Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
BKA ähnlicher Trojaner "Der Computer ist für die Verletzung"

BKA ähnlicher Trojaner "Der Computer ist für die Verletzung"


Plagegeister aller Art und deren Bekämpfung: BKA ähnlicher Trojaner "Der Computer ist für die Verletzung"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 27.08.2012, 19:53   #1
Brax
 
BKA ähnlicher Trojaner "Der Computer ist für die Verletzung" - Standard

BKA ähnlicher Trojaner "Der Computer ist für die Verletzung"


Hi, Ich bekam heute ein Screen präsentiert dass mich stark an den BKA trojaner erinnerte.
Die Aufschrift war in etwa "Computer ist Infiziert" irgendwas in gebrochenem Deutsch.

nachdem ich mit meinem Easy clean programm mein system abbild mir gegen das vor 5 Tagen vergleichen lassen hab kam raus, dass die dateien

Trojan.Ransom.FGen File C:\Users\Manuel\AppData\Roaming\hellomoto\TujP.dat

Trojan.Ransom.FGen Folder C:\Users\Manuel\AppData\Roaming\hellomoto

Trojan.Ransom.FGen File C:\Users\Manuel\AppData\Roaming\hellomoto\BukF.dat

neu erstellt worden sind.

Malwarebytes scan ergab auch diese drei dateien

Nach einem neustart ist bis jetzt alles ok.

hab den defogger und den OTL nun durch. Hier die ergebnisse. Ich hoffe es ergibt sich daraus für euch etwas :-/

Danke

OTL
Code:
ATTFilter
OTL logfile created on: 27.08.2012 20:05:46 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\AlphaMedia\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,83 Gb Total Physical Memory | 6,11 Gb Available Physical Memory | 78,11% Memory free
7,83 Gb Paging File | 6,17 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 11,03 Gb Free Space | 9,26% Space Free | Partition Type: NTFS
Drive D: | 539,07 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1863,01 Gb Total Space | 967,79 Gb Free Space | 51,95% Space Free | Partition Type: NTFS
 
