 Gb Total Space | 15,10 Gb Free Space | 99,97% Space Free | Partition Type: FAT32
 
Computer Name: JULIUS-PC | User Name: Julius | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-3107128103-2528048141-270171397-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16E72B3C-BBD9-488E-ACAD-B82B6BD16098}" = rport=138 | protocol=17 | dir=out | app=system | 
"{16E8F7E9-0DA8-4E6A-B199-AAD98FDE59FE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1F36BE03-D768-41D5-B3E7-4E734115ED1B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{25D1B6A2-BAA6-48BF-A093-DA95C9D0D346}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3B12A892-57B8-4084-BF94-A665844B6071}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4F9A8889-BFEB-4386-9A92-842588D9475A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{628C4497-6885-4B99-8079-E31470F75595}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{646AEDC6-55F4-4A81-98BC-FB0F956C53AE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{68195003-AF9A-40BE-B748-0D7252CA519C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8EF2D1C8-2F42-412F-90BB-52F43C159E97}" = rport=139 | protocol=6 | dir=out | app=system | 
"{99C2450F-E428-40FE-9DEC-9DC3729ED491}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{EB066731-22CC-4520-803F-A34E50F4130C}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0708B2F0-0F3C-4DAF-9A5E-82F82E8FFCF6}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{09D93844-B3C3-47D3-A9A6-463DCC213954}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0BD2ED27-280E-4457-AE84-0AFD0797F720}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{1B835ACA-1989-4277-BD7A-22FEEB52B40D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{287924DF-10A1-4FF6-AF1E-1AD6F451D8C1}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{28CBF4D0-D6FD-4A94-9021-1318E28EFD3A}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{399E030F-51F7-4B62-889C-96FB2F241932}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{410D24B7-5DFB-4394-AB8C-C87897406C5A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{424E5E0E-659D-4302-99FA-8F1F5DD332EA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{4402DD63-92A1-4298-B39C-DF3856A5C25E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{49111963-2CDF-4E56-B9B2-1B690ED2CDFD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\juliusholz2009\counter-strike source\hl2.exe | 
"{4F2377A6-AC4C-4F11-B611-1F2A8BA14F68}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4FCE50B2-7EB6-4044-975E-083C2D21AAB3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{507E0343-D68A-44FD-9ECD-8533BC696369}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{57CA96CF-98C7-45A1-90F7-DD9B6DA5457B}" = protocol=6 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{5860231B-66D4-448F-BD1D-58357F619DBB}" = protocol=17 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{590C0619-0518-4595-8DDF-19EF077A6A17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{596D189E-F5ED-4842-80D6-967475EA4735}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{5B57B9C8-5FF4-418B-9794-F8AF495806C8}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{5E0F9B42-9CEC-4523-BF7C-915E4CFEF6BE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2\arma2.exe | 
"{60CE05D4-2E73-4A2D-B9B5-82293763CA53}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{66A9D38B-10DA-411E-A33A-B61C1A311744}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{67132FDA-6B1A-40DC-A945-15762AFDB105}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\juliusholz2009\counter-strike source\hl2.exe | 
"{6A56C149-8E42-4D46-8E68-D35C404B9E61}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{6F25312B-0A25-4A3A-970D-B7E786792330}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{70D6B599-A58D-407A-AEB6-561F19A9A109}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{71831210-520E-4683-99E3-B836C824EBE7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{763F5E67-36E2-44FA-B037-B18A2F7547F6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{78B7EFF3-AA96-458D-9EF3-1F68E2762758}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2\arma2.exe | 
"{878067B3-30F2-46F6-B0DF-84E16060D8E2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{88C1253E-F62A-4F72-B331-1E84AF85A24F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8BAFAF3F-7E0E-4539-AFD1-D37FAB6439B2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe | 
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{96AC0913-C0BB-498E-8CBB-F6F3B3427175}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{96C11CA6-84DB-4D58-B2C8-98F463EBA933}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{9E3DD461-85F9-404B-91D4-91210FB5A3BF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{A6A7E1C3-66C5-4024-AFF8-299D8EF8DC62}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{AF07BA96-F092-4D3F-8822-C92E305B20EF}" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | 
