Bundestrojaner Vista

tohocin · 21.09.2013, 10:15

Hallo

ich habe seit gestern abend den bundestrojaner.
habe schon versucht eine systemwiederherstullung durchzuführen,
aber wie bekannt fährt der abgesicherte modus immer gleich runter.

desweiteren habe ich versucht eine systemwiederherstellung über die notfall-cd durchzuführen
ist ebenfalls gescheitert.

bin gerade dabei mir die OTLPENet.exe datei runterzuladen.
wenn ich es hinbekomme werde ich die logs posten sowie ich sie habe.

hoffe sie können mir dann helfen meinen rechner wieder zum laufen zu bekommen.

vorab schonmal vielen dank für ihre bemühungen

schrauber · 21.09.2013, 10:18

Hi,

welches Betriebssystem?

tohocin · 21.09.2013, 10:44

windos vista 64 bit

so scan läuft
sowie er fertig ist poste ich die txt dateien

tohocin · 21.09.2013, 12:32

Code:

ATTFilter

OTL logfile created on: 9/21/2013 12:34:00 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.75 Gb Total Space | 109.45 Gb Free Space | 23.91% Space Free | Partition Type: NTFS
Drive D: | 3.80 Gb Total Space | 3.43 Gb Free Space | 90.32% Space Free | Partition Type: NTFS
Drive I: | 457.76 Gb Total Space | 195.10 Gb Free Space | 42.62% Space Free | Partition Type: NTFS
Drive J: | 161.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/10/06 19:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/10/01 06:43:56 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2013/09/20 17:15:20 | 000,062,052 | ---- | M] (Microsoft Corporation) [Auto] -- C:\ProgramData\grr1bj6.pzz -- (Winmgmt)
SRV - [2013/09/06 16:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/01 15:13:18 | 004,569,856 | ---- | M] () [Auto] -- C:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013/06/21 03:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/12 03:11:54 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/24 12:14:51 | 002,620,016 | ---- | M] (Iminent) [Disabled] -- C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe -- (SProtection)
SRV - [2012/11/01 22:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/10 16:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/16 11:28:42 | 002,416,040 | ---- | M] (TeamViewer GmbH) [Disabled] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2012/03/09 18:50:38 | 000,109,064 | ---- | M] (Wajam) [Disabled] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/02/13 22:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/09/04 12:58:14 | 001,355,968 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/03/01 12:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [Disabled] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 17:38:00 | 000,071,096 | ---- | M] () [Disabled] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/04 08:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/07/29 12:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Disabled] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/05/20 12:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007/05/31 12:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 12:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/10 21:18:40 | 000,384,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/12/09 22:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/11/07 22:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/07/03 05:50:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgandnetmodem64.sys -- (ANDNetModem)
DRV:64bit: - [2012/07/03 05:50:00 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgandnetdiag64.sys -- (AndNetDiag)
DRV:64bit: - [2012/04/18 22:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\Windows\System32\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/01/30 22:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\Windows\System32\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 07:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\Windows\System32\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 07:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/09/04 12:58:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/01/26 22:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV:64bit: - [2009/10/06 19:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/06 19:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/30 16:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2008/10/01 02:32:22 | 000,095,584 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2008/05/02 01:59:48 | 000,166,912 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2005/08/25 10:44:37 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.0)
DRV:64bit: - [2005/08/25 10:44:36 | 000,043,008 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)
DRV:64bit: - [2005/08/25 10:44:36 | 000,043,008 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0)
DRV - [2009/11/12 08:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/09/30 04:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_3&babsrc=HP_ss&mntrId=fa628876000000000000002421180ee5
IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP
IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\HetzerHofi_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\HetzerHofi_ON_C\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Reg Error: Key error. File not found
IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/05 22:43:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/19 04:17:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/05/15 03:48:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 11:12:16 | 000,000,000 | ---D | M]
 
