|
Plagegeister aller Art und deren Bekämpfung: Bundestrojaner VistaWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.09.2013, 10:15 | #1 |
| Bundestrojaner Vista Hallo ich habe seit gestern abend den bundestrojaner. habe schon versucht eine systemwiederherstullung durchzuführen, aber wie bekannt fährt der abgesicherte modus immer gleich runter. desweiteren habe ich versucht eine systemwiederherstellung über die notfall-cd durchzuführen ist ebenfalls gescheitert. bin gerade dabei mir die OTLPENet.exe datei runterzuladen. wenn ich es hinbekomme werde ich die logs posten sowie ich sie habe. hoffe sie können mir dann helfen meinen rechner wieder zum laufen zu bekommen. vorab schonmal vielen dank für ihre bemühungen |
21.09.2013, 10:18 | #2 |
/// the machine /// TB-Ausbilder | Bundestrojaner Vista Hi,
__________________welches Betriebssystem?
__________________ |
21.09.2013, 10:44 | #3 |
| Bundestrojaner Vista windos vista 64 bit
__________________so scan läuft sowie er fertig ist poste ich die txt dateien Geändert von tohocin (21.09.2013 um 10:37 Uhr) |
21.09.2013, 12:32 | #4 |
| Bundestrojaner VistaCode:
ATTFilter OTL logfile created on: 9/21/2013 12:34:00 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE 64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457.75 Gb Total Space | 109.45 Gb Free Space | 23.91% Space Free | Partition Type: NTFS Drive D: | 3.80 Gb Total Space | 3.43 Gb Free Space | 90.32% Space Free | Partition Type: NTFS Drive I: | 457.76 Gb Total Space | 195.10 Gb Free Space | 42.62% Space Free | Partition Type: NTFS Drive J: | 161.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/10/06 19:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) SRV:64bit: - [2008/10/01 06:43:56 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2013/09/20 17:15:20 | 000,062,052 | ---- | M] (Microsoft Corporation) [Auto] -- C:\ProgramData\grr1bj6.pzz -- (Winmgmt) SRV - [2013/09/06 16:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/07/01 15:13:18 | 004,569,856 | ---- | M] () [Auto] -- C:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai) SRV - [2013/06/21 03:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/06/12 03:11:54 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/01/24 12:14:51 | 002,620,016 | ---- | M] (Iminent) [Disabled] -- C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe -- (SProtection) SRV - [2012/11/01 22:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/10/10 16:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/07/16 11:28:42 | 002,416,040 | ---- | M] (TeamViewer GmbH) [Disabled] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2012/03/09 18:50:38 | 000,109,064 | ---- | M] (Wajam) [Disabled] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater) SRV - [2012/02/13 22:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011/09/04 12:58:14 | 001,355,968 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011/03/01 12:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [Disabled] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/04 17:38:00 | 000,071,096 | ---- | M] () [Disabled] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/12/04 08:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008/07/29 12:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Disabled] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008/05/20 12:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2007/05/31 12:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 12:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/04/10 21:18:40 | 000,384,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012/12/09 22:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012/11/07 22:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012/07/03 05:50:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgandnetmodem64.sys -- (ANDNetModem) DRV:64bit: - [2012/07/03 05:50:00 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgandnetdiag64.sys -- (AndNetDiag) DRV:64bit: - [2012/04/18 22:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\Windows\System32\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012/01/30 22:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\Windows\System32\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011/12/23 07:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\Windows\System32\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011/12/23 07:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011/09/04 12:58:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2010/01/26 22:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\npf.sys -- (npf) DRV:64bit: - [2009/10/06 19:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2009/10/06 19:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb) DRV:64bit: - [2009/04/30 16:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV:64bit: - [2008/10/01 02:32:22 | 000,095,584 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2008/05/02 01:59:48 | 000,166,912 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2005/08/25 10:44:37 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.0) DRV:64bit: - [2005/08/25 10:44:36 | 000,043,008 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) DRV:64bit: - [2005/08/25 10:44:36 | 000,043,008 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) DRV - [2009/11/12 08:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2008/09/30 04:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=110824&tt=031012_ccp_4012_3&babsrc=HP_ss&mntrId=fa628876000000000000002421180ee5 IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\HetzerHofi_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\HetzerHofi_ON_C\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Reg Error: Key error. File not found IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/05 22:43:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/19 04:17:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/05/15 03:48:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 11:12:16 | 000,000,000 | ---D | M] [2011/05/17 14:02:06 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis) O2:64bit: - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - File not found O2:64bit: - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - File not found O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - File not found O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - File not found O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - File not found O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\HetzerHofi_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\HetzerHofi_ON_C\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found. O3 - HKU\HetzerHofi_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\HetzerHofi_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKU\HetzerHofi_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - File not found O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe () O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated) O4:64bit: - HKLM..