Trojaner-Board - BKA Trojaner Aufforderung 100EUR zu beahlen

Hallo,

jetzt hat es mich wohl auch erwischt, trotz avira, spybot, firewall.
Es erscheint nur noch der Bildschirm vom angeblichen BKA mit der Zahlungsaufforderug da angeblich terroristische oder illegale pornographische Dateien gefunden wurden. Natürlich alles Quatsch!!

Der Rechner reagiert auf keine Eingaben mehr und es funktioniert nur der abgesicherte Modus.

Dateien von dds im Anhang.

Ich wäre über Hilfe erfreut!

Danke!

Nachfolgend die dds.txt (attach.txt wie gefordert im Anhang)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_29
Run by BigRon at 16:08:14 on 2012-03-31
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.49.1033.18.4094.3388 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
BHO: SearchRequire.SearchRequire.SearchRequire: {8a194578-81ea-4850-9911-13ba2d71efbd} - mscoree.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [SkypePM] C:\Users\BigRon\AppData\Local\Skype\SkypePM.exe
mRun: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
mRun: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
mRun: [AVMWlanClient] "C:\Program Files (x86)\avmwlanstick\wlangui.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\BigRon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CGS8H0~1.LNK - C:\Windows\System32\rundll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PRINTKEY2000.EXE
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with Xilisoft Download YouTube Video - C:\Program Files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\BigRon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF269~1\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{53E4C0AA-C371-4F79-A537-E57370E1734F} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{6F932D83-3712-40D4-9DD8-3DC3118D6E94} : NameServer = 172.16.2.2,172.16.20.53
TCP: Interfaces\{6F932D83-3712-40D4-9DD8-3DC3118D6E94} : DhcpNameServer = 172.16.2.2 172.16.20.53
TCP: Interfaces\{938F7E6A-D5BC-495A-B577-5FC4CB1F8852} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{9851591F-66F8-4C1E-8B03-393C3FFE68F9} : DhcpNameServer = 62.117.1.25 89.16.129.25
TCP: Interfaces\{A68C8C6E-2DBD-4E66-8091-3D889F11BFBD} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{CCFCEE76-2E53-4AA1-9811-FE403160AAB9} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{E168AF71-AA3A-4674-B6A0-2A787B88DC4E} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{F50D915A-4DB6-4F9F-BFE6-E282B03F250B} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{F7B5904D-0282-48DC-9FD2-D7194E4096C6} : DhcpNameServer = 192.168.178.1
AppInit_DLLs:
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{53707962-6F74-2D53-2644-206D7942484F}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
{8a194578-81ea-4850-9911-13ba2d71efbd}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun-x64: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun-x64: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun-x64: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
mRun-x64: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
mRun-x64: [AVMWlanClient] "C:\Program Files (x86)\avmwlanstick\wlangui.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
AppInit_DLLs-X64:
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BigRon\AppData\Roaming\Mozilla\Firefox\Profiles\arvhe2j4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de
FF - component: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\np-mswmp.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npdeployJava1.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npdivx32.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npDivxPlayerPlugin.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\NpFv522.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npnul32.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\NPOFF12.DLL
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\NPOFFICE.DLL
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\nppdf32.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npqtplugin.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npqtplugin2.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npqtplugin3.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npqtplugin4.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npqtplugin5.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npqtplugin6.dll
FF - plugin: C:\PROGRA~2\MOZILL~1\plugins\npqtplugin7.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NpFv522.dll
FF - plugin: C:\Users\BigRon\AppData\Roaming\Mozilla\Firefox\Profiles\arvhe2j4.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
FF - plugin: C:\Users\BigRon\AppData\Roaming\Mozilla\Firefox\Profiles\arvhe2j4.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-1-1 86224]
S2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-1-1 110032]
S2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9892ddb159075;Google Update Service (gupdate1c9892ddb159075);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-2-7 133104]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-24 1153368]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?]
S3 avmeject;AVM Eject;C:\Windows\system32\drivers\avmeject.sys --> C:\Windows\system32\drivers\avmeject.sys [?]
S3 AVMUNET;AVM FRITZ!Box;C:\Windows\system32\DRIVERS\avmunet.sys --> C:\Windows\system32\DRIVERS\avmunet.sys [?]
S3 FWLANUSB;AVM FRITZ!WLAN;C:\Windows\system32\DRIVERS\fwlanusb.sys --> C:\Windows\system32\DRIVERS\fwlanusb.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-2-7 133104]
S3 HRService;Haufe iDesk-Service in C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope;C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskservice.exe [2010-10-25 71024]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-12 93184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-03-29 15:02:32 85664 ----a-w- C:\Users\BigRon\0.24628373365824308.exe
2012-03-18 10:37:49 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 10:37:49 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 10:35:23 -------- d-----w- C:\Users\BigRon\AppData\Roaming\Buhl Data Service
2012-03-18 10:35:21 -------- d-----w- C:\Users\BigRon\AppData\Local\Buhl Data Service
2012-03-18 10:34:56 -------- d-----w- C:\Users\BigRon\AppData\Local\Buhl
2012-03-11 12:46:39 -------- d-----w- C:\Program Files (x86)\USM
2012-03-11 12:43:15 -------- d-----w- C:\Program Files (x86)\Steuer 2011
2012-03-11 12:42:38 -------- d-----w- C:\ProgramData\Buhl Data Service GmbH
.
==================== Find3M ====================
.
2012-03-15 14:53:15 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-01 14:32:14 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-01-01 14:32:14 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
.
============= FINISH: 16:09:21,08 ===============