Computer Name: ALPHAMEDIA-PC | User Name: AlphaMedia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.27 19:34:00 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\AlphaMedia\Desktop\OTL.exe
PRC - [2012.03.15 20:33:51 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\AlphaMedia\AppData\Local\Apps\2.0\EO0HRNWC.H88\TXARMO50.3YV\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
PRC - [2012.03.15 07:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2012.02.09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.10.26 20:48:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.09.24 18:22:18 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.08.22 17:57:30 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2011.08.22 17:52:46 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2011.08.17 09:28:14 | 003,120,448 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011.07.12 17:14:24 | 000,331,776 | ---- | M] (VIA Technologies, Inc.) -- C:\VIA_XHCI\usb3Monitor.exe
PRC - [2011.06.28 01:45:40 | 005,587,672 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011.05.10 18:57:28 | 002,570,688 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2011.02.01 13:17:16 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 13:17:12 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.28 19:44:54 | 000,294,912 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.10.01 13:44:44 | 001,748,992 | ---- | M] (NETGEAR) -- C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
PRC - [2000.01.01 00:00:00 | 000,271,360 | ---- | M] () -- C:\Program Files (x86)\DTProTS\DTProTS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.16 12:42:04 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.16 12:41:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.16 12:41:50 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.16 12:41:49 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
MOD - [2012.06.16 12:41:48 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.05.18 19:52:56 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.18 19:52:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.18 19:52:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.18 19:52:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.18 19:52:06 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.18 19:52:02 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.03.15 20:33:34 | 000,368,640 | ---- | M] () -- C:\Users\AlphaMedia\AppData\Local\Apps\2.0\EO0HRNWC.H88\TXARMO50.3YV\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.21 20:02:30 | 000,207,872 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2011.06.28 01:45:26 | 011,204,400 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 19:58:23 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2006.06.09 20:20:04 | 000,003,072 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.08.11 18:28:03 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service)
SRV - [2012.08.11 17:57:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.20 20:45:38 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.03.15 07:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.27 11:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.09.24 18:22:18 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.06.28 01:46:22 | 001,114,280 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011.05.11 12:21:26 | 000,415,616 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Programme\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV - [2011.03.21 17:19:16 | 001,845,248 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Programme\NetLimiter 3\nlsvc.exe -- (nlsvc)
SRV - [2011.02.01 13:17:16 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 13:17:12 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.28 19:44:54 | 000,294,912 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.02.29 02:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2000.01.01 00:00:00 | 000,271,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DTProTS\DTProTS.exe -- (DTProTS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.16 02:05:15 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.15 20:33:45 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2012.03.09 10:57:36 | 000,023,816 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.17 10:28:54 | 014,692,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.01.18 08:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 08:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.12.10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.11.14 20:01:22 | 000,204,800 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2011.11.14 20:01:12 | 000,256,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv)
DRV:64bit: - [2011.11.04 13:37:00 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.09.24 18:22:18 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011.09.24 18:22:17 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273)
DRV:64bit: - [2011.09.24 18:22:17 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011.09.24 18:22:17 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.08.22 19:26:46 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2011.08.22 19:26:34 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2011.08.22 19:26:24 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2011.08.22 19:26:12 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2011.08.22 19:26:02 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2011.08.22 19:25:50 | 000,687,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2011.08.22 19:25:40 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2011.08.22 19:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2011.08.22 19:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2011.08.22 19:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2011.08.22 19:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2011.08.22 19:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2011.08.22 19:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2011.08.17 13:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.08.17 13:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.08.17 13:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.08.17 13:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.07.20 09:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.05.25 00:25:16 | 000,052,736 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\applebmt.sys -- (applebmt)
DRV:64bit: - [2011.05.11 12:21:30 | 001,261,440 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011.04.28 22:18:04 | 000,053,080 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2a.sys -- (TASCAM_US122L_MK2_WDM)
DRV:64bit: - [2011.04.28 22:18:04 | 000,031,576 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2m.sys -- (TASCAM_US122L_MK2_MIDI)
DRV:64bit: - [2011.04.28 22:18:02 | 000,419,160 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tascusb2.sys -- (TASCAM_US122144)
DRV:64bit: - [2011.03.21 17:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT)
DRV:64bit: - [2011.03.21 17:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.16 15:29:46 | 000,017,008 | ---- | M] (VIA Labs, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vl810filter.sys -- (vl810filter)
DRV:64bit: - [2011.01.31 23:10:10 | 000,012,288 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\applemtm.sys -- (applemtm)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 01:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.04.27 21:02:24 | 000,783,360 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WN111v2w7x.sys -- (WN111v2)
DRV:64bit: - [2010.04.27 21:02:24 | 000,783,360 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arusb_win7x.sys -- (arusb_win7x)
DRV:64bit: - [2009.12.25 15:28:50 | 000,657,696 | ---- | M] (TechnoTrend Goerler GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ttBudget2_amd64.sys -- (ttBudget2_NTAMD64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.10.01 16:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2008.08.28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2006.11.28 21:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:64bit: - [2006.11.28 21:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64)
DRV - [2011.08.23 09:06:56 | 000,029,568 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Programme\HWiNFO64\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2011.03.21 17:44:28 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Programme\NetLimiter 3\nltdi.sys -- (nltdi)
DRV - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.09.25 16:59:52 | 000,018,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 66 11 CE D7 D8 90 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {00E4A876-4397-4104-B22B-4A8A94B2A198}
IE - HKCU\..\SearchScopes\{00E4A876-4397-4104-B22B-4A8A94B2A198}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{45FFB264-F681-4C66-860F-2A2A05C3ECE7}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{AE9D6AD6-74F8-4753-8A12-B231958F58E8}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{E5E526FC-CA25-4493-9CAF-A96ECEFED8E1}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "google.de PWS"
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\pwdbank@authentec.com: C:\Users\AlphaMedia\AppData\Roaming\Mozilla\Firefox\Profiles\vxpq1fzh.default\extensions\passwordbank@authentec.com\plugins\5.9.6.7134\nppbff.dll (Authentec Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 20:49:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011.12.17 06:01:57 | 000,000,000 | ---D | M]
 