\Run: [EmpoweringTechnology] File not found O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent) O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKU\123_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\HetzerHofi_ON_C..\Run: [CollaborationHost] File not found O4 - HKU\HetzerHofi_ON_C..\Run: [IE10Updater] C:\Users\HetzerHofi\AppData\Local\Temp\vhcekoionunfibwnlah.bfg () O4 - HKU\HetzerHofi_ON_C..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKU\HetzerHofi_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\UpdatusUser_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\123_ON_C..\RunOnce: [avg_spchecker] File not found O4 - HKLM..\RunServices: [Driver32] File not found O4 - Startup: C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dtlrj6j.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) O4 - Startup: C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\grr1bj6.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found O13:64bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zimt-pc O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll () O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll () O20 - AppInit_DLLs: (c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe (AVG Technologies CZ, s.r.o.) 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013/09/20 17:15:20 | 000,062,052 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\grr1bj6.pzz [2013/09/20 17:15:15 | 000,192,868 | ---- | C] (Daniel Pistelli) -- C:\ProgramData\6jb1rrg.plz [2013/09/12 14:23:38 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll [2013/09/12 14:23:38 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll [2013/09/11 21:05:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/09/11 21:05:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/09/11 21:05:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll [2013/09/11 21:05:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/09/11 21:05:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/09/11 21:05:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/09/11 21:05:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/09/11 21:05:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/09/11 21:05:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/09/11 21:05:30 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll [2013/09/11 21:05:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/09/11 21:05:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/09/11 21:05:30 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/09/11 21:05:30 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/09/11 21:05:30 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2013/09/11 21:05:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2013/09/11 21:05:29 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2013/09/07 17:20:54 | 000,062,560 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\dtlrj6j.pzz [2013/08/27 17:39:58 | 001,706,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2013/08/27 17:39:58 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2009/01/12 21:14:34 | 000,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2013/09/21 05:17:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/09/21 05:15:49 | 095,025,368 | ---- | M] () -- C:\ProgramData\grr1bj6.pff [2013/09/21 05:15:47 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/09/21 05:15:47 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2013/09/21 05:15:46 | 000,000,000 | ---- | M] () -- C:\ProgramData\grr1bj6.ctrl [2013/09/21 05:15:46 | 000,000,000 | ---- | M] () -- C:\ProgramData\dtlrj6j.ctrl [2013/09/21 05:15:44 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\WinMaximizer64-HetzerHofi-Startup.job [2013/09/21 05:15:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/09/21 05:15:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/09/20 18:10:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/09/20 17:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/09/20 17:30:06 | 000,016,181 | ---- | M] () -- C:\ProgramData\2hl.exe [2013/09/20 17:19:54 | 554,735,914 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/09/20 17:15:20 | 000,062,052 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\grr1bj6.pzz [2013/09/20 17:15:18 | 000,000,872 | ---- | M] () -- C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\grr1bj6.lnk [2013/09/20 17:15:15 | 000,192,868 | ---- | M] (Daniel Pistelli) -- C:\ProgramData\6jb1rrg.plz [2013/09/20 17:08:02 | 000,079,310 | ---- | M] () -- C:\Users\HetzerHofi\Documents\1240076_576053302455799_1630020488_n.jpg [2013/09/20 16:09:03 | 000,001,158 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-154907131-2759872459-510984776-1000UA.job [2013/09/19 19:09:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-154907131-2759872459-510984776-1000Core.job [2013/09/19 14:13:14 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/09/17 14:32:03 | 000,681,892 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/09/17 14:32:03 | 000,640,922 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/09/17 14:32:03 | 000,149,356 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/09/17 14:32:03 | 000,122,806 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/09/11 21:31:20 | 095,025,368 | ---- | M] () -- C:\ProgramData\dtlrj6j.pff [2013/09/11 21:29:27 | 000,519,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/09/07 17:20:54 | 000,062,560 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\dtlrj6j.pzz [2013/09/07 17:20:51 | 000,000,872 | ---- | M] () -- C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dtlrj6j.lnk [2013/09/07 17:20:48 | 000,166,400 | ---- | M] () -- C:\ProgramData\j6jrltd.plz ========== Files Created - No Company Name ========== [2013/09/20 17:30:06 | 000,016,181 | ---- | C] () -- C:\ProgramData\2hl.exe [2013/09/20 17:15:18 | 000,000,872 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\grr1bj6.lnk [2013/09/20 17:15:18 | 000,000,000 | ---- | C] () -- C:\ProgramData\grr1bj6.ctrl [2013/09/20 17:15:15 | 095,025,368 | ---- | C] () -- C:\ProgramData\grr1bj6.pff [2013/09/20 17:08:01 | 000,079,310 | ---- | C] () -- C:\Users\HetzerHofi\Documents\1240076_576053302455799_1630020488_n.jpg [2013/09/07 17:20:51 | 000,000,872 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dtlrj6j.lnk [2013/09/07 17:20:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\dtlrj6j.ctrl [2013/09/07 17:20:50 | 095,025,368 | ---- | C] () -- C:\ProgramData\dtlrj6j.pff [2013/09/07 17:20:48 | 000,166,400 | ---- | C] () -- C:\ProgramData\j6jrltd.plz [2013/08/14 07:55:47 | 000,060,432 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Roaming\data.dat [2013/04/23 15:22:58 | 001,169,609 | ---- | C] () -- C:\Windows\unins000.exe [2013/04/23 15:22:58 | 000,081,833 | ---- | C] () -- C:\Windows\unins000.dat [2012/02/01 13:46:12 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini [2011/11/22 12:44:53 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2011/11/22 12:44:53 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2011/09/24 09:13:24 | 000,000,098 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Local\fusioncache.dat [2011/09/24 09:12:44 | 001,568,022 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/09/08 16:24:46 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011/04/16 13:21:27 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe [2011/02/16 14:29:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/02/09 11:47:23 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/01/31 17:23:51 | 000,031,837 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Roaming\UserTile.png [2010/06/22 15:05:20 | 000,000,000 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Local\prvlcl.dat [2010/04/22 05:39:27 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2010/04/22 05:36:29 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI [2010/02/28 13:15:03 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2010/02/03 09:59:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/01/26 22:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2010/01/06 13:36:48 | 000,000,360 | ---- | C] () -- C:\Windows\wininit.ini [2009/12/11 02:46:59 | 000,000,680 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Local\d3d9caps.dat [2009/12/05 04:17:48 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/12/05 04:17:39 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009/12/05 04:17:30 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/12/04 21:44:31 | 000,153,600 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/30 08:41:57 | 000,114,778 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/11/30 08:39:34 | 000,114,778 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/09/23 18:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009/05/29 20:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009/05/29 20:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009/01/12 12:59:28 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007/09/04 06:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2007/04/27 05:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2007/02/05 14:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll [2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== LOP Check ========== [2009/01/12 14:50:41 | 000,000,000 | ---D | M] -- C:\Users\123\AppData\Roaming\Acer GameZone Console [2012/03/12 05:46:15 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\ACD Systems [2009/01/12 14:50:41 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Acer GameZone Console [2013/01/28 13:30:15 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\AVG January 2013 Campaign [2012/06/06 11:29:49 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\AVG2012 [2012/05/16 13:48:31 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Babylon [2012/07/29 11:07:29 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Blender Foundation [2011/02/26 18:18:01 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Buonp [2010/04/22 05:39:37 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Canneverbe Limited [2012/12/15 04:28:17 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\DVDVideoSoft [2012/12/15 04:27:58 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\DVDVideoSoftIEHelpers [2010/08/03 07:18:58 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\eSobi [2013/04/27 06:56:06 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\ExpressFiles [2011/09/08 16:39:06 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\FreeVideoConverter [2010/04/19 19:41:41 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Go Go Gourmet [2010/12/22 12:51:01 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\gtk-2.0 [2011/03/09 04:16:12 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Guvay [2012/04/11 13:59:32 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\ICQ [2013/01/15 13:02:20 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Iminent [2011/06/06 04:31:04 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\ITTerritory [2011/02/26 18:16:42 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\k [2010/10/27 14:00:41 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Leadertech [2011/11/22 13:18:57 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\LG Electronics [2012/10/05 07:14:42 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Mael [2013/01/23 15:37:58 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\MAGIX [2010/04/19 19:36:40 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Meridian93 [2010/12/28 19:41:23 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Mumble [2012/01/18 01:06:52 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\MusicNet [2012/02/19 07:02:31 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Need for Speed World [2012/12/15 04:27:46 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\OpenCandy [2012/02/22 03:15:36 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\OpenOffice.org [2011/01/31 17:23:51 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\PeerNetworking [2012/03/12 04:56:23 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\PhotoScape [2010/04/08 07:35:04 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\smc [2012/08/01 07:48:06 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\TeamViewer [2013/08/26 05:09:55 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\TS3Client [2012/12/15 04:28:45 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\TuneUp