Nach dem Klick auf wiederholen wurde der scan erstellt.

otl.txt

Code:

OTL logfile created on: 31.03.2012 17:42:22 - Run 1

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\BigRon\Desktop

64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 3,34 Gb Available Physical Memory | 83,56% Memory free

8,17 Gb Paging File | 7,62 Gb Available in Paging File | 93,29% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 195,31 Gb Total Space | 7,48 Gb Free Space | 3,83% Space Free | Partition Type: NTFS

Drive D: | 19,53 Gb Total Space | 2,64 Gb Free Space | 13,53% Space Free | Partition Type: NTFS

Drive E: | 250,92 Gb Total Space | 0,65 Gb Free Space | 0,26% Space Free | Partition Type: NTFS

Drive F: | 362,19 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive G: | 3,70 Gb Total Space | 1,88 Gb Free Space | 50,75% Space Free | Partition Type: FAT32

Drive H: | 7,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive I: | 7,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: SPEEDY | User Name: BigRon | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.03.30 20:51:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\BigRon\Desktop\OTL.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2010.11.26 04:54:12 | 000,203,776 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2008.01.21 04:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2011.12.15 15:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.12.15 15:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.07.24 18:12:45 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)

SRV - [2010.10.25 15:16:34 | 000,071,024 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe -- (HRService) Haufe iDesk-Service in C:\Program Files (x86)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.03.20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)

SRV - [2008.11.09 16:31:44 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008.10.08 07:15:04 | 000,015,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)

SRV - [2008.07.27 20:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007.10.30 21:51:44 | 000,492,720 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)

SRV - [2007.10.30 21:07:46 | 000,599,320 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.02.17 19:19:43 | 000,132,320 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)

DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.12.15 15:59:59 | 000,097,312 | ---- | M] () [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2010.11.26 06:20:20 | 008,120,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2010.11.26 06:20:20 | 008,120,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010.11.26 04:16:46 | 000,289,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010.11.17 14:04:18 | 000,111,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)

DRV:64bit: - [2010.09.28 16:44:52 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2009.06.17 18:54:46 | 000,040,976 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)

DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)

DRV:64bit: - [2009.02.10 06:34:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2008.11.29 07:19:28 | 000,028,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)

DRV:64bit: - [2008.11.09 15:39:35 | 000,711,712 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)

DRV:64bit: - [2008.11.09 15:39:35 | 000,081,952 | ---- | M] () [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter)

DRV:64bit: - [2008.11.09 15:39:33 | 000,593,440 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpman.sys -- (tdrpman)

DRV:64bit: - [2008.11.09 15:39:33 | 000,229,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)

DRV:64bit: - [2008.10.08 07:15:12 | 000,029,696 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)

DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)

DRV:64bit: - [2008.07.28 18:22:52 | 000,255,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mcdbus.sys -- (mcdbus)

DRV:64bit: - [2008.02.02 16:24:00 | 000,057,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)

DRV:64bit: - [2008.01.21 04:50:10 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2008.01.21 04:46:34 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2008.01.21 04:46:04 | 000,032,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)

DRV:64bit: - [2008.01.21 04:46:00 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2007.03.27 19:18:58 | 010,550,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)

DRV:64bit: - [2006.12.28 01:00:00 | 000,460,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)

DRV:64bit: - [2006.11.07 02:00:00 | 000,030,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avmunet.sys -- (AVMUNET)

DRV:64bit: - [2006.11.01 01:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)

DRV - [2008.07.28 18:22:52 | 000,255,424 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