[2011.09.25 22:07:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AlphaMedia\AppData\Roaming\mozilla\Extensions
[2012.08.26 10:14:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AlphaMedia\AppData\Roaming\mozilla\Firefox\Profiles\vxpq1fzh.default\extensions
[2012.05.18 19:52:48 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\AlphaMedia\AppData\Roaming\mozilla\Firefox\Profiles\vxpq1fzh.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2012.04.10 06:54:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\AlphaMedia\AppData\Roaming\mozilla\Firefox\Profiles\vxpq1fzh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.12.19 00:01:19 | 000,000,000 | ---D | M] (Aviary) -- C:\Users\AlphaMedia\AppData\Roaming\mozilla\Firefox\Profiles\vxpq1fzh.default\extensions\{d5eeb813-935a-435d-b01e-b3a02f2cb408}
[2012.03.26 19:18:05 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\AlphaMedia\AppData\Roaming\mozilla\Firefox\Profiles\vxpq1fzh.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2011.12.18 19:16:50 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\AlphaMedia\AppData\Roaming\mozilla\Firefox\Profiles\vxpq1fzh.default\extensions\DeviceDetection@logitech.com
[2012.05.16 00:12:20 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\AlphaMedia\AppData\Roaming\mozilla\Firefox\Profiles\vxpq1fzh.default\extensions\fb_add_on@avm.de
[2012.08.02 22:56:38 | 000,000,000 | ---D | M] (YTshowRating) -- C:\Users\AlphaMedia\AppData\Roaming\mozilla\Firefox\Profiles\vxpq1fzh.default\extensions\jid1-m7xzZLMj29zzjA@jetpack
[2012.04.29 12:50:37 | 000,000,000 | ---D | M] (Password Bank) -- C:\Users\AlphaMedia\AppData\Roaming\mozilla\Firefox\Profiles\vxpq1fzh.default\extensions\passwordbank@authentec.com
[2011.12.26 17:08:51 | 000,011,417 | ---- | M] () -- C:\Users\AlphaMedia\AppData\Roaming\Mozilla\Firefox\Profiles\vxpq1fzh.default\searchplugins\ebay-durchsuchen.xml
[2011.12.19 01:19:30 | 000,001,742 | ---- | M] () -- C:\Users\AlphaMedia\AppData\Roaming\Mozilla\Firefox\Profiles\vxpq1fzh.default\searchplugins\googlede-pws.xml
[2012.01.22 18:02:31 | 000,004,140 | ---- | M] () -- C:\Users\AlphaMedia\AppData\Roaming\Mozilla\Firefox\Profiles\vxpq1fzh.default\searchplugins\youtube.xml
[2012.01.14 17:48:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.01 00:37:55 | 000,505,801 | ---- | M] () (No name found) -- C:\USERS\ALPHAMEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPQ1FZH.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
[2012.07.07 13:04:02 | 000,007,433 | ---- | M] () (No name found) -- C:\USERS\ALPHAMEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPQ1FZH.DEFAULT\EXTENSIONS\{3869B071-0FAE-4C75-948A-60D9C56EA02B}.XPI
[2012.03.05 03:57:15 | 000,097,169 | ---- | M] () (No name found) -- C:\USERS\ALPHAMEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPQ1FZH.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2011.11.26 23:09:04 | 000,013,074 | ---- | M] () (No name found) -- C:\USERS\ALPHAMEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPQ1FZH.DEFAULT\EXTENSIONS\{B0D70E72-2FC1-4B9F-A3D4-5921C854D906}.XPI
[2012.05.17 19:42:47 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\ALPHAMEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPQ1FZH.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.08.26 10:14:06 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\ALPHAMEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPQ1FZH.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2012.01.15 09:28:40 | 000,122,406 | ---- | M] () (No name found) -- C:\USERS\ALPHAMEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPQ1FZH.DEFAULT\EXTENSIONS\GIORGIO@GILESTRO.TK.XPI
[2011.10.01 10:09:31 | 000,008,001 | ---- | M] () (No name found) -- C:\USERS\ALPHAMEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VXPQ1FZH.DEFAULT\EXTENSIONS\TINEYE@IDEEINC.COM.XPI
[2012.07.19 20:49:58 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.07 22:12:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.07 22:12:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.07 22:12:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.07 22:12:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.07 22:12:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.07 22:12:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.04.14 22:25:54 | 000,001,265 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 secure.disc-soft.com 
O1 - Hosts: 127.0.0.1 flashfxp.com
O1 - Hosts: 127.0.0.1 flashfxp.org
O1 - Hosts: 127.0.0.1 flashfxp.ws
O1 - Hosts: 127.0.0.1 www.flashfxp.com
O1 - Hosts: 127.0.0.1 www.flashfxp.org
O1 - Hosts: 127.0.0.1 www.flashfxp.ws
O1 - Hosts: 127.0.0.1 liveupdate.inicom.net/verify.php
O1 - Hosts: 127.0.0.1 liveupdate.inicom.net
O1 - Hosts: 127.0.0.1 liveupdate.flashfxp.com
O1 - Hosts: 127.0.0.1 update.inicom.net
O1 - Hosts: 127.0.0.1 update.flashfxp.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (Authentec Inc.)
O4:64bit: - HKLM..\Run: [VIAxHCUtl] C:\VIA_XHCI\usb3Monitor.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WN111v2\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\AlphaMedia\AppData\Local\Apps\2.0\EO0HRNWC.H88\TXARMO50.3YV\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [C:\Program Files (x86)\NetMeter\NetMeter.exe] C:\Program Files (x86)\NetMeter\NetMeter.exe ()
O4 - HKCU..\Run: [ClipMate7] C:\Program Files (x86)\ClipMate7\ClipMate.exe (Thornsoft Development, Inc.)
O4 - HKCU..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software)
O4 - HKCU..\Run: [SVPMgr] C:\Program Files (x86)\SVP\SVPMgr.exe ()