"{B7A2B8B3-ED11-4A64-AF08-3DDCD314DE09}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd | 
"{B81566E0-36BC-4B60-A428-58B5EFE2D632}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{BE68B457-1969-4C14-A6BD-0946F01434A9}" = protocol=17 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\apb.exe | 
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{C4A145CB-DD8C-4D15-9FFB-E47B526F2D1B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{C72F5D9A-9CFD-4B06-B7DD-86F2EB3EF37E}" = protocol=6 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\apb.exe | 
"{C755CAC0-0DE2-4B53-81BB-80F5FBE94C5C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{CB045E4C-4854-4738-B975-40A2482DDD84}" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | 
"{D5571B99-97FF-4E57-A749-265F38A90A7D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe | 
"{D5735DED-CEE2-415E-832C-60C339CD7653}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{EFBCB5FD-BDDF-4CFD-8AE6-6ECD27C33D5F}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"TCP Query User{0F35E296-A8C2-4430-AE87-7D0E561799E9}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{1AFC9081-8AE1-44A8-A76E-615D25F2611A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{1F47BA87-403D-4F3E-8F34-9A71BA54A545}C:\program files\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe | 
"TCP Query User{3A4ABA29-320A-4A97-972D-6FDFA473C6DA}C:\users\julius\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\julius\desktop\warcraft iii\war3.exe | 
"TCP Query User{78EBEC96-14CF-4B51-86FF-3121634B6D3A}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{AD877076-8B96-4E95-AB71-EDCD7B676207}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{C2FBF69C-5C2E-4735-A576-9F4DB34F7D83}E:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\warcraft iii\war3.exe | 
"TCP Query User{E019EC0A-E57E-40A8-B56B-C4254349320E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{0CF0CD09-F973-4032-9B17-86D347724E79}E:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\warcraft iii\war3.exe | 
"UDP Query User{253FBCE0-DA39-4617-9A8D-A0E985121D2F}C:\users\julius\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\julius\desktop\warcraft iii\war3.exe | 
"UDP Query User{395E67FD-578E-4B95-8BAC-96C9B0CBA357}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{3D8F202F-4C23-4753-880E-63ABB753ECAF}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{5F61EF76-049F-492E-B521-506C936A79C2}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{8054392E-96F4-4CBC-9A25-484808C7DBB6}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{8E45ACBA-BDFD-497F-8C9D-5BB5E29A490A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{CA5744B3-2D49-4A14-9275-4B6369601757}C:\program files\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files\hi-rez studios\hirezgames\tribes alpha\binaries\win32\tribesascend.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2042E020-A633-44CC-BD1D-9851A7C19365}" = Overwolf
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 30
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Open Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Fingerprint Solution
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7B772F48-58A8-48C1-8F93-0AA960767FCA}" = Linkury Smartbar
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8CF3AA1D-7AAA-449C-97B7-03B9AC3744B1}" = GP-CabalReloaded
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90877318-0BD0-4BDE-BFC0-C4BB12DAC86A}_is1" = Rappelz
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7931866-0CDF-4865-A9BF-BB735977F377}_is1" = Ondine Server Client Version 1.5.1
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{BF9FD124-1112-4C8D-8F79-779A11C6287D}" = Logitech GamePanel Software 3.05.151
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.79.326
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"APB Reloaded" = APB Reloaded
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BattlEye for OA" = BattlEye for OA Uninstall
"CABAL Online (Europe)_is1" = CABAL Online Europe (Europe)
"CABAL Online_is1" = CABAL Online
"DAEMON Tools Lite" = DAEMON Tools Lite
"GamersFirst LIVE!" = GamersFirst LIVE!
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"Guild Wars" = GUILD WARS
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Acer Bio Protection
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"McAfee Security Scan" = McAfee Security Scan Plus
"Metin2_is1" = Metin2
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"Steam App 240" = Counter-Strike: Source
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Vindictus EU" = Vindictus EU
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WYSIWYG_Web_Builder_8" = WYSIWYG Web Builder 8 
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.06.2012 04:39:28 | Computer Name = Julius-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5569
 