DRV - [2004.03.05 12:30:38 | 000,011,376 | R--- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {CF739809-1C6C-47C0-85B9-569DBB141420}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B F1 2A 68 F6 3A CA 01  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {F95B32F9-CA5C-48F5-B8DD-A66B5BF69C81}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1

IE - HKCU\..\SearchScopes\{DCE65210-14FE-4138-9F0C-EE119B3E0918}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}

IE - HKCU\..\SearchScopes\{F95B32F9-CA5C-48F5-B8DD-A66B5BF69C81}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~2\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 12:37:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.16 21:05:58 | 000,000,000 | ---D | M]

 

[2008.11.09 17:37:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BigRon\AppData\Roaming\mozilla\Extensions

[2012.03.18 09:38:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BigRon\AppData\Roaming\mozilla\Firefox\Profiles\arvhe2j4.default\extensions

[2011.05.29 20:35:11 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\BigRon\AppData\Roaming\mozilla\Firefox\Profiles\arvhe2j4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.11.23 01:15:35 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\BigRon\AppData\Roaming\mozilla\Firefox\Profiles\arvhe2j4.default\extensions\battlefieldheroespatcher@ea.com

[2011.12.11 21:14:27 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\BigRon\AppData\Roaming\mozilla\Firefox\Profiles\arvhe2j4.default\extensions\battlefieldplay4free@ea.com

[2012.01.12 18:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

File not found (No name found) -- C:\PROGRAM FILES (X86)\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}

[2012.03.18 12:37:49 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv522.dll

[2012.02.21 19:50:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.21 19:50:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.02.21 19:50:30 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.21 19:50:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.21 19:50:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.21 19:50:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.05.22 14:41:18 | 000,434,573 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 74.208.10.249 gs.apple.com

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 14958 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)

O2 - BHO: (no name) - {8a194578-81ea-4850-9911-13ba2d71efbd}  - No CLSID value found.

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()

O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)

O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()

O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKCU..\Run: [SkypePM] C:\Users\BigRon\AppData\Local\Skype\SkypePM.exe ()

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O8:64bit: - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM ()

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\BigRon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM ()

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\BigRon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF269~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53E4C0AA-C371-4F79-A537-E57370E1734F}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F932D83-3712-40D4-9DD8-3DC3118D6E94}: DhcpNameServer = 172.16.2.2 172.16.20.53

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F932D83-3712-40D4-9DD8-3DC3118D6E94}: NameServer = 172.16.2.2,172.16.20.53

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{938F7E6A-D5BC-495A-B577-5FC4CB1F8852}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9851591F-66F8-4C1E-8B03-393C3FFE68F9}: DhcpNameServer = 62.117.1.25 89.16.129.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A68C8C6E-2DBD-4E66-8091-3D889F11BFBD}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCFCEE76-2E53-4AA1-9811-FE403160AAB9}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E168AF71-AA3A-4674-B6A0-2A787B88DC4E}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F50D915A-4DB6-4F9F-BFE6-E282B03F250B}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7B5904D-0282-48DC-9FD2-D7194E4096C6}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\haufereader - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18 - Protocol\Handler\haufereader - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll ()

O24 - Desktop WallPaper: C:\Users\BigRon\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\BigRon\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll ()

O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.11.08 20:00:00 | 000,000,060 | R--- | M] () - F:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2010.11.12 10:09:06 | 015,447,040 | R--- | M] () - H:\autorun.dat -- [ CDFS ]

O32 - AutoRun File - [2010.11.12 10:09:06 | 000,000,161 | R--- | M] () - H:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2010.11.12 10:19:34 | 000,000,000 | ---D | M] - H:\Autorun -- [ CDFS ]

O32 - AutoRun File - [2010.11.12 10:09:06 | 000,444,176 | R--- | M] (Electronic Arts) - H:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2011.02.28 18:42:54 | 000,467,168 | R--- | M] (Electronic Arts) - I:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2011.02.28 18:58:30 | 000,000,000 | ---D | M] - I:\Autorun -- [ CDFS ]

O32 - AutoRun File - [2011.02.28 18:58:24 | 003,582,976 | R--- | M] () - I:\autorun.dat -- [ CDFS ]

O32 - AutoRun File - [2011.02.28 18:58:24 | 000,000,152 | R--- | M] () - I:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{1258afb8-ae52-11dd-bd1c-8f2a876c4b78}\Shell - "" = Autorun