O4 - Startup: C:\Users\AlphaMedia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A6BAEFE-6BD2-446D-9A5E-708413ED1C84}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (Authentec Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.04.18 10:23:00 | 000,000,041 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{adf1f559-e6bf-11e0-9e9e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{adf1f559-e6bf-11e0-9e9e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2001.04.30 12:33:00 | 000,032,768 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.27 19:39:26 | 000,000,000 | ---D | C] -- C:\Users\AlphaMedia\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board-Dateien
[2012.08.27 19:33:56 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\AlphaMedia\Desktop\OTL.exe
[2012.08.20 18:57:11 | 000,000,000 | ---D | C] -- C:\Users\AlphaMedia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp
[2012.08.18 10:19:16 | 000,000,000 | ---D | C] -- C:\Users\AlphaMedia\AppData\Roaming\hellomoto
[2012.08.11 18:15:19 | 000,000,000 | ---D | C] -- C:\Users\AlphaMedia\AppData\Roaming\Creative
[2012.08.11 18:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2012.08.11 18:14:41 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.08.11 18:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012.08.11 18:14:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\data
[2012.08.11 18:14:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\data
[2012.08.11 17:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2012.08.11 17:59:13 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2012.08.11 17:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2012.08.11 17:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2012.08.11 17:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2012.08.11 17:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2012.08.11 17:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.08.11 17:56:06 | 000,077,824 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\eaxac3.dll
[2012.08.11 17:55:49 | 000,809,560 | ---- | C] (Creative Labs Inc.) -- C:\Windows\SysWow64\oalinst.exe
[2012.08.11 14:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Sweeper
[2012.08.11 14:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Sweeper
[2012.08.11 13:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2012.08.05 20:28:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RockboxUtility-v1.2.14
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.27 20:07:28 | 000,014,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.27 20:07:28 | 000,014,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.27 20:04:17 | 001,618,600 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.27 20:04:17 | 000,673,754 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.27 20:04:17 | 000,644,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.27 20:04:17 | 000,165,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.27 20:04:17 | 000,136,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.27 20:00:06 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.08.27 20:00:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.08.27 20:00:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.27 19:59:57 | 2009,227,263 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.27 19:39:51 | 000,062,028 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000001-00001102-00000005-002F1102}.rfx
[2012.08.27 19:39:51 | 000,062,028 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000001-00001102-00000005-002F1102}.rfx
[2012.08.27 19:39:51 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000001-00001102-00000005-002F1102}.rfx
[2012.08.27 19:39:27 | 000,065,586 | ---- | M] () -- C:\Users\AlphaMedia\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.htm
[2012.08.27 19:38:48 | 000,000,198 | ---- | M] () -- C:\Users\AlphaMedia\defogger_reenable
[2012.08.27 19:36:14 | 000,050,477 | ---- | M] () -- C:\Users\AlphaMedia\Desktop\Defogger.exe
[2012.08.27 19:34:00 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\AlphaMedia\Desktop\OTL.exe
[2012.08.27 19:19:59 | 002,370,614 | ---- | M] () -- C:\Users\AlphaMedia\Documents\ClipMate7_DB_My Clips_2012-08-27_1919.ZIP
[2012.08.26 12:15:42 | 000,056,832 | ---- | M] () -- C:\Users\AlphaMedia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.18 13:55:10 | 000,001,451 | ---- | M] () -- C:\Users\Public\Desktop\Urban Terror 4.2.lnk
[2012.08.12 02:11:30 | 000,001,094 | ---- | M] () -- C:\Users\AlphaMedia\Desktop\D2MultiResGame.exe - Verknüpfung.lnk
[2012.08.11 18:28:55 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.08.11 18:28:55 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.08.11 18:28:54 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2012.08.11 18:28:01 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\DDL und DTS Connect-Lizenzaktivierung.lnk
[2012.08.06 18:28:50 | 002,377,226 | ---- | M] () -- C:\Users\AlphaMedia\Documents\ClipMate7_DB_My Clips_2012-08-06_1828.ZIP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.27 19:39:26 | 000,065,586 | ---- | C] () -- C:\Users\AlphaMedia\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.htm
[2012.08.27 19:38:48 | 000,000,198 | ---- | C] () -- C:\Users\AlphaMedia\defogger_reenable
[2012.08.27 19:36:14 | 000,050,477 | ---- | C] () -- C:\Users\AlphaMedia\Desktop\Defogger.exe
[2012.08.27 19:19:58 | 002,370,614 | ---- | C] () -- C:\Users\AlphaMedia\Documents\ClipMate7_DB_My Clips_2012-08-27_1919.ZIP
[2012.08.18 13:55:10 | 000,001,451 | ---- | C] () -- C:\Users\Public\Desktop\Urban Terror 4.2.lnk
