Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   sbcvvhost_win86... schon wieder! oder immer noch? (https://www.trojaner-board.de/107167-sbcvvhost_win86-schon-immer-noch.html)

David1234 29.12.2011 12:35
sbcvvhost_win86... schon wieder! oder immer noch?
 
Hallo,
ich hatte gestern schon mal das selbe Problem und am Ende funktionierte wieder alles.
Heute hab ich ca. 5 min im Internet gesurft. Dann hat meine Firewall (ZoneAlarm) mir mitgeteilt dass irgendein Programm das ich nicht kenne aufs Internet zugreifen will. Das hab ich verweigert.
Dann, knapp 1 sec später:
Weißer Screen, "Keine Verbindung zum Internet hergestellt. Bitte warten" :headbang:
Beim Runterfahren verhindert (wie gestern) "sbcvvhost_win86" das Herunterfahren.
Abgesicherter Modus funktioniert auch nicht.
Hab dann OTLPE per CD gestartet und die logfiles erstellen lassen. Abgesehen davon, dass diesmal auch keine Extras.txt erstellt wurde.

Hier ist der OTL log

Code:
OTL logfile created on: 12/29/2011 12:27:44 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows 7 Professional  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 78.03 Gb Total Space | 41.24 Gb Free Space | 52.85% Space Free | Partition Type: NTFS
Drive E: | 219.96 Gb Total Space | 178.43 Gb Free Space | 81.12% Space Free | Partition Type: NTFS
Drive F: | 1.91 Gb Total Space | 0.99 Gb Free Space | 51.86% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/08/17 06:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) [Auto] -- D:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/07/17 05:09:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/14 11:47:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/29 04:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- D:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/06/28 06:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- D:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/07/30 02:25:02 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV - [2009/07/30 02:12:44 | 000,348,160 | ---- | M] (Red Bend Ltd.) [Auto] -- D:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/04 12:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/10/11 02:45:56 | 000,051,712 | ---- | M] (ArcSoft) [Auto] -- D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007/06/15 06:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto] -- D:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (catchme)
DRV - [2011/07/18 02:28:27 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System] -- D:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/07/17 05:09:05 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/17 05:09:05 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/05/15 09:30:50 | 000,461,400 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- D:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010/01/19 23:14:42 | 000,023,136 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009/07/30 02:06:10 | 000,056,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\bpenum.sys -- (bpenum) Intel(R)
DRV - [2009/07/21 14:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand] -- D:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/25 15:12:18 | 001,168,880 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009/06/14 21:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/05/11 03:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/08/06 05:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/03/14 08:23:12 | 000,169,008 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/02/20 13:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System] -- D:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005/02/23 08:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Eichenberg_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Eichenberg_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Eichenberg_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA BF 3B 1C 3D 62 CB 01  [binary data]
IE - HKU\Eichenberg_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.6
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.6
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.7.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Windows\System32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97: D:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: D:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/19 06:24:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/19 06:24:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/19 06:24:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010/10/02 10:17:49 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Eichenberg\AppData\Roaming\Mozilla\Extensions
[2010/10/02 10:17:49 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Eichenberg\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/29 03:08:53 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Eichenberg\AppData\Roaming\Mozilla\Firefox\Profiles\u2is866s.default\extensions
[2010/10/03 07:52:17 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- D:\Users\Eichenberg\AppData\Roaming\Mozilla\Firefox\Profiles\u2is866s.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/12/25 13:13:40 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- D:\Users\Eichenberg\AppData\Roaming\Mozilla\Firefox\Profiles\u2is866s.default\extensions\toolbar@web.de
[2010/08/27 16:04:54 | 000,000,943 | ---- | M] () -- D:\Users\Eichenberg\AppData\Roaming\Mozilla\Firefox\Profiles\u2is866s.default\searchplugins\conduit.xml