O33 - MountPoints2\{1258afb8-ae52-11dd-bd1c-8f2a876c4b78}\Shell\AutoRun\command - "" = J:\Steuern\Steuerprogramm\2009\StartCenter.exe

O33 - MountPoints2\{1258afb8-ae52-11dd-bd1c-8f2a876c4b78}\Shell\open\command - "" = J:\Steuern\Steuerprogramm\2009\StartCenter.exe

O33 - MountPoints2\{27f229c8-ae96-11dd-98ba-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{27f229c8-ae96-11dd-98ba-806e6f6e6963}\Shell\AutoRun\command - "" = J:\preinst.exe

O33 - MountPoints2\{29f6c170-ae73-11dd-9b90-0022157664b3}\Shell - "" = AutoRun

O33 - MountPoints2\{29f6c170-ae73-11dd-9b90-0022157664b3}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- [2011.02.28 18:42:54 | 000,467,168 | R--- | M] (Electronic Arts)

O33 - MountPoints2\{4835890d-cd29-11dd-ab1d-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{4835890d-cd29-11dd-ab1d-806e6f6e6963}\Shell\AutoRun\command - "" = G:\preinst.exe

O33 - MountPoints2\{4b4c6eab-d194-11dd-a66b-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{4b4c6eab-d194-11dd-a66b-806e6f6e6963}\Shell\AutoRun\command - "" = G:\preinst.exe

O33 - MountPoints2\{57c18827-20a0-11e0-9ca6-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{57c18827-20a0-11e0-9ca6-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe -- [2011.11.08 20:00:00 | 000,095,528 | R--- | M] ()

O33 - MountPoints2\{77b16a6b-f1d3-11dd-9437-eb7c5f17f045}\Shell - "" = AutoRun

O33 - MountPoints2\{77b16a6b-f1d3-11dd-9437-eb7c5f17f045}\Shell\AutoRun\command - "" = J:\preinst.exe

O33 - MountPoints2\{8d3e1606-b8ad-11dd-b825-0022157664b3}\Shell - "" = AutoRun

O33 - MountPoints2\{8d3e1606-b8ad-11dd-b825-0022157664b3}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2010.11.12 10:09:06 | 000,444,176 | R--- | M] (Electronic Arts)

O33 - MountPoints2\{8d3e160a-b8ad-11dd-b825-0022157664b3}\Shell - "" = AutoRun

O33 - MountPoints2\{8d3e160a-b8ad-11dd-b825-0022157664b3}\Shell\AutoRun\command - "" = M:\setup\rsrc\Autorun.exe

O33 - MountPoints2\{8d3e160a-b8ad-11dd-b825-0022157664b3}\Shell\dinstall\command - "" = M:\Directx\dxsetup.exe

O33 - MountPoints2\{a9a13e45-b8ca-11dd-8059-0022157664b3}\Shell - "" = AutoRun

O33 - MountPoints2\{a9a13e45-b8ca-11dd-8059-0022157664b3}\Shell\AutoRun\command - "" = J:\preinst.exe

O33 - MountPoints2\{d6273d13-3b33-11de-be2e-0022157664b3}\Shell - "" = AutoRun

O33 - MountPoints2\{d6273d13-3b33-11de-be2e-0022157664b3}\Shell\AutoRun\command - "" = K:\pushinst.exe

O33 - MountPoints2\I\Shell - "" = AutoRun

O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\preinst.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.

ActiveX: {DDD6CB7D-9BFA-ACBA-BF2C-E024EA3651E9} - .NET Framework

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll ()

 

MsConfig:64bit - State: "bootini" - Reg Error: Key error.

 

CREATERESTOREPOINT

Error creating restore point.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.31 16:05:17 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\BigRon\Desktop\mbam-setup-1.60.1.1000.exe

[2012.03.31 16:05:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\BigRon\Desktop\dds.com

[2012.03.31 16:05:17 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\BigRon\Desktop\OTL.exe

[2012.03.31 15:47:51 | 000,000,000 | ---D | C] -- C:\Users\BigRon\Desktop\Trojaner Tools

[2012.03.19 22:34:07 | 000,000,000 | ---D | C] -- C:\Users\BigRon\Documents\Steuer

[2012.03.18 12:35:23 | 000,000,000 | ---D | C] -- C:\Users\BigRon\AppData\Roaming\Buhl Data Service

[2012.03.18 12:35:21 | 000,000,000 | ---D | C] -- C:\Users\BigRon\AppData\Local\Buhl Data Service

[2012.03.18 12:34:56 | 000,000,000 | ---D | C] -- C:\Users\BigRon\AppData\Local\Buhl