[2012.08.12 02:10:27 | 000,001,094 | ---- | C] () -- C:\Users\AlphaMedia\Desktop\D2MultiResGame.exe - Verknüpfung.lnk
[2012.08.12 01:58:25 | 000,033,792 | ---- | C] () -- C:\Windows\SysNative\D2MultiRes.dll
[2012.08.11 18:28:56 | 000,062,028 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000001-00001102-00000005-002F1102}.rfx
[2012.08.11 18:28:56 | 000,062,028 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000001-00001102-00000005-002F1102}.rfx
[2012.08.11 18:28:56 | 000,000,788 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000001-00001102-00000005-002F1102}.rfx
[2012.08.11 18:28:31 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2012.08.11 18:28:31 | 000,003,072 | ---- | C] () -- C:\Windows\SysNative\CTXFIGER.DLL
[2012.08.11 18:14:41 | 000,272,384 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2012.08.11 18:14:41 | 000,207,872 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.08.11 18:14:41 | 000,089,600 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2012.08.11 18:14:41 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.08.11 18:14:41 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2012.08.11 17:58:56 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\DDL und DTS Connect-Lizenzaktivierung.lnk
[2012.08.11 17:58:49 | 000,006,002 | ---- | C] () -- C:\Windows\SysWow64\CTOPT352.cat
[2012.08.11 17:58:38 | 000,005,498 | ---- | C] () -- C:\Windows\SysWow64\CTOPT399.cat
[2012.08.11 17:56:05 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2012.08.11 17:56:05 | 000,002,560 | ---- | C] () -- C:\Windows\SysNative\CtxfiRes.dll
[2012.08.11 17:56:00 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2012.08.11 17:55:49 | 000,018,432 | ---- | C] () -- C:\Windows\SysNative\regplib.exe
[2012.08.11 17:55:48 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2012.08.11 17:55:47 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2012.08.11 17:55:31 | 002,167,684 | ---- | C] () -- C:\Windows\SysWow64\CT2MGM.SF2
[2012.08.11 17:55:31 | 002,167,684 | ---- | C] () -- C:\Windows\SysNative\CT2MGM.SF2
[2012.08.11 17:55:31 | 001,048,576 | ---- | C] () -- C:\Windows\SysWow64\CT1MGM.ROM
[2012.08.11 17:55:31 | 001,048,576 | ---- | C] () -- C:\Windows\SysNative\CT1MGM.ROM
[2012.08.11 17:55:31 | 000,011,073 | ---- | C] () -- C:\Windows\SysWow64\UDAAPO64.UDA
[2012.08.11 17:55:31 | 000,005,530 | ---- | C] () -- C:\Windows\SysWow64\CTMLFX64.UDA
[2012.08.11 17:55:31 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\default8.sfm
[2012.08.11 17:55:31 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\default8.sfm
[2012.08.11 17:55:31 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\default4.sfm
[2012.08.11 17:55:31 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\default4.sfm
[2012.08.11 17:55:31 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\default.sfm
[2012.08.11 17:55:31 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\default.sfm
[2012.08.11 17:55:29 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2012.08.11 17:55:29 | 000,321,512 | ---- | C] () -- C:\Windows\SysNative\ctdlang.dat
[2012.08.11 17:55:29 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2012.08.11 17:55:29 | 000,056,509 | ---- | C] () -- C:\Windows\SysNative\ctdnlstr.dat
[2012.08.11 17:55:29 | 000,021,266 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2012.08.11 17:55:29 | 000,021,266 | ---- | C] () -- C:\Windows\SysNative\instwdm.ini
[2012.08.11 17:55:29 | 000,001,688 | ---- | C] () -- C:\Windows\SysNative\XFi.bmp
[2012.08.11 17:55:29 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2012.08.11 17:55:29 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2012.08.11 17:55:29 | 000,000,054 | ---- | C] () -- C:\Windows\SysNative\ctzapxx.ini
[2012.08.06 18:28:49 | 002,377,226 | ---- | C] () -- C:\Users\AlphaMedia\Documents\ClipMate7_DB_My Clips_2012-08-06_1828.ZIP
[2012.07.07 11:41:49 | 000,001,456 | ---- | C] () -- C:\Users\AlphaMedia\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.04.29 13:15:17 | 000,200,203 | ---- | C] () -- C:\Users\AlphaMedia\AppData\Local\backup.vtp
[2012.04.15 18:09:35 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.04.15 18:09:33 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.04.15 18:09:32 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.04.15 18:09:30 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.04.15 00:10:44 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\ldf252.dll
[2012.04.14 23:23:32 | 000,000,132 | ---- | C] () -- C:\Users\AlphaMedia\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.02.25 21:17:36 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.01.21 22:44:18 | 000,138,844 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012.01.17 02:51:35 | 000,000,042 | ---- | C] () -- C:\Users\AlphaMedia\RoomEQWizardV5-Path
[2011.11.12 00:28:53 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2011.10.09 13:25:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.10.05 22:19:32 | 000,007,607 | ---- | C] () -- C:\Users\AlphaMedia\AppData\Local\resmon.resmoncfg
[2011.10.02 11:57:42 | 000,056,832 | ---- | C] () -- C:\Users\AlphaMedia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.01 21:04:53 | 000,081,408 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.09.28 21:26:23 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2011.09.27 03:46:45 | 001,598,250 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.31 12:51:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== LOP Check ==========
 