[2011/09/17 05:14:38 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2010/10/02 10:11:34 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/09/17 05:14:37 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- D:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011/09/17 05:14:38 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- D:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2010/07/16 22:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/09/14 16:32:39 | 000,001,392 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/09/14 16:32:39 | 000,002,344 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/09/14 16:32:39 | 000,006,805 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/09/14 16:32:39 | 000,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/09/14 16:32:39 | 000,001,105 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKU\Eichenberg_ON_D\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] D:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Energy Management] D:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] D:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] D:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWirelessWiMAX] D:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4 - HKLM..\Run: [SearchSettings] D:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [WBhXTAWuFpmNyON] D:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe (sYhiglWP)
O4 - HKLM..\Run: [ZoneAlarm Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\Eichenberg_ON_D..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Eichenberg_ON_D..\Run: [SmartAudio] D:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKU\Eichenberg_ON_D..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Eichenberg_ON_D..\Run: [WBhXTAWuFpmNyON] D:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe (sYhiglWP)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Eichenberg_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Eichenberg_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Eichenberg_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Eichenberg_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 1
O7 - HKU\Eichenberg_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_D\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (C:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe) - D:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe (sYhiglWP)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Eichenberg_ON_D Winlogon: Shell - (C:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe) - D:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe (sYhiglWP)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/29 04:09:42 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/29 04:09:38 | 000,000,000 | ---D | C] -- D:\ProgramData\Spybot - Search & Destroy
[2011/12/29 04:09:38 | 000,000,000 | ---D | C] -- D:\Program Files\Spybot - Search & Destroy
[2011/12/29 03:59:56 | 000,000,000 | --SD | C] -- D:\ComboFix
[2011/12/29 03:53:40 | 000,095,744 | ---- | C] (Kassl GmbH) -- D:\Users\Eichenberg\AppData\Roaming\dwlGina3.dll
[2011/12/29 03:41:08 | 000,000,000 | ---D | C] -- D:\Users\Eichenberg\AppData\Roaming\OCS
[2011/12/29 03:10:39 | 000,381,100 | ---- | C] (sYhiglWP) -- D:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe
[2011/12/28 19:23:52 | 002,237,440 | R--- | C] (OldTimer Tools) -- D:\OTLPE.exe
[2011/12/28 19:23:51 | 000,000,000 | ---D | C] -- D:\_OTL
[2011/12/28 15:24:47 | 000,000,000 | -HSD | C] -- D:\$RECYCLE.BIN
[2011/12/28 15:24:44 | 000,000,000 | ---D | C] -- D:\Users\Eichenberg\AppData\Local\temp
[2011/12/28 15:17:02 | 000,518,144 | ---- | C] (SteelWerX) -- D:\Windows\SWREG.exe
[2011/12/28 15:17:02 | 000,406,528 | ---- | C] (SteelWerX) -- D:\Windows\SWSC.exe
[2011/12/28 15:17:02 | 000,060,416 | ---- | C] (NirSoft) -- D:\Windows\NIRCMD.exe
[2011/12/28 15:16:57 | 000,000,000 | ---D | C] -- D:\Windows\ERDNT
[2011/12/28 15:16:47 | 000,000,000 | ---D | C] -- D:\Qoobox
[2011/12/24 08:45:34 | 000,272,896 | ---- | C] (Progressive Networks) -- D:\Windows\System32\pncrt.dll
[2011/12/24 08:44:58 | 000,000,000 | ---D | C] -- D:\Users\Eichenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2011/12/24 08:44:39 | 000,000,000 | ---D | C] -- D:\Program Files\FreeTime
[2011/12/16 12:24:11 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Müller Foto
[2011/12/16 12:12:24 | 000,000,000 | ---D | C] -- D:\Program Files\Mueller Foto
[2010/08/25 12:59:08 | 000,004,096 | ---- | C] ( ) -- D:\Windows\System32\IGFXDEVLib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/29 05:26:55 | 000,067,584 | ---- | M] () -- D:\Windows\bootstat.dat
[2011/12/29 05:25:16 | 2384,932,864 | -HS- | M] () -- D:\hiberfil.sys
[2011/12/29 04:10:09 | 000,653,928 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2011/12/29 04:10:09 | 000,615,810 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2011/12/29 04:10:09 | 000,129,800 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2011/12/29 04:10:09 | 000,106,190 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2011/12/29 04:09:43 | 000,001,240 | ---- | M] () -- D:\Users\Eichenberg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/29 04:09:43 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/29 03:53:40 | 000,095,744 | ---- | M] (Kassl GmbH) -- D:\Users\Eichenberg\AppData\Roaming\dwlGina3.dll
[2011/12/29 03:10:38 | 000,381,100 | ---- | M] (sYhiglWP) -- D:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe
[2011/12/29 03:06:19 | 000,014,928 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 03:06:19 | 000,014,928 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/17 03:38:01 | 000,455,784 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2011/12/16 12:24:11 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Müller Foto
 