[2012.03.15 16:53:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2012.03.11 14:47:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Visagesoft

[2012.03.11 14:47:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AIM

[2012.03.11 14:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Konz Steuertricks

[2012.03.11 14:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USM

[2012.03.11 14:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steuer 2011

[2012.03.11 14:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steuer 2011

[2012.03.11 14:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2069.01.24 16:23:38 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FDD80DED-FC3E-46F8-A008-B93FEFB0ED91}.job

[2012.03.31 17:43:42 | 018,449,780 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.03.31 17:43:42 | 007,012,110 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.03.31 17:43:42 | 006,430,456 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.03.31 17:43:42 | 006,259,884 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.03.31 17:43:42 | 000,005,800 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.03.31 17:38:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.31 16:59:25 | 002,306,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.03.31 16:05:57 | 000,000,000 | ---- | M] () -- C:\Users\BigRon\defogger_reenable

[2012.03.31 12:12:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\BigRon\Desktop\dds.com

[2012.03.31 12:11:50 | 000,050,477 | ---- | M] () -- C:\Users\BigRon\Desktop\Defogger.exe

[2012.03.31 10:59:24 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\BigRon\Desktop\mbam-setup-1.60.1.1000.exe

[2012.03.30 20:51:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\BigRon\Desktop\OTL.exe

[2012.03.30 18:47:58 | 000,001,460 | ---- | M] () -- C:\Users\BigRon\AppData\Local\d3d9caps64.dat

[2012.03.30 17:04:23 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.30 17:04:22 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.03.30 16:54:47 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.03.29 17:02:32 | 000,085,664 | ---- | M] () -- C:\Users\BigRon\0.24628373365824308.exe

[2012.03.29 17:02:29 | 000,000,680 | ---- | M] () -- C:\Users\BigRon\AppData\Local\d3d9caps.dat

[2012.03.29 17:02:15 | 000,000,870 | ---- | M] () -- C:\Users\BigRon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cgs8h0.exe.lnk

[2012.03.29 16:50:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.03.28 21:20:49 | 983,319,552 | ---- | M] () -- C:\Users\BigRon\Desktop\archive.pst

[2012.03.27 20:35:17 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI

[2012.03.27 20:35:17 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI

[2012.03.25 15:52:47 | 000,000,590 | ---- | M] () -- C:\Windows\wiso.ini

[2012.03.22 18:40:00 | 001,720,858 | ---- | M] () -- C:\Users\BigRon\Desktop\Protos.pdf

[2012.03.21 19:41:35 | 000,306,466 | ---- | M] () -- C:\Users\BigRon\Desktop\Ivery.gif

[2012.03.21 17:56:58 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2012.03.21 17:54:27 | 000,058,880 | ---- | M] () -- C:\Users\BigRon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.03.17 21:37:26 | 008,397,299 | ---- | M] () -- C:\Users\BigRon\Desktop\Pitbull ft Marc Anthony - Rain Over Me (Official Video).mp3

[2012.03.17 21:35:36 | 033,615,313 | ---- | M] () -- C:\Users\BigRon\Desktop\Mini David Guetta Mix - SoundLife.mp3

[2012.03.17 21:34:57 | 032,170,913 | ---- | M] () -- C:\Users\BigRon\Desktop\ELECTRO MIX #19 [David Guetta_ Flo Rida_ Enrique Iglesias].mp3

[2012.03.17 21:18:20 | 083,855,926 | ---- | M] () -- C:\Users\BigRon\Desktop\dJ aSSa 's Electro House mix 2011 new best music_2.mp3

[2012.03.17 21:12:09 | 132,481,310 | ---- | M] () -- C:\Users\BigRon\Desktop\House 2011 mix disco club music dJ aSSa April Mai.mp3

[2012.03.17 21:09:40 | 083,855,926 | ---- | M] () -- C:\Users\BigRon\Desktop\dJ aSSa 's Electro House mix 2011 new best music.mp3

[2012.03.17 21:08:00 | 126,959,675 | ---- | M] () -- C:\Users\BigRon\Desktop\Electro & House 2012 Dance Mix #53.mp3

[2012.03.17 14:53:28 | 071,800,027 | ---- | M] () -- C:\Users\BigRon\Desktop\Disco Ibiza Progressive Vocal House 2011 (DJ Balouli Mini Promo).mp3

[2012.03.17 14:52:17 | 135,534,267 | ---- | M] () -- C:\Users\BigRon\Desktop\New House Music 2011 2012 Club Mix (dj PeeTee).mp3