[2012.04.21 18:58:22 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\.Tribler
[2012.04.15 00:12:15 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\ACD Systems
[2011.09.25 01:52:08 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Acronis
[2012.08.27 19:19:23 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Azureus
[2012.08.27 20:01:36 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\BOM
[2012.06.10 22:02:28 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Braid
[2012.04.20 02:41:43 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Broad Intelligence
[2011.10.02 09:37:01 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\DAEMON Tools Pro
[2012.06.10 19:56:35 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\fltk.org
[2011.11.23 01:05:59 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\FLV Extract
[2012.07.27 00:27:03 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\foobar2000
[2012.06.12 21:25:44 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Foxit Software
[2012.04.10 16:32:13 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\FRITZ!
[2012.06.05 00:36:36 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\HD Tune Pro
[2012.08.27 08:52:10 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\hellomoto
[2011.10.16 12:49:22 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\ImgBurn
[2011.09.28 21:53:41 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\JAM Software
[2011.12.18 20:13:06 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Leadertech
[2012.06.10 22:40:10 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\LoneSurvivor
[2011.10.09 20:19:45 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\MetaGeek
[2011.10.02 08:46:02 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\mkvtoolnix
[2011.09.27 03:37:44 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\NetMeter
[2011.12.17 07:00:03 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Nokia
[2011.12.17 07:00:03 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Nokia Suite
[2011.12.17 06:15:09 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\PC Suite
[2012.04.29 13:15:16 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Protector Suite
[2011.11.27 03:03:35 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Publish Providers
[2012.02.06 03:42:00 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\redsn0w
[2011.11.07 04:13:56 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\rockbox.org
[2011.11.27 03:03:32 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Sony
[2012.04.29 20:06:02 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\SVP 3.1
[2012.01.22 17:51:11 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\TeamViewer
[2012.01.22 03:24:13 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Thornsoft Development
[2012.04.16 02:15:11 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\TrueCrypt
[2012.05.17 14:41:53 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\uTorrent
[2012.03.11 02:59:11 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Waves
[2012.03.11 02:58:44 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Waves Audio
[2012.03.11 02:59:29 | 000,000,000 | ---D | M] -- C:\Users\AlphaMedia\AppData\Roaming\Waves Preferences
[2012.03.13 03:49:25 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:8887C1DE9CBCCB0B
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:B0D4D817