Error - 02.06.2012 04:39:28 | Computer Name = Julius-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5569
 
Error - 09.06.2012 09:14:41 | Computer Name = Julius-PC | Source = VMCService | ID = 0
Description = GetProcessOwner
 
Error - 09.06.2012 12:46:08 | Computer Name = Julius-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 09.06.2012 12:47:24 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.06.2012 13:06:05 | Computer Name = Julius-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 23.06.2012 13:07:27 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.07.2012 10:21:09 | Computer Name = Julius-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 02.07.2012 10:22:35 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.07.2012 11:22:26 | Computer Name = Julius-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ArcadeDeluxeAgent.exe, Version 5.0.0.0, Zeitstempel
 0x4975fd1f, fehlerhaftes Modul RPCRT4.dll, Version 6.0.6001.18247, Zeitstempel 
0x49f0625f, Ausnahmecode 0xc0000005, Fehleroffset 0x000464d5,  Prozess-ID 0xf54, Anwendungsstartzeit
 01cd585e00996e6f.
 
[ System Events ]
Error - 04.10.2011 13:41:16 | Computer Name = Julius-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.10.2011 06:21:48 | Computer Name = Julius-PC | Source = bowser | ID = 8003
Description = 
 
Error - 05.10.2011 08:31:21 | Computer Name = Julius-PC | Source = bowser | ID = 8003
Description = 
 
Error - 05.10.2011 12:03:10 | Computer Name = Julius-PC | Source = bowser | ID = 8003
Description = 
 
Error - 05.10.2011 15:21:49 | Computer Name = Julius-PC | Source = bowser | ID = 8003
Description = 
 
Error - 05.10.2011 18:12:11 | Computer Name = Julius-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 06.10.2011 04:24:29 | Computer Name = Julius-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 06.10.2011 04:25:44 | Computer Name = Julius-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.10.2011 04:31:19 | Computer Name = Julius-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 06.10.2011 04:31:55 | Computer Name = Julius-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

Ich hoffe ich habe alles richtig gemacht, hier im Forum, als auch bei dem Programm und, dass ihr mir helfen könnt.

MfG Zu.Oft
P.S. Da ihr nach dem Text ja wisst, wie ich heiße:
MfG Julius

t'john · 03.08.2012, 15:06

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found 
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found 
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found 
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found 
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found 
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com 
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com 
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com 
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com 
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com 
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=c13sRr2xiA-IZqjNU98LFU3u-dk?q={searchTerms} 
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\..\SearchScopes\{E829B46B-3033-4E62-B4D5-B5FD6D019BA5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_de 
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3107128103-2528048141-270171397-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.startup.homepage: "http://search.linkury.com" 
FF - prefs.js..keyword.URL: "http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q=" 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found 
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll File not found 
CHR - default_search_provider: search_url = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com 
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found. 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. 
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. 
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () 
O4 - HKU\S-1-5-21-3107128103-2528048141-270171397-1000..\Run: [ihoha.exe] C:\Users\Julius\AppData\Roaming\Omuhd\ihoha.exe () 
O4 - HKU\S-1-5-21-3107128103-2528048141-270171397-1000..\Run: [Ikyfre] C:\Users\Julius\AppData\Roaming\Ansen\edofp.exe (Dynapower USA) 
O4 - HKU\S-1-5-21-3107128103-2528048141-270171397-1000..\Run: [WSManMigrationPlugin] C:\Users\Julius\AppData\Local\Microsoft\Windows\4911\WSManMigrationPlugin.exe () 
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found 
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O32 - AutoRun File - [2005.11.30 18:35:13 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ UDF ] 
O33 - MountPoints2\{40ec3c2e-f255-11e0-869b-001f16bdfb48}\Shell - "" = AutoRun 
O33 - MountPoints2\{40ec3c2e-f255-11e0-869b-001f16bdfb48}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{40ec3c39-f255-11e0-869b-001e101f79c9}\Shell - "" = AutoRun 
O33 - MountPoints2\{40ec3c39-f255-11e0-869b-001e101f79c9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence 
O33 - MountPoints2\{c3373fc0-6f4d-11e1-aaf4-001f16bdfb48}\Shell - "" = AutoRun 
O33 - MountPoints2\{c3373fc0-6f4d-11e1-aaf4-001f16bdfb48}\Shell\AutoRun\command - "" = F:\sources\sperr32.exe x64 
O33 - MountPoints2\{ca2af8d1-ee76-11e0-ad9e-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{ca2af8d1-ee76-11e0-ad9e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launch.exe -- [2004.10.21 20:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation) 
[2012.08.02 19:48:50 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.dat 
[2012.08.02 19:48:49 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F 
[2011.12.04 22:55:06 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\ux7aupr0.default\extensions\linkuryfirefoxremoteplugin@linkury.com 
[2012.08.02 18:13:50 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\hellomoto 

[2012.08.02 19:41:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.08.02 19:17:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

t'john · 22.08.2012, 01:19

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde gesperrt."

Plagegeister aller Art und deren Bekämpfung: "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde gesperrt."