Software [2011/12/21 04:22:22 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Unity [2011/04/16 13:23:27 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\VDownloader [2009/12/04 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\VistaCodecs [2012/06/07 08:59:21 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Vjaf [2012/05/16 13:48:28 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\YourFileDownloader [2012/03/12 05:44:52 | 000,000,000 | ---D | M] -- C:\ProgramData\ACD Systems [2009/01/12 14:50:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console [2009/12/03 12:09:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2010/04/19 19:38:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Arcade Lab [2013/02/08 05:13:58 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG2012 [2012/06/05 11:28:08 | 000,000,000 | ---D | M] -- C:\ProgramData\avg9 [2012/05/16 13:48:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon [2012/05/16 12:08:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Battle.net [2013/01/09 22:47:24 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess [2012/10/05 07:55:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Browser Manager [2010/04/22 05:39:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited [2011/03/15 04:10:01 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2009/12/03 12:09:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2012/02/19 06:10:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts [2009/01/12 15:04:41 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi [2009/12/03 12:09:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2011/01/20 13:51:21 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ [2010/03/25 07:02:54 | 000,000,000 | ---D | M] -- C:\ProgramData\IM [2013/01/15 13:02:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Iminent [2010/03/25 07:02:22 | 000,000,000 | ---D | M] -- C:\ProgramData\IncrediMail [2013/04/27 15:56:10 | 000,000,000 | ---D | M] -- C:\ProgramData\LGMOBILEAX [2013/01/23 15:37:58 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX [2010/04/19 19:36:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Meridian93 [2013/05/15 03:48:49 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData [2009/12/29 01:27:19 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Drivers HeadQuarters [2010/03/25 07:02:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PhotoMail [2011/03/22 03:20:22 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files [2009/12/05 18:41:13 | 000,000,000 | ---D | M] -- C:\ProgramData\SpinTop Games [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2009/12/03 12:09:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2013/01/15 12:59:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer [2012/06/05 11:16:21 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2012/11/03 18:58:55 | 000,000,000 | ---D | M] -- C:\ProgramData\TERA [2012/12/15 04:28:45 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software [2009/12/29 01:27:21 | 000,000,000 | ---D | M] -- C:\ProgramData\UAB [2009/12/04 21:49:29 | 000,000,000 | ---D | M] -- C:\ProgramData\VistaCodecs [2009/12/03 12:09:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2012/12/29 21:30:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Wincert [2010/08/03 06:36:02 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch [2010/04/15 19:16:14 | 000,000,000 | ---D | M] -- C:\ProgramData\WinMaximizer [2010/09/09 05:35:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Zylom [2011/09/04 12:49:50 | 000,000,000 | -H-D | M] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2011/04/28 09:34:04 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012/12/15 04:28:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2011/09/04 11:35:41 | 000,000,000 | -H-D | M] -- C:\ProgramData\~0 [2013/09/19 19:09:00 | 000,001,136 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-154907131-2759872459-510984776-1000Core.job [2013/09/20 16:09:03 | 000,001,158 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-154907131-2759872459-510984776-1000UA.job [2013/09/21 05:16:43 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2013/09/21 05:15:44 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer64-HetzerHofi-Startup.job [2013/09/21 05:15:47 | 000,000,298 | -H-- | M] () -- C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4D066AD2 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:AB689DEA @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:793F316E @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2634FC95 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A42A9F39 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DAFD38AE @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > otlpe hat nur eine otl datei erstellt so habe erneut einen scan durchgeführt und diesmal auch die extra txt datei OTL log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 9/21/2013 2:25:19 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE 64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457.75 Gb Total Space | 109.46 Gb Free Space | 23.91% Space Free | Partition Type: NTFS Drive D: | 3.80 Gb Total Space | 3.76 Gb Free Space | 98.83% Space Free | Partition Type: NTFS Drive I: | 457.76 Gb Total Space | 195.10 Gb Free Space | 42.62% Space Free | Partition Type: NTFS Drive J: | 161.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/10/06 19:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) SRV:64bit: - [2008/10/01 06:43:56 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2013/09/20 17:15:20 | 000,062,052 | ---- | M] (Microsoft Corporation) [Auto] -- C:\ProgramData\grr1bj6.pzz -- (Winmgmt) SRV - [2013/09/06 16:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013/07/01 15:13:18 | 004,569,856 | ---- | M] () [Auto] -- C:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai) SRV - [2013/06/21 03:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/06/12 03:11:54 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/01/24 12:14:51 | 002,620,016 | ---- | M] (Iminent) [Disabled] -- C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe -- (SProtection) SRV - [2012/11/01 22:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/10/10 16:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/07/16 11:28:42 | 002,416,040 | ---- | M] (TeamViewer GmbH) [Disabled] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2012/03/09 18:50:38 | 000,109,064 | ---- | M] (Wajam) [Disabled] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater) SRV - [2012/02/13 22:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011/09/04 12:58:14 | 001,355,968 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011/03/01 12:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [Disabled] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/04 17:38:00 | 000,071,096 | ---- | M] () [Disabled] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/12/04 08:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008/07/29 12:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Disabled] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008/05/20 12:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto] -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2007/05/31 12:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 12:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/04/10 21:18:40 | 000,384,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012/12/09 22:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012/11/07 22:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\Windows\System32\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012/07/03 05:50:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgandnetmodem64.sys -- (ANDNetModem) DRV:64bit: - [2012/07/03 05:50:00 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\lgandnetdiag64.sys -- (AndNetDiag) DRV:64bit: - [2012/04/18 22:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- C:\Windows\System32\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012/01/30 22:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\Windows\System32\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011/12/23 07:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\Windows\System32\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011/12/23 07:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011/09/04 12:58:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2010/01/26 22:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\npf.sys -- (npf) DRV:64bit: - [2009/10/06 19:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2009/10/06 19:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb) DRV:64bit: - [2009/04/30 16:55:58 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV:64bit: - [2008/10/01 02:32:22 | 000,095,584 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2008/05/02 01:59:48 | 000,166,912 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2005/08/25 10:44:37 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.0) DRV:64bit: - [2005/08/25 10:44:36 | 000,043,008 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) DRV:64bit: - [2005/08/25 10:44:36 | 000,043,008 | ---- | M] (Realtek Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) DRV - [2009/11/12 08:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2008/09/30 04:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = Babylon Search IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\HetzerHofi_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\HetzerHofi_ON_C\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Reg Error: Key error. File not found IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\HetzerHofi_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/05 22:43:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/19 04:17:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/05/15 03:48:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 11:12:16 | 000,000,000 | ---D | M] [2011/05/17 14:02:06 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis) O2:64bit: - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - File not found O2:64bit: - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - File not found O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - File not found O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - File not found O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - File not found O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - File not found O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - File not found O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\HetzerHofi_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\HetzerHofi_ON_C\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found. O3 - HKU\HetzerHofi_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\HetzerHofi_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKU\HetzerHofi_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - File not found O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe () O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated) O4:64bit: - HKLM..\Run: [EmpoweringTechnology] File not found O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent) O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKU\123_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\HetzerHofi_ON_C..\Run: [CollaborationHost] File not found O4 - HKU\HetzerHofi_ON_C..\Run: [IE10Updater] C:\Users\HetzerHofi\AppData\Local\Temp\vhcekoionunfibwnlah.bfg () O4 - HKU\HetzerHofi_ON_C..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKU\HetzerHofi_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\UpdatusUser_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\123_ON_C..\RunOnce: [avg_spchecker] File not found O4 - HKLM..\RunServices: [Driver32] File not found O4 - Startup: C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dtlrj6j.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) O4 - Startup: C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\grr1bj6.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found O13:64bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zimt-pc O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll () O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll () O20 - AppInit_DLLs: (c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe (AVG Technologies CZ, s.r.o.) 