[2012.03.17 14:19:37 | 009,387,760 | ---- | M] () -- C:\Users\BigRon\Desktop\Pigeon John The Bomb.mp3

[2012.03.11 14:46:56 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\Steuer 2011.lnk

[2012.03.11 14:46:43 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\Konz 2012 - 1000 Steuertricks.lnk

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.31 16:05:57 | 000,000,000 | ---- | C] () -- C:\Users\BigRon\defogger_reenable

[2012.03.31 16:05:17 | 000,050,477 | ---- | C] () -- C:\Users\BigRon\Desktop\Defogger.exe

[2012.03.29 17:02:32 | 000,085,664 | ---- | C] () -- C:\Users\BigRon\0.24628373365824308.exe

[2012.03.29 17:02:15 | 000,000,870 | ---- | C] () -- C:\Users\BigRon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cgs8h0.exe.lnk

[2012.03.22 18:40:00 | 001,720,858 | ---- | C] () -- C:\Users\BigRon\Desktop\Protos.pdf

[2012.03.21 19:41:35 | 000,306,466 | ---- | C] () -- C:\Users\BigRon\Desktop\Ivery.gif

[2012.03.18 12:35:00 | 000,000,590 | ---- | C] () -- C:\Windows\wiso.ini

[2012.03.17 21:37:17 | 008,397,299 | ---- | C] () -- C:\Users\BigRon\Desktop\Pitbull ft Marc Anthony - Rain Over Me (Official Video).mp3

[2012.03.17 21:35:03 | 033,615,313 | ---- | C] () -- C:\Users\BigRon\Desktop\Mini David Guetta Mix - SoundLife.mp3

[2012.03.17 21:34:11 | 032,170,913 | ---- | C] () -- C:\Users\BigRon\Desktop\ELECTRO MIX #19 [David Guetta_ Flo Rida_ Enrique Iglesias].mp3

[2012.03.17 21:17:01 | 083,855,926 | ---- | C] () -- C:\Users\BigRon\Desktop\dJ aSSa 's Electro House mix 2011 new best music_2.mp3

[2012.03.17 21:10:12 | 132,481,310 | ---- | C] () -- C:\Users\BigRon\Desktop\House 2011 mix disco club music dJ aSSa April Mai.mp3

[2012.03.17 21:08:24 | 083,855,926 | ---- | C] () -- C:\Users\BigRon\Desktop\dJ aSSa 's Electro House mix 2011 new best music.mp3

[2012.03.17 21:05:59 | 126,959,675 | ---- | C] () -- C:\Users\BigRon\Desktop\Electro & House 2012 Dance Mix #53.mp3

[2012.03.17 14:52:31 | 071,800,027 | ---- | C] () -- C:\Users\BigRon\Desktop\Disco Ibiza Progressive Vocal House 2011 (DJ Balouli Mini Promo).mp3

[2012.03.17 14:49:46 | 135,534,267 | ---- | C] () -- C:\Users\BigRon\Desktop\New House Music 2011 2012 Club Mix (dj PeeTee).mp3

[2012.03.17 14:19:29 | 009,387,760 | ---- | C] () -- C:\Users\BigRon\Desktop\Pigeon John The Bomb.mp3

[2012.03.11 14:47:00 | 000,000,696 | ---- | C] () -- C:\Windows\SysWow64\jetodbc.rsp

[2012.03.11 14:46:56 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\Steuer 2011.lnk

[2012.03.11 14:46:43 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\Konz 2012 - 1000 Steuertricks.lnk

[2011.11.23 13:38:24 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2011.07.31 16:20:47 | 000,000,000 | ---- | C] () -- C:\Users\BigRon\AppData\Local\{0FAF490D-5711-478B-968C-76BB3999E97F}

[2011.05.09 21:47:20 | 000,000,680 | ---- | C] () -- C:\Users\BigRon\AppData\Local\d3d9caps.dat

[2010.12.31 18:05:12 | 000,126,836 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2010.11.14 19:07:06 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe

[2010.11.14 19:07:06 | 000,000,854 | ---- | C] () -- C:\Windows\unins000.dat

[2010.09.17 21:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2010.05.05 21:13:26 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol

 
 ========== LOP Check ==========

 

[2009.01.07 20:01:54 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Acronis

[2011.06.18 15:45:19 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Amazon

[2009.10.24 11:00:11 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\ASCOMP Software

[2009.02.03 20:41:30 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Ashampoo

[2012.03.18 12:35:23 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Buhl Data Service

[2008.12.13 09:48:55 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Canneverbe_Limited