[2011/05/17 14:02:06 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} -  File not found
O2:64bit: - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} -  File not found
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} -  File not found
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} -  File not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -  File not found
O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} -  File not found
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} -  File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -  File not found
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} -  File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\HetzerHofi_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\HetzerHofi_ON_C\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKU\HetzerHofi_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\HetzerHofi_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\HetzerHofi_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} -  File not found
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [EmpoweringTechnology]  File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKU\123_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\HetzerHofi_ON_C..\Run: [CollaborationHost]  File not found
O4 - HKU\HetzerHofi_ON_C..\Run: [IE10Updater] C:\Users\HetzerHofi\AppData\Local\Temp\vhcekoionunfibwnlah.bfg ()
O4 - HKU\HetzerHofi_ON_C..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\HetzerHofi_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\123_ON_C..\RunOnce: [avg_spchecker]  File not found
O4 - HKLM..\RunServices: [Driver32]  File not found
O4 - Startup: C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dtlrj6j.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\grr1bj6.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zimt-pc
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) -  File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe (AVG Technologies CZ, s.r.o.)
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/20 17:15:20 | 000,062,052 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\grr1bj6.pzz
[2013/09/20 17:15:15 | 000,192,868 | ---- | C] (Daniel Pistelli) -- C:\ProgramData\6jb1rrg.plz
[2013/09/12 14:23:38 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll
[2013/09/12 14:23:38 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll
[2013/09/11 21:05:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/11 21:05:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/11 21:05:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2013/09/11 21:05:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/09/11 21:05:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/09/11 21:05:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/09/11 21:05:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/09/11 21:05:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/09/11 21:05:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/11 21:05:30 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2013/09/11 21:05:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/09/11 21:05:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/09/11 21:05:30 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/11 21:05:30 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/11 21:05:30 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2013/09/11 21:05:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/09/11 21:05:29 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2013/09/07 17:20:54 | 000,062,560 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\dtlrj6j.pzz
[2013/08/27 17:39:58 | 001,706,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/08/27 17:39:58 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2009/01/12 21:14:34 | 000,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/21 05:17:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/21 05:15:49 | 095,025,368 | ---- | M] () -- C:\ProgramData\grr1bj6.pff
[2013/09/21 05:15:47 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/21 05:15:47 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2013/09/21 05:15:46 | 000,000,000 | ---- | M] () -- C:\ProgramData\grr1bj6.ctrl
[2013/09/21 05:15:46 | 000,000,000 | ---- | M] () -- C:\ProgramData\dtlrj6j.ctrl
[2013/09/21 05:15:44 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\WinMaximizer64-HetzerHofi-Startup.job
[2013/09/21 05:15:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/21 05:15:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/20 18:10:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/20 17:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/20 17:30:06 | 000,016,181 | ---- | M] () -- C:\ProgramData\2hl.exe
[2013/09/20 17:19:54 | 554,735,914 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/20 17:15:20 | 000,062,052 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\grr1bj6.pzz
[2013/09/20 17:15:18 | 000,000,872 | ---- | M] () -- C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\grr1bj6.lnk
[2013/09/20 17:15:15 | 000,192,868 | ---- | M] (Daniel Pistelli) -- C:\ProgramData\6jb1rrg.plz
[2013/09/20 17:08:02 | 000,079,310 | ---- | M] () -- C:\Users\HetzerHofi\Documents\1240076_576053302455799_1630020488_n.jpg
[2013/09/20 16:09:03 | 000,001,158 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-154907131-2759872459-510984776-1000UA.job
[2013/09/19 19:09:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-154907131-2759872459-510984776-1000Core.job
[2013/09/19 14:13:14 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/17 14:32:03 | 000,681,892 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/09/17 14:32:03 | 000,640,922 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/17 14:32:03 | 000,149,356 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/09/17 14:32:03 | 000,122,806 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/11 21:31:20 | 095,025,368 | ---- | M] () -- C:\ProgramData\dtlrj6j.pff
[2013/09/11 21:29:27 | 000,519,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/07 17:20:54 | 000,062,560 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\dtlrj6j.pzz
[2013/09/07 17:20:51 | 000,000,872 | ---- | M] () -- C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dtlrj6j.lnk
[2013/09/07 17:20:48 | 000,166,400 | ---- | M] () -- C:\ProgramData\j6jrltd.plz
 