< End of report >
P.s. was meint ihr immer mit "Schliesse alle Programme"

alle die nur so sichtbar sind oder ALLE prozesse auch im taskmanager ?
Geändert von Brax (27.08.2012 um 20:02 Uhr) Grund: Frage

 

Themen zu BKA ähnlicher Trojaner "Der Computer ist für die Verletzung"
adobe, application/pdf:, bho, bonjour, computer, der computer ist für die verletzung, document, error, explorer, firefox, format, infiziert, installation, langs, locker, logfile, lws.exe, manuel, netgear, neustart, plug-in, programm, registry, scan, security, senden, server, software, system, temp, trojaner, windows


« Incredi Toolbar Trojaner | Viele Bedrohung in Malwarebytes Anti-Malware »


Ähnliche Themen: BKA ähnlicher Trojaner "Der Computer ist für die Verletzung"


  1. Trojaner "der computer ist für die verletzung der gesetze der bundesrepublik deutschland wurde blockiert "
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (17)
  2. auswertung Logdatei des Trojaner "der Computer ist für die Verletzung der Gesetze der Bundesrepublik deutschland wurde Blockert" Ukash
    Log-Analyse und Auswertung - 03.10.2012 (13)
  3. Verschlüsselungs-Trojaner "Der Computer ist für die Verletzung der Gesetze der BRD wurde blockiert"
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (14)
  4. Trojaner "Der Computer ist für die Verletzung..." unter Windows 7
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (38)
  5. UKASH-Trojaner "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
    Log-Analyse und Auswertung - 08.09.2012 (14)
  6. "Der Computer ist für die Verletzung..." Trojaner eingefangen
    Log-Analyse und Auswertung - 02.09.2012 (11)
  7. Verschlüsselungs-Trojaner "Der Computer ist für die Verletzung der Gesetze der BRD wurde blockiert"
    Log-Analyse und Auswertung - 31.08.2012 (20)
  8. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde gesperrt."
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (2)
  9. BKA-Variante "Der computer ist für die Verletzung..." hat meinen Computer befallen!
    Log-Analyse und Auswertung - 15.08.2012 (15)
  10. Trojaner "Der Computer ist für die Verletzung...." PC gesperrt
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (15)
  11. Hilfe mit Trojaner "der computer ist für die verletzung..."
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (4)
  12. BKA-Trojaner "Der Computer ist für die Verletzung der Gesetze... wurde blockiert "
    Log-Analyse und Auswertung - 12.08.2012 (15)
  13. "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert".
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (38)
  14. Trojaner "der computer ist für die verletzung der gesetze der republik österreich blockiert worden"
    Log-Analyse und Auswertung - 10.08.2012 (1)
  15. Neuer BKA Trojaner "Der Computer ist für die Verletzung der Gesetze..."
    Log-Analyse und Auswertung - 06.08.2012 (3)
  16. BKA Trojaner neue Variante "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik..."
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (2)
  17. Trojaner "Computer ist für die Verletzung der Gesetze...wurde blockiert"
    Log-Analyse und Auswertung - 24.07.2012 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BKA ähnlicher Trojaner "Der Computer ist für die Verletzung" - Hi, Ich bekam heute ein Screen präsentiert dass mich stark an den BKA trojaner erinnerte. Die Aufschrift war in etwa "Computer ist Infiziert" irgendwas in gebrochenem Deutsch. nachdem ich mit - BKA ähnlicher Trojaner "Der Computer ist für die Verletzung"...
Archiv
Du betrachtest: BKA ähnlicher Trojaner "Der Computer ist für die Verletzung" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131