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013/09/21 12:39:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/09/20 17:15:20 | 000,062,052 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\grr1bj6.pzz [2013/09/20 17:15:15 | 000,192,868 | ---- | C] (Daniel Pistelli) -- C:\ProgramData\6jb1rrg.plz [2013/09/12 14:23:38 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll [2013/09/12 14:23:38 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll [2013/09/11 21:05:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/09/11 21:05:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/09/11 21:05:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll [2013/09/11 21:05:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/09/11 21:05:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/09/11 21:05:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/09/11 21:05:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/09/11 21:05:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/09/11 21:05:30 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/09/11 21:05:30 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll [2013/09/11 21:05:30 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/09/11 21:05:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/09/11 21:05:30 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/09/11 21:05:30 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/09/11 21:05:30 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2013/09/11 21:05:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2013/09/11 21:05:29 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2013/09/07 17:20:54 | 000,062,560 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\dtlrj6j.pzz [2013/08/27 17:39:58 | 001,706,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2013/08/27 17:39:58 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2009/01/12 21:14:34 | 000,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2013/09/21 05:17:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/09/21 05:15:49 | 095,025,368 | ---- | M] () -- C:\ProgramData\grr1bj6.pff [2013/09/21 05:15:47 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/09/21 05:15:47 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2013/09/21 05:15:46 | 000,000,000 | ---- | M] () -- C:\ProgramData\grr1bj6.ctrl [2013/09/21 05:15:46 | 000,000,000 | ---- | M] () -- C:\ProgramData\dtlrj6j.ctrl [2013/09/21 05:15:44 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\WinMaximizer64-HetzerHofi-Startup.job [2013/09/21 05:15:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/09/21 05:15:28 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/09/20 18:10:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/09/20 17:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/09/20 17:30:06 | 000,016,181 | ---- | M] () -- C:\ProgramData\2hl.exe [2013/09/20 17:19:54 | 554,735,914 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/09/20 17:15:20 | 000,062,052 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\grr1bj6.pzz [2013/09/20 17:15:18 | 000,000,872 | ---- | M] () -- C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\grr1bj6.lnk [2013/09/20 17:15:15 | 000,192,868 | ---- | M] (Daniel Pistelli) -- C:\ProgramData\6jb1rrg.plz [2013/09/20 17:08:02 | 000,079,310 | ---- | M] () -- C:\Users\HetzerHofi\Documents\1240076_576053302455799_1630020488_n.jpg [2013/09/20 16:09:03 | 000,001,158 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-154907131-2759872459-510984776-1000UA.job [2013/09/19 19:09:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-154907131-2759872459-510984776-1000Core.job [2013/09/19 14:13:14 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/09/17 14:32:03 | 000,681,892 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/09/17 14:32:03 | 000,640,922 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/09/17 14:32:03 | 000,149,356 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/09/17 14:32:03 | 000,122,806 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/09/11 21:31:20 | 095,025,368 | ---- | M] () -- C:\ProgramData\dtlrj6j.pff [2013/09/11 21:29:27 | 000,519,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/09/07 17:20:54 | 000,062,560 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\dtlrj6j.pzz [2013/09/07 17:20:51 | 000,000,872 | ---- | M] () -- C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dtlrj6j.lnk [2013/09/07 17:20:48 | 000,166,400 | ---- | M] () -- C:\ProgramData\j6jrltd.plz ========== Files Created - No Company Name ========== [2013/09/20 17:30:06 | 000,016,181 | ---- | C] () -- C:\ProgramData\2hl.exe [2013/09/20 17:15:18 | 000,000,872 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\grr1bj6.lnk [2013/09/20 17:15:18 | 000,000,000 | ---- | C] () -- C:\ProgramData\grr1bj6.ctrl [2013/09/20 17:15:15 | 095,025,368 | ---- | C] () -- C:\ProgramData\grr1bj6.pff [2013/09/20 17:08:01 | 000,079,310 | ---- | C] () -- C:\Users\HetzerHofi\Documents\1240076_576053302455799_1630020488_n.jpg [2013/09/07 17:20:51 | 000,000,872 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dtlrj6j.lnk [2013/09/07 17:20:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\dtlrj6j.ctrl [2013/09/07 17:20:50 | 095,025,368 | ---- | C] () -- C:\ProgramData\dtlrj6j.pff [2013/09/07 17:20:48 | 000,166,400 | ---- | C] () -- C:\ProgramData\j6jrltd.plz [2013/08/14 07:55:47 | 000,060,432 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Roaming\data.dat [2013/04/23 15:22:58 | 001,169,609 | ---- | C] () -- C:\Windows\unins000.exe [2013/04/23 15:22:58 | 000,081,833 | ---- | C] () -- C:\Windows\unins000.dat [2012/02/01 13:46:12 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini [2011/11/22 12:44:53 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2011/11/22 12:44:53 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2011/09/24 09:13:24 | 000,000,098 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Local\fusioncache.dat [2011/09/24 09:12:44 | 001,568,022 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/09/08 16:24:46 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011/04/16 13:21:27 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe [2011/02/16 14:29:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/02/09 11:47:23 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/01/31 17:23:51 | 000,031,837 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Roaming\UserTile.png [2010/06/22 15:05:20 | 000,000,000 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Local\prvlcl.dat [2010/04/22 05:39:27 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2010/04/22 05:36:29 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI [2010/02/28 13:15:03 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2010/02/03 09:59:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/01/26 22:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2010/01/06 13:36:48 | 000,000,360 | ---- | C] () -- C:\Windows\wininit.ini [2009/12/11 02:46:59 | 000,000,680 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Local\d3d9caps.dat [2009/12/05 