========== Files Created - No Company Name ==========
 
[2013/09/20 17:30:06 | 000,016,181 | ---- | C] () -- C:\ProgramData\2hl.exe
[2013/09/20 17:15:18 | 000,000,872 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\grr1bj6.lnk
[2013/09/20 17:15:18 | 000,000,000 | ---- | C] () -- C:\ProgramData\grr1bj6.ctrl
[2013/09/20 17:15:15 | 095,025,368 | ---- | C] () -- C:\ProgramData\grr1bj6.pff
[2013/09/20 17:08:01 | 000,079,310 | ---- | C] () -- C:\Users\HetzerHofi\Documents\1240076_576053302455799_1630020488_n.jpg
[2013/09/07 17:20:51 | 000,000,872 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dtlrj6j.lnk
[2013/09/07 17:20:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\dtlrj6j.ctrl
[2013/09/07 17:20:50 | 095,025,368 | ---- | C] () -- C:\ProgramData\dtlrj6j.pff
[2013/09/07 17:20:48 | 000,166,400 | ---- | C] () -- C:\ProgramData\j6jrltd.plz
[2013/08/14 07:55:47 | 000,060,432 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Roaming\data.dat
[2013/04/23 15:22:58 | 001,169,609 | ---- | C] () -- C:\Windows\unins000.exe
[2013/04/23 15:22:58 | 000,081,833 | ---- | C] () -- C:\Windows\unins000.dat
[2012/02/01 13:46:12 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
[2011/11/22 12:44:53 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011/11/22 12:44:53 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/09/24 09:13:24 | 000,000,098 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Local\fusioncache.dat
[2011/09/24 09:12:44 | 001,568,022 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/08 16:24:46 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011/04/16 13:21:27 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2011/02/16 14:29:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/02/09 11:47:23 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/01/31 17:23:51 | 000,031,837 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Roaming\UserTile.png
[2010/06/22 15:05:20 | 000,000,000 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Local\prvlcl.dat
[2010/04/22 05:39:27 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010/04/22 05:36:29 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2010/02/28 13:15:03 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010/02/03 09:59:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/26 22:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/01/06 13:36:48 | 000,000,360 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/11 02:46:59 | 000,000,680 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Local\d3d9caps.dat
[2009/12/05 04:17:48 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/05 04:17:39 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/05 04:17:30 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/12/04 21:44:31 | 000,153,600 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/30 08:41:57 | 000,114,778 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/30 08:39:34 | 000,114,778 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/09/23 18:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/05/29 20:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 20:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/01/12 12:59:28 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/09/04 06:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/04/27 05:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2007/02/05 14:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2009/01/12 14:50:41 | 000,000,000 | ---D | M] -- C:\Users\123\AppData\Roaming\Acer GameZone Console
[2012/03/12 05:46:15 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\ACD Systems
[2009/01/12 14:50:41 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Acer GameZone Console
[2013/01/28 13:30:15 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\AVG January 2013 Campaign
[2012/06/06 11:29:49 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\AVG2012
[2012/05/16 13:48:31 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Babylon
[2012/07/29 11:07:29 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Blender Foundation
[2011/02/26 18:18:01 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Buonp
[2010/04/22 05:39:37 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Canneverbe Limited
[2012/12/15 04:28:17 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\DVDVideoSoft
[2012/12/15 04:27:58 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/08/03 07:18:58 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\eSobi
[2013/04/27 06:56:06 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\ExpressFiles
[2011/09/08 16:39:06 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\FreeVideoConverter
[2010/04/19 19:41:41 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Go Go Gourmet
[2010/12/22 12:51:01 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\gtk-2.0
[2011/03/09 04:16:12 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Guvay
[2012/04/11 13:59:32 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\ICQ
[2013/01/15 13:02:20 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Iminent
[2011/06/06 04:31:04 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\ITTerritory
[2011/02/26 18:16:42 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\k
[2010/10/27 14:00:41 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Leadertech
[2011/11/22 13:18:57 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\LG Electronics
[2012/10/05 07:14:42 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Mael