[2010.09.20 15:40:50 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Canon

[2009.11.19 23:55:42 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\CD-LabelPrint

[2008.11.16 13:51:38 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\diginet

[2011.07.11 19:51:55 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Dropbox

[2011.08.10 20:03:55 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\DVDVideoSoft

[2011.05.29 20:35:11 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.11.14 19:07:06 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Flatcast

[2010.07.21 21:20:50 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\FreeAudioPack

[2010.07.21 21:31:55 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\FreeCDRipper

[2010.04.05 15:24:13 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\FreeFLVConverter

[2011.03.22 10:31:19 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\gtk-2.0

[2010.12.16 23:30:58 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Gutscheinmieze

[2010.04.03 16:52:40 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Haufe

[2008.12.14 18:38:23 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Leadertech

[2010.04.03 21:08:46 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Lexware

[2010.01.21 19:31:44 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Mp3tag

[2010.09.18 12:55:14 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Need for Speed World

[2010.02.17 22:10:36 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Nokia

[2010.02.17 22:05:23 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Nokia Ovi Suite

[2010.02.17 22:05:10 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\PC Suite

[2009.08.31 14:13:30 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\PDF reDirect

[2009.10.18 12:05:31 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Publish Providers

[2008.11.17 20:12:22 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Sierra Entertainment

[2009.11.22 17:22:55 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Sony

[2009.11.20 21:37:30 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Sony Creative Software

[2008.12.01 22:42:46 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\streamripper

[2011.07.12 18:10:07 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\TubeBox

[2012.01.01 20:12:19 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\wargaming.net

[2010.02.22 23:15:20 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Xilisoft

[2011.12.22 16:26:24 | 000,000,000 | ---D | M] -- C:\Users\BigRon\AppData\Roaming\Youtube Downloader HD

[2012.03.30 17:04:22 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2069.01.24 16:23:38 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{FDD80DED-FC3E-46F8-A008-B93FEFB0ED91}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %SYSTEMDRIVE%\*. >

[2011.12.22 21:23:51 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2012.03.18 22:23:50 | 000,000,000 | ---D | M] -- C:\AITEMP

[2011.01.15 16:39:28 | 000,000,000 | ---D | M] -- C:\AMD

[2008.11.09 14:41:17 | 000,000,000 | ---D | M] -- C:\ATI

[2008.11.09 22:03:13 | 000,000,000 | -HSD | M] -- C:\Boot

[2009.02.02 18:06:46 | 000,000,000 | -H-D | M] -- C:\CanoScan

[2006.11.02 17:41:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2008.12.24 01:00:54 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft

[2011.09.27 18:01:07 | 000,000,000 | ---D | M] -- C:\HELI-X30

[2008.11.09 13:26:18 | 000,000,000 | ---D | M] -- C:\Intel

[2012.01.16 21:01:28 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2008.01.21 05:03:26 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012.02.14 21:43:59 | 000,000,000 | R--D | M] -- C:\Program Files

[2012.03.29 16:45:49 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2012.03.11 14:42:38 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2012.01.01 19:04:48 | 000,000,000 | ---D | M] -- C:\Spiele

[2012.03.25 14:50:49 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2010.08.16 09:39:46 | 000,000,000 | R--D | M] -- C:\Users

[2012.03.29 17:11:48 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:45:58 | 000,064,568 | ---- | M] () MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys

[2008.01.21 04:45:58 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.01.21 04:45:58 | 000,022,584 | ---- | M] () MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SysNative\drivers\atapi.sys

[2008.01.21 04:45:58 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 13:16:48 | 000,014,848 | ---- | M] () MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll

[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EXPLORER.EXE  >

[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe

[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe

[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe

[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe

[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe

[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe

[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe

[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe

[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe

[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe

[2008.01.21 04:47:50 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe

[2008.01.21 04:48:30 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:46:07 | 000,290,872 | ---- | M] () MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2008.01.21 04:46:07 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.01.21 04:50:06 | 000,716,800 | ---- | M] () MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SysNative\netlogon.dll

[2008.01.21 04:50:06 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll

[2008.01.21 04:47:35 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll

[2008.01.21 04:47:35 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2008.01.21 04:46:02 | 000,054,328 | ---- | M] () MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys

[2008.01.21 04:46:02 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:49:34 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll

[2008.01.21 04:49:34 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll

[2008.01.21 04:48:56 | 000,235,520 | ---- | M] () MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SysNative\scecli.dll