04:17:48 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/12/05 04:17:39 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009/12/05 04:17:30 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/12/04 21:44:31 | 000,153,600 | ---- | C] () -- C:\Users\HetzerHofi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/30 08:41:57 | 000,114,778 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/11/30 08:39:34 | 000,114,778 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/09/23 18:46:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009/05/29 20:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009/05/29 20:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009/01/12 12:59:28 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007/09/04 06:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2007/04/27 05:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2007/02/05 14:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 11:02:31 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll [2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== LOP Check ========== [2009/01/12 14:50:41 | 000,000,000 | ---D | M] -- C:\Users\123\AppData\Roaming\Acer GameZone Console [2012/03/12 05:46:15 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\ACD Systems [2009/01/12 14:50:41 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Acer GameZone Console [2013/01/28 13:30:15 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\AVG January 2013 Campaign [2012/06/06 11:29:49 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\AVG2012 [2012/05/16 13:48:31 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Babylon [2012/07/29 11:07:29 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Blender Foundation [2011/02/26 18:18:01 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Buonp [2010/04/22 05:39:37 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Canneverbe Limited [2012/12/15 04:28:17 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\DVDVideoSoft [2012/12/15 04:27:58 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\DVDVideoSoftIEHelpers [2010/08/03 07:18:58 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\eSobi [2013/04/27 06:56:06 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\ExpressFiles [2011/09/08 16:39:06 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\FreeVideoConverter [2010/04/19 19:41:41 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Go Go Gourmet [2010/12/22 12:51:01 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\gtk-2.0 [2011/03/09 04:16:12 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Guvay [2012/04/11 13:59:32 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\ICQ [2013/01/15 13:02:20 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Iminent [2011/06/06 04:31:04 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\ITTerritory [2011/02/26 18:16:42 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\k [2010/10/27 14:00:41 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Leadertech [2011/11/22 13:18:57 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\LG Electronics [2012/10/05 07:14:42 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Mael [2013/01/23 15:37:58 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\MAGIX [2010/04/19 19:36:40 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Meridian93 [2010/12/28 19:41:23 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Mumble [2012/01/18 01:06:52 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\MusicNet [2012/02/19 07:02:31 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Need for Speed World [2012/12/15 04:27:46 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\OpenCandy [2012/02/22 03:15:36 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\OpenOffice.org [2011/01/31 17:23:51 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\PeerNetworking [2012/03/12 04:56:23 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\PhotoScape [2010/04/08 07:35:04 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\smc [2012/08/01 07:48:06 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\TeamViewer [2013/08/26 05:09:55 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\TS3Client [2012/12/15 04:28:45 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\TuneUp Software [2011/12/21 04:22:22 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Unity [2011/04/16 13:23:27 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\VDownloader [2009/12/04 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\VistaCodecs [2012/06/07 08:59:21 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\Vjaf [2012/05/16 13:48:28 | 000,000,000 | ---D | M] -- C:\Users\HetzerHofi\AppData\Roaming\YourFileDownloader [2012/03/12 05:44:52 | 000,000,000 | ---D | M] -- C:\ProgramData\ACD Systems [2009/01/12 14:50:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console [2009/12/03 12:09:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2010/04/19 19:38:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Arcade Lab [2013/02/08 05:13:58 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG2012 [2012/06/05 11:28:08 | 000,000,000 | ---D | M] -- C:\ProgramData\avg9 [2012/05/16 13:48:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon [2012/05/16 12:08:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Battle.net [2013/01/09 22:47:24 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess [2012/10/05 07:55:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Browser Manager [2010/04/22 05:39:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited [2011/03/15 04:10:01 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2009/12/03 12:09:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente [2012/02/19 06:10:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts [2009/01/12 15:04:41 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi [2009/12/03 12:09:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2011/01/20 13:51:21 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ [2010/03/25 07:02:54 | 000,000,000 | ---D | M] -- C:\ProgramData\IM [2013/01/15 13:02:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Iminent [2010/03/25 07:02:22 | 000,000,000 | ---D | M] -- C:\ProgramData\IncrediMail [2013/04/27 15:56:10 | 000,000,000 | ---D | M] -- C:\ProgramData\LGMOBILEAX [2013/01/23 15:37:58 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX [2010/04/19 19:36:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Meridian93 [2013/05/15 