[2013/01/23 15:37:58 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\MAGIX
[2010/04/19 19:36:40 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Meridian93
[2010/12/28 19:41:23 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Mumble
[2012/01/18 01:06:52 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\MusicNet
[2012/02/19 07:02:31 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Need for Speed World
[2012/12/15 04:27:46 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\OpenCandy
[2012/02/22 03:15:36 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\OpenOffice.org
[2011/01/31 17:23:51 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\PeerNetworking
[2012/03/12 04:56:23 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\PhotoScape
[2010/04/08 07:35:04 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\smc
[2012/08/01 07:48:06 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\TeamViewer
[2013/08/26 05:09:55 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\TS3Client
[2012/12/15 04:28:45 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\TuneUp Software
[2011/12/21 04:22:22 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Unity
[2011/04/16 13:23:27 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\VDownloader
[2009/12/04 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\VistaCodecs
[2012/06/07 08:59:21 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Vjaf
[2012/05/16 13:48:28 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\YourFileDownloader
[2012/03/12 05:44:52 | 000,000,000 | ---D | M] -- C:\ProgramData\ACD Systems
[2009/01/12 14:50:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console
[2009/12/03 12:09:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/04/19 19:38:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Arcade Lab
[2013/02/08 05:13:58 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG2012
[2012/06/05 11:28:08 | 000,000,000 | ---D | M] -- C:\ProgramData\avg9
[2012/05/16 13:48:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2012/05/16 12:08:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Battle.net
[2013/01/09 22:47:24 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2012/10/05 07:55:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Browser Manager
[2010/04/22 05:39:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited
[2011/03/15 04:10:01 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/12/03 12:09:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/02/19 06:10:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2009/01/12 15:04:41 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2009/12/03 12:09:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/01/20 13:51:21 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2010/03/25 07:02:54 | 000,000,000 | ---D | M] -- C:\ProgramData\IM
[2013/01/15 13:02:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Iminent
[2010/03/25 07:02:22 | 000,000,000 | ---D | M] -- C:\ProgramData\IncrediMail
[2013/04/27 15:56:10 | 000,000,000 | ---D | M] -- C:\ProgramData\LGMOBILEAX
[2013/01/23 15:37:58 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2010/04/19 19:36:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Meridian93
[2013/05/15 03:48:49 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData
[2009/12/29 01:27:19 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Drivers HeadQuarters
[2010/03/25 07:02:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PhotoMail
[2011/03/22 03:20:22 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2009/12/05 18:41:13 | 000,000,000 | ---D | M] -- C:\ProgramData\SpinTop Games
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/12/03 12:09:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2013/01/15 12:59:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2012/06/05 11:16:21 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/11/03 18:58:55 | 000,000,000 | ---D | M] -- C:\ProgramData\TERA
[2012/12/15 04:28:45 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2009/12/29 01:27:21 | 000,000,000 | ---D | M] -- C:\ProgramData\UAB
[2009/12/04 21:49:29 | 000,000,000 | ---D | M] -- C:\ProgramData\VistaCodecs
[2009/12/03 12:09:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/12/29 21:30:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Wincert
[2010/08/03 06:36:02 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/04/15 19:16:14 | 000,000,000 | ---D | M] -- C:\ProgramData\WinMaximizer
[2010/09/09 05:35:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Zylom
[2011/09/04 12:49:50 | 000,000,000 | -H-D | M] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2011/04/28 09:34:04 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/12/15 04:28:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2011/09/04 11:35:41 | 000,000,000 | -H-D | M] -- C:\ProgramData\~0
[2013/09/19 19:09:00 | 000,001,136 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-154907131-2759872459-510984776-1000Core.job
[2013/09/20 16:09:03 | 000,001,158 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-154907131-2759872459-510984776-1000UA.job
[2013/09/21 05:16:43 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/09/21 05:15:44 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer64-HetzerHofi-Startup.job
[2013/09/21 05:15:47 | 000,000,298 | -H-- | M] () -- C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2634FC95
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DAFD38AE
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >

finde die extra.txt datei nicht
otlpe hat nur eine otl datei erstellt

so habe erneut einen scan durchgeführt
und diesmal auch die extra txt datei

OTL log:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 9/21/2013 2:25:19 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.75 Gb Total Space | 109.46 Gb Free Space | 23.91% Space Free | Partition Type: NTFS
Drive D: | 3.80 Gb Total Space | 3.76 Gb Free Space | 98.83% Space Free | Partition Type: NTFS
Drive I: | 457.76 Gb Total Space | 195.10 Gb Free Space | 42.62% Space Free | Partition Type: NTFS
Drive J: | 161.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/10/06 19:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/10/01 06:43:56 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2013/09/20 17:15:20 | 000,062,052 | ---- | M] (Microsoft Corporation) [Auto] -- C:\ProgramData\grr1bj6.pzz -- (Winmgmt)
SRV - [2013/09/06 16:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/01 15:13:18 | 004,569,856 | ---- | M] () [Auto] -- C:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013/06/21 03:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/12 03:11:54 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/24 12:14:51 | 002,620,016 | ---- | M] (Iminent) [Disabled] -- C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe -- (SProtection)
SRV - [2012/11/01 22:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/10 16:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/16 11:28:42 | 002,416,040 | ---- | M] (TeamViewer GmbH) [Disabled] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2012/03/09 18:50:38 | 000,109,064 | ---- | M] (Wajam) [Disabled] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/02/13 22:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/09/04 12:58:14 | 001,355,968 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/03/01 12:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [Disabled] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 17:38:00 | 000,071,096 | ---- | M] () [Disabled] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/04 08:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/07/29 12:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Disabled] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/05/20 12:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2007/05/31 12:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 12:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/10 21:18:40 | 000,384,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/12/09 22:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/11/07 22:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/07/03 05:50:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgandnetmodem64.sys -- (ANDNetModem)
DRV:64bit: - [2012/07/03 05:50:00 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgandnetdiag64.sys -- (AndNetDiag)
DRV:64bit: - [2012/04/18 22:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\Windows\System32\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/01/30 22:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\Windows\System32\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 07:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\Windows\System32\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 07:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/09/04 12:58:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/01/26 22:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV:64bit: - [2009/10/06 19:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/06 19:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/30 16:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2008/10/01 02:32:22 | 000,095,584 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2008/05/02 01:59:48 | 000,166,912 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2005/08/25 10:44:37 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.0)
DRV:64bit: - [2005/08/25 10:44:36 | 000,043,008 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)
DRV:64bit: - [2005/08/25 10:44:36 | 000,043,008 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0)
DRV - [2009/11/12 08:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/09/30 04:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = Babylon Search
IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\HetzerHofi_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\HetzerHofi_ON_C\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Reg Error: Key error. File not found
IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/05 22:43:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/19 04:17:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/05/15 03:48:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 11:12:16 | 000,000,000 | ---D | M]
 
[2011/05/17 14:02:06 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} -  File not found
O2:64bit: - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} -  File not found
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} -  File not found
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} -  File not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -  File not found
O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} -  File not found
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} -  File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -  File not found
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} -  File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\HetzerHofi_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\HetzerHofi_ON_C\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKU\HetzerHofi_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\HetzerHofi_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\HetzerHofi_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} -  File not found
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [EmpoweringTechnology]  File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKU\123_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\HetzerHofi_ON_C..\Run: [CollaborationHost]  File not found
O4 - HKU\HetzerHofi_ON_C..\Run: [IE10Updater] C:\Users\HetzerHofi\AppData\Local\Temp\vhcekoionunfibwnlah.bfg ()
O4 - HKU\HetzerHofi_ON_C..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\HetzerHofi_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\123_ON_C..\RunOnce: [avg_spchecker]  File not found
O4 - HKLM..\RunServices: [Driver32]  File not found
O4 - Startup: C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dtlrj6j.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\grr1bj6.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zimt-pc
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) -  File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe (AVG Technologies CZ, s.r.o.)
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/21 12:39:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/09/20 17:15:20 | 000,062,052 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\grr1bj6.pzz
[2013/09/20 17:15:15 | 000,192,868 | ---- | C] (Daniel Pistelli) -- C:\ProgramData\6jb1rrg.plz
[2013/09/12 14:23:38 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll
[2013/09/12 14:23:38 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll
[2013/09/11 21:05:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/09/11 21:05:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/11 21:05:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2013/09/11 21:05:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/09/11 21:05:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/09/11 21:05:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/09/11 21:05:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/09/11 21:05:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/09/11 21:05:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/09/11 21:05:30 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2013/09/11 21:05:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/09/11 21:05:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/09/11 21:05:30 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/09/11 21:05:30 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/11 21:05:30 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2013/09/11 21:05:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/09/11 21:05:29 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2013/09/07 17:20:54 | 000,062,560 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\dtlrj6j.pzz
[2013/08/27 17:39:58 | 001,706,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/08/27 17:39:58 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2009/01/12 21:14:34 | 000,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/21 05:17:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/21 05:15:49 | 095,025,368 | ---- | M] () -- C:\ProgramData\grr1bj6.pff
[2013/09/21 05:15:47 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/21 05:15:47 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2013/09/21 05:15:46 | 000,000,000 | ---- | M] () -- C:\ProgramData\grr1bj6.ctrl
[2013/09/21 05:15:46 | 000,000,000 | ---- | M] () -- C:\ProgramData\dtlrj6j.ctrl
[2013/09/21 05:15:44 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\WinMaximizer64-HetzerHofi-Startup.job
[2013/09/21 05:15:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/21 05:15:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/20 18:10:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/20 17:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/20 17:30:06 | 000,016,181 | ---- | M] () -- C:\ProgramData\2hl.exe
[2013/09/20 17:19:54 | 554,735,914 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/20 17:15:20 | 000,062,052 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\grr1bj6.pzz
[2013/09/20 17:15:18 | 000,000,872 | ---- | M] () -- C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\grr1bj6.lnk
[2013/09/20 17:15:15 | 000,192,868 | ---- | M] (Daniel Pistelli) -- C:\ProgramData\6jb1rrg.plz
[2013/09/20 17:08:02 | 000,079,310 | ---- | M] () -- C:\Users\HetzerHofi\Documents\1240076_576053302455799_1630020488_n.jpg
[2013/09/20 16:09:03 | 000,001,158 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-154907131-2759872459-510984776-1000UA.job
[2013/09/19 19:09:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-154907131-2759872459-510984776-1000Core.job
[2013/09/19 14:13:14 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/17 14:32:03 | 000,681,892 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/09/17 14:32:03 | 000,640,922 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/17 14:32:03 | 000,149,356 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/09/17 14:32:03 | 000,122,806 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/11 21:31:20 | 095,025,368 | ---- | M] () -- C:\ProgramData\dtlrj6j.pff
[2013/09/11 21:29:27 | 000,519,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/07 17:20:54 | 000,062,560 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\dtlrj6j.pzz
[2013/09/07 17:20:51 | 000,000,872 | ---- | M] () -- C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dtlrj6j.lnk
[2013/09/07 17:20:48 | 000,166,400 | ---- | M] () -- C:\ProgramData\j6jrltd.plz
 