[2008.01.21 04:48:56 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.01.21 04:47:35 | 000,820,224 | ---- | M] () MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\SysNative\user32.dll

[2008.01.21 04:47:35 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll

[2008.01.21 04:48:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll

[2008.01.21 04:48:20 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:49:40 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe

[2008.01.21 04:49:40 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2008.01.21 04:48:49 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe

[2008.01.21 04:48:49 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2008.01.21 04:48:54 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe

[2008.01.21 04:48:54 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe

[2008.01.21 04:49:41 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe

[2008.01.21 04:49:41 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 04:48:44 | 000,020,992 | ---- | M] () MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2008.01.21 04:48:44 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 
 < %USERPROFILE%\*.* >

[2011.05.22 14:56:20 | 000,000,853 | ---- | M] () -- C:\Users\BigRon\.recently-used.xbel

[2012.03.29 17:02:32 | 000,085,664 | ---- | M] () -- C:\Users\BigRon\0.24628373365824308.exe

[2012.03.31 16:05:57 | 000,000,000 | ---- | M] () -- C:\Users\BigRon\defogger_reenable

[2012.03.31 17:51:44 | 010,747,904 | -HS- | M] () -- C:\Users\BigRon\NTUSER.DAT

[2012.03.31 17:51:44 | 000,262,144 | -H-- | M] () -- C:\Users\BigRon\ntuser.dat.LOG1

[2008.11.09 13:15:04 | 000,000,000 | -H-- | M] () -- C:\Users\BigRon\ntuser.dat.LOG2

[2012.03.31 17:30:10 | 000,065,536 | -HS- | M] () -- C:\Users\BigRon\NTUSER.DAT{0883005d-7582-11e0-8998-001f3f00c043}.TM.blf

[2012.03.31 17:30:10 | 000,524,288 | -HS- | M] () -- C:\Users\BigRon\NTUSER.DAT{0883005d-7582-11e0-8998-001f3f00c043}.TMContainer00000000000000000001.regtrans-ms

[2011.05.03 16:18:18 | 000,524,288 | -HS- | M] () -- C:\Users\BigRon\NTUSER.DAT{0883005d-7582-11e0-8998-001f3f00c043}.TMContainer00000000000000000002.regtrans-ms

[2011.05.03 12:28:43 | 000,065,536 | -HS- | M] () -- C:\Users\BigRon\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf

[2011.05.03 12:28:43 | 000,524,288 | -HS- | M] () -- C:\Users\BigRon\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms

[2010.07.05 23:46:44 | 000,524,288 | -HS- | M] () -- C:\Users\BigRon\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000002.regtrans-ms

[2008.11.09 13:15:05 | 000,000,020 | -HS- | M] () -- C:\Users\BigRon\ntuser.ini

[2011.06.06 09:57:38 | 000,000,019 | ---- | M] () -- C:\Users\BigRon\rp.ini

[2011.06.06 09:57:37 | 000,000,870 | ---- | M] () -- C:\Users\BigRon\RPSTD2010.lic

[2010.09.20 15:40:50 | 000,000,000 | ---- | M] () -- C:\Users\BigRon\Sti_Trace.log

 
 < %USERPROFILE%\Local Settings\Temp\*.exe >

[2012.03.29 17:02:14 | 000,243,240 | ---- | M] (afdasfd Corporation) -- C:\Users\BigRon\Local Settings\Temp\cgs8h0.exe

[8 C:\Users\BigRon\Local Settings\Temp\*.tmp files -> C:\Users\BigRon\Local Settings\Temp\*.tmp -> ]

 
 < %USERPROFILE%\Local Settings\Temp\*.dll >

 
 < %USERPROFILE%\Application Data\*.exe >

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

 
 <           >

 
 ========== Files - Unicode (All) ==========

[2012.03.17 15:11:26 | 145,829,513 | ---- | M] ()(C:\Users\BigRon\Desktop\? Electro&House Megamix HD [60 Min] [DJ Dubstep]?.mp3) -- C:\Users\BigRon\Desktop\♫ Electro&House Megamix HD [60 Min] [DJ Dubstep]♫.mp3

[2012.03.17 15:09:17 | 145,829,513 | ---- | C] ()(C:\Users\BigRon\Desktop\? Electro&House Megamix HD [60 Min] [DJ Dubstep]?.mp3) -- C:\Users\BigRon\Desktop\♫ Electro&House Megamix HD [60 Min] [DJ Dubstep]♫.mp3

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 76 bytes -> C:\Users\BigRon\Desktop\SYLVIES PLATZ:Roxio EMC Stream
 

< End of report >