03:48:49 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData [2009/12/29 01:27:19 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Drivers HeadQuarters [2010/03/25 07:02:51 | 000,000,000 | ---D | M] -- C:\ProgramData\PhotoMail [2011/03/22 03:20:22 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files [2009/12/05 18:41:13 | 000,000,000 | ---D | M] -- C:\ProgramData\SpinTop Games [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2009/12/03 12:09:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü [2013/01/15 12:59:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer [2012/06/05 11:16:21 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP [2006/11/02 11:42:17 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2012/11/03 18:58:55 | 000,000,000 | ---D | M] -- C:\ProgramData\TERA [2012/12/15 04:28:45 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software [2009/12/29 01:27:21 | 000,000,000 | ---D | M] -- C:\ProgramData\UAB [2009/12/04 21:49:29 | 000,000,000 | ---D | M] -- C:\ProgramData\VistaCodecs [2009/12/03 12:09:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen [2012/12/29 21:30:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Wincert [2010/08/03 06:36:02 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch [2010/04/15 19:16:14 | 000,000,000 | ---D | M] -- C:\ProgramData\WinMaximizer [2010/09/09 05:35:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Zylom [2011/09/04 12:49:50 | 000,000,000 | -H-D | M] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2011/04/28 09:34:04 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012/12/15 04:28:36 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2011/09/04 11:35:41 | 000,000,000 | -H-D | M] -- C:\ProgramData\~0 [2013/09/19 19:09:00 | 000,001,136 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-154907131-2759872459-510984776-1000Core.job [2013/09/20 16:09:03 | 000,001,158 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-154907131-2759872459-510984776-1000UA.job [2013/09/21 05:16:43 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2013/09/21 05:15:44 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\WinMaximizer64-HetzerHofi-Startup.job [2013/09/21 05:15:47 | 000,000,298 | -H-- | M] () -- C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4D066AD2 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:AB689DEA @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:793F316E @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2634FC95 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A42A9F39 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DAFD38AE @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > und die extra log: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 9/21/2013 2:25:19 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE 64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 457.75 Gb Total Space | 109.46 Gb Free Space | 23.91% Space Free | Partition Type: NTFS Drive D: | 3.80 Gb Total Space | 3.76 Gb Free Space | 98.83% Space Free | Partition Type: NTFS Drive I: | 457.76 Gb Total Space | 195.10 Gb Free Space | 42.62% Space Free | Partition Type: NTFS Drive J: | 161.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet002 ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 4B DA C8 71 AC 75 CA 01 [binary data] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software "{9AD35249-2D3B-4FB6-A292-0E625475A027}" = AVG 2012 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DFE4E6BB-70F0-4292-B7EB-7A3AD48EBB5C}" = AVG 2012 "{F30AE017-6791-43F1-8591-D31EDDDDFF1A}" = MAGIX Speed burnR (MSI) "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2012 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "TeamSpeak 3 Client" = TeamSpeak 3 Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software "{9AD35249-2D3B-4FB6-A292-0E625475A027}" = AVG 2012 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DFE4E6BB-70F0-4292-B7EB-7A3AD48EBB5C}" = AVG 2012 "{F30AE017-6791-43F1-8591-D31EDDDDFF1A}" = MAGIX Speed burnR (MSI) "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2012 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\HetzerHofi_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "ExpressFiles" = ExpressFiles "UnityWebPlayer" = Unity Web Player "Wajam" = Wajam "YourFileDownloader" = YourFileDownloader < End of report > |
21.09.2013, 16:46 | #5 |
/// the machine /// TB-Ausbilder | Bundestrojaner VistaFixen mit OTL
Code:
ATTFilter :OTL O4 - Startup: C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dtlrj6j.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) O4 - Startup: C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\grr1bj6.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll () O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll () O20 - AppInit_DLLs: (c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll) - File not found [2013/09/20 17:15:20 | 000,062,052 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\grr1bj6.pzz [2013/09/20 17:15:15 | 000,192,868 | ---- | C] (Daniel Pistelli) -- C:\ProgramData\6jb1rrg.plz [2013/09/07 17:20:54 | 000,062,560 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\dtlrj6j.pzz [2013/09/21 05:15:49 | 095,025,368 | ---- | M] () -- C:\ProgramData\grr1bj6.pff [2013/09/21 05:15:46 | 000,000,000 | ---- | M] () -- C:\ProgramData\grr1bj6.ctrl [2013/09/21 05:15:46 | 000,000,000 | ---- | M] () -- C:\ProgramData\dtlrj6j.ctrl [2013/09/20 17:15:20 | 000,062,052 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\grr1bj6.pzz [2013/09/20 17:15:18 | 000,000,872 | ---- | M] () -- C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\grr1bj6.lnk [2013/09/20 17:15:15 | 000,192,868 | ---- | M] (Daniel Pistelli) -- C:\ProgramData\6jb1rrg.plz [2013/09/11 21:31:20 | 095,025,368 | ---- | M] () -- C:\ProgramData\dtlrj6j.pff [2013/09/07 17:20:54 | 000,062,560 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\dtlrj6j.pzz [2013/09/07 17:20:51 | 000,000,872 | ---- | M] () -- C:\Users\HetzerHofi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dtlrj6j.lnk [2013/09/07 17:20:48 | 000,166,400 | ---- | M] () -- C:\ProgramData\j6jrltd.plz
Rechner normal starten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Bundestrojaner Vista |
.exe, .exe datei, abend, abgesicherte, bundes, bundestrojaner, datei, ebenfalls, ellung, gen, gestern, laufe, laufen, modus, otlpe, otlpenet.exe, poste, posten, rechner, schonmal, systemwiederherstellung, systemwiederherstullung, versuch, versucht, vista |