========== Files Created - No Company Name ==========
 
[2013/09/20 17:30:06 | 000,016,181 | ---- | C] () -- C:\ProgramData\2hl.exe
[2013/09/20 17:15:18 | 000,000,872 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\grr1bj6.lnk
[2013/09/20 17:15:18 | 000,000,000 | ---- | C] () -- C:\ProgramData\grr1bj6.ctrl
[2013/09/20 17:15:15 | 095,025,368 | ---- | C] () -- C:\ProgramData\grr1bj6.pff
[2013/09/20 17:08:01 | 000,079,310 | ---- | C] () -- C:\Users\HetzerHofi\Documents\1240076_576053302455799_1630020488_n.jpg
[2013/09/07 17:20:51 | 000,000,872 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dtlrj6j.lnk
[2013/09/07 17:20:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\dtlrj6j.ctrl
[2013/09/07 17:20:50 | 095,025,368 | ---- | C] () -- C:\ProgramData\dtlrj6j.pff
[2013/09/07 17:20:48 | 000,166,400 | ---- | C] () -- C:\ProgramData\j6jrltd.plz
[2013/08/14 07:55:47 | 000,060,432 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Roaming\data.dat
[2013/04/23 15:22:58 | 001,169,609 | ---- | C] () -- C:\Windows\unins000.exe
[2013/04/23 15:22:58 | 000,081,833 | ---- | C] () -- C:\Windows\unins000.dat
[2012/02/01 13:46:12 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
[2011/11/22 12:44:53 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011/11/22 12:44:53 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/09/24 09:13:24 | 000,000,098 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Local\fusioncache.dat
[2011/09/24 09:12:44 | 001,568,022 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/08 16:24:46 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011/04/16 13:21:27 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2011/02/16 14:29:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/02/09 11:47:23 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/01/31 17:23:51 | 000,031,837 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Roaming\UserTile.png
[2010/06/22 15:05:20 | 000,000,000 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Local\prvlcl.dat
[2010/04/22 05:39:27 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010/04/22 05:36:29 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2010/02/28 13:15:03 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010/02/03 09:59:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/26 22:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/01/06 13:36:48 | 000,000,360 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/11 02:46:59 | 000,000,680 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Local\d3d9caps.dat
[2009/12/05 04:17:48 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/05 04:17:39 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/12/05 04:17:30 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/12/04 21:44:31 | 000,153,600 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/30 08:41:57 | 000,114,778 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/30 08:39:34 | 000,114,778 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/09/23 18:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/05/29 20:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/05/29 20:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/01/12 12:59:28 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/09/04 06:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/04/27 05:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2007/02/05 14:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2009/01/12 14:50:41 | 000,000,000 | ---D | M] -- C:\Users\123\AppData\Roaming\Acer GameZone Console
[2012/03/12 05:46:15 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\ACD Systems
[2009/01/12 14:50:41 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Acer GameZone Console
[2013/01/28 13:30:15 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\AVG January 2013 Campaign
[2012/06/06 11:29:49 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\AVG2012
[2012/05/16 13:48:31 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Babylon
[2012/07/29 11:07:29 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Blender Foundation
[2011/02/26 18:18:01 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Buonp
[2010/04/22 05:39:37 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Canneverbe Limited
[2012/12/15 04:28:17 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\DVDVideoSoft
[2012/12/15 04:27:58 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/08/03 07:18:58 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\eSobi
[2013/04/27 06:56:06 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\ExpressFiles
[2011/09/08 16:39:06 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\FreeVideoConverter
[2010/04/19 19:41:41 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Go Go Gourmet
[2010/12/22 12:51:01 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\gtk-2.0
[2011/03/09 04:16:12 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Guvay
[2012/04/11 13:59:32 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\ICQ
[2013/01/15 13:02:20 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Iminent
[2011/06/06 04:31:04 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\ITTerritory
[2011/02/26 18:16:42 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\k
[2010/10/27 14:00:41 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Leadertech
[2011/11/22 13:18:57 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\LG Electronics
[2012/10/05 07:14:42 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Mael
[2013/01/23 15:37:58 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\MAGIX
[2010/04/19 19:36:40 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Meridian93
[2010/12/28 19:41:23 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Mumble
[2012/01/18 01:06:52 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\MusicNet
[2012/02/19 07:02:31 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Need for Speed World
[2012/12/15 04:27:46 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\OpenCandy
[2012/02/22 03:15:36 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\OpenOffice.org
[2011/01/31 17:23:51 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\PeerNetworking
[2012/03/12 04:56:23 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\PhotoScape
[2010/04/08 07:35:04 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\smc
[2012/08/01 07:48:06 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\TeamViewer
[2013/08/26 05:09:55 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\TS3Client
[2012/12/15 04:28:45 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\TuneUp Software
[2011/12/21 04:22:22 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Unity
[2011/04/16 13:23:27 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\VDownloader
[2009/12/04 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\VistaCodecs
[2012/06/07 08:59:21 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Vjaf
[2012/05/16 13:48:28 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\YourFileDownloader
[2012/03/12 05:44:52 | 000,000,000 | ---D | M] -- C:\ProgramData\ACD Systems
[2009/01/12 14:50:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console
[2009/12/03 12:09:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/04/19 19:38:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Arcade Lab
[2013/02/08 05:13:58 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG2012
[2012/06/05 11:28:08 | 000,000,000 | ---D | M] -- C:\ProgramData\avg9
[2012/05/16 13:48:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2012/05/16 12:08:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Battle.net
[2013/01/09 22:47:24 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2012/10/05 07:55:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Browser Manager
[2010/04/22 05:39:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited
[2011/03/15 04:10:01 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/12/03 12:09:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/02/19 06:10:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2009/01/12 15:04:41 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2009/12/03 12:09:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/01/20 13:51:21 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2010/03/25 07:02:54 | 000,000,000 | ---D | M] -- C:\ProgramData\IM
[2013/01/15 13:02:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Iminent
[2010/03/25 07:02:22 | 000,000,000 | ---D | M] -- C:\ProgramData\IncrediMail
[2013/04/27 15:56:10 | 000,000,000 | ---D | M] -- C:\ProgramData\LGMOBILEAX
[2013/01/23 15:37:58 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2010/04/19 19:36:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Meridian93
[2013/05/15 03:48:49 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData
[2009/12/29 01:27:19 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Drivers HeadQuarters
[2010/03/25 07:02:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PhotoMail
[2011/03/22 03:20:22 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2009/12/05 18:41:13 | 000,000,000 | ---D | M] -- C:\ProgramData\SpinTop Games
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/12/03 12:09:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2013/01/15 12:59:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2012/06/05 11:16:21 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/11/03 18:58:55 | 000,000,000 | ---D | M] -- C:\ProgramData\TERA
[2012/12/15 04:28:45 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2009/12/29 01:27:21 | 000,000,000 | ---D | M] -- C:\ProgramData\UAB
[2009/12/04 21:49:29 | 000,000,000 | ---D | M] -- C:\ProgramData\VistaCodecs
[2009/12/03 12:09:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/12/29 21:30:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Wincert
[2010/08/03 06:36:02 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/04/15 19:16:14 | 000,000,000 | ---D | M] -- C:\ProgramData\WinMaximizer
[2010/09/09 05:35:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Zylom
[2011/09/04 12:49:50 | 000,000,000 | -H-D | M] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2011/04/28 09:34:04 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/12/15 04:28:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2011/09/04 11:35:41 | 000,000,000 | -H-D | M] -- C:\ProgramData\~0
[2013/09/19 19:09:00 | 000,001,136 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-154907131-2759872459-510984776-1000Core.job
[2013/09/20 16:09:03 | 000,001,158 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-154907131-2759872459-510984776-1000UA.job
[2013/09/21 05:16:43 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013/09/21 05:15:44 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer64-HetzerHofi-Startup.job
[2013/09/21 05:15:47 | 000,000,298 | -H-- | M] () -- C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2634FC95
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DAFD38AE
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >

--- --- ---

und die extra log:

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 9/21/2013 2:25:19 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.75 Gb Total Space | 109.46 Gb Free Space | 23.91% Space Free | Partition Type: NTFS
Drive D: | 3.80 Gb Total Space | 3.76 Gb Free Space | 98.83% Space Free | Partition Type: NTFS
Drive I: | 457.76 Gb Total Space | 195.10 Gb Free Space | 42.62% Space Free | Partition Type: NTFS
Drive J: | 161.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 4B DA C8 71 AC 75 CA 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9AD35249-2D3B-4FB6-A292-0E625475A027}" = AVG 2012
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DFE4E6BB-70F0-4292-B7EB-7A3AD48EBB5C}" = AVG 2012
"{F30AE017-6791-43F1-8591-D31EDDDDFF1A}" = MAGIX Speed burnR (MSI)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9AD35249-2D3B-4FB6-A292-0E625475A027}" = AVG 2012
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DFE4E6BB-70F0-4292-B7EB-7A3AD48EBB5C}" = AVG 2012
"{F30AE017-6791-43F1-8591-D31EDDDDFF1A}" = MAGIX Speed burnR (MSI)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\HetzerHofi_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"ExpressFiles" = ExpressFiles
"UnityWebPlayer" = Unity Web Player
"Wajam" = Wajam
"YourFileDownloader" = YourFileDownloader
 
< End of report >

--- --- ---

schrauber · 21.09.2013, 16:46

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O4 - Startup: C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dtlrj6j.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\grr1bj6.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) -  File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll) -  File not found
[2013/09/20 17:15:20 | 000,062,052 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\grr1bj6.pzz
[2013/09/20 17:15:15 | 000,192,868 | ---- | C] (Daniel Pistelli) -- C:\ProgramData\6jb1rrg.plz
[2013/09/07 17:20:54 | 000,062,560 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\dtlrj6j.pzz
[2013/09/21 05:15:49 | 095,025,368 | ---- | M] () -- C:\ProgramData\grr1bj6.pff
[2013/09/21 05:15:46 | 000,000,000 | ---- | M] () -- C:\ProgramData\grr1bj6.ctrl
[2013/09/21 05:15:46 | 000,000,000 | ---- | M] () -- C:\ProgramData\dtlrj6j.ctrl
[2013/09/20 17:15:20 | 000,062,052 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\grr1bj6.pzz
[2013/09/20 17:15:18 | 000,000,872 | ---- | M] () -- C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\grr1bj6.lnk
[2013/09/20 17:15:15 | 000,192,868 | ---- | M] (Daniel Pistelli) -- C:\ProgramData\6jb1rrg.plz
[2013/09/11 21:31:20 | 095,025,368 | ---- | M] () -- C:\ProgramData\dtlrj6j.pff
[2013/09/07 17:20:54 | 000,062,560 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\dtlrj6j.pzz
[2013/09/07 17:20:51 | 000,000,872 | ---- | M] () -- C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dtlrj6j.lnk
[2013/09/07 17:20:48 | 000,166,400 | ---- | M] () -- C:\ProgramData\j6jrltd.plz

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Rechner normal starten.

21.09.2013, 10:18	#2
schrauber /// the machine /// TB-Ausbilder	Bundestrojaner Vista Hi, welches Betriebssystem? __________________ __________________

Bundestrojaner Vista

Plagegeister aller Art und deren Bekämpfung: Bundestrojaner Vista