========== Files Created - No Company Name ==========
 
[2011/12/29 04:09:43 | 000,001,240 | ---- | C] () -- D:\Users\Eichenberg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/28 15:17:02 | 000,256,000 | ---- | C] () -- D:\Windows\PEV.exe
[2011/12/28 15:17:02 | 000,208,896 | ---- | C] () -- D:\Windows\MBR.exe
[2011/12/28 15:17:02 | 000,098,816 | ---- | C] () -- D:\Windows\sed.exe
[2011/12/28 15:17:02 | 000,080,412 | ---- | C] () -- D:\Windows\grep.exe
[2011/12/28 15:17:02 | 000,068,096 | ---- | C] () -- D:\Windows\zip.exe
[2011/03/19 04:47:37 | 000,111,932 | ---- | C] () -- D:\Windows\System32\EPPICPrinterDB.dat
[2011/03/19 04:47:37 | 000,031,053 | ---- | C] () -- D:\Windows\System32\EPPICPattern131.dat
[2011/03/19 04:47:37 | 000,027,417 | ---- | C] () -- D:\Windows\System32\EPPICPattern121.dat
[2011/03/19 04:47:37 | 000,026,154 | ---- | C] () -- D:\Windows\System32\EPPICPattern1.dat
[2011/03/19 04:47:37 | 000,024,903 | ---- | C] () -- D:\Windows\System32\EPPICPattern3.dat
[2011/03/19 04:47:37 | 000,021,390 | ---- | C] () -- D:\Windows\System32\EPPICPattern5.dat
[2011/03/19 04:47:37 | 000,020,148 | ---- | C] () -- D:\Windows\System32\EPPICPattern2.dat
[2011/03/19 04:47:37 | 000,011,811 | ---- | C] () -- D:\Windows\System32\EPPICPattern4.dat
[2011/03/19 04:47:37 | 000,004,943 | ---- | C] () -- D:\Windows\System32\EPPICPattern6.dat
[2011/03/19 04:47:37 | 000,001,146 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_DU.dat
[2011/03/19 04:47:37 | 000,001,139 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_PT.dat
[2011/03/19 04:47:37 | 000,001,139 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_BP.dat
[2011/03/19 04:47:37 | 000,001,136 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_ES.dat
[2011/03/19 04:47:37 | 000,001,129 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_FR.dat
[2011/03/19 04:47:37 | 000,001,129 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_CF.dat
[2011/03/19 04:47:37 | 000,001,120 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_IT.dat
[2011/03/19 04:47:37 | 000,001,107 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_GE.dat
[2011/03/19 04:47:37 | 000,001,104 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_EN.dat
[2011/03/19 04:47:37 | 000,000,097 | ---- | C] () -- D:\Windows\System32\PICSDK.ini
[2011/01/23 04:40:59 | 000,000,034 | ---- | C] () -- D:\Users\Eichenberg\AppData\Roaming\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011/01/23 04:40:56 | 000,000,033 | ---- | C] () -- D:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/10/09 10:17:32 | 000,000,425 | ---- | C] () -- D:\Windows\BRWMARK.INI
[2010/10/09 10:17:32 | 000,000,027 | ---- | C] () -- D:\Windows\BRPP2KA.INI
[2010/10/09 10:14:21 | 000,000,050 | ---- | C] () -- D:\Windows\System32\bridf08b.dat
[2010/10/03 07:59:21 | 000,116,224 | ---- | C] () -- D:\Windows\System32\pdfcmnnt.dll
[2010/10/02 10:31:08 | 000,044,544 | ---- | C] () -- D:\Windows\System32\GIF89.DLL
[2010/10/02 10:31:06 | 000,484,352 | ---- | C] () -- D:\Windows\System32\lame_enc.dll
[2010/10/02 07:52:20 | 000,140,288 | ---- | C] () -- D:\Windows\System32\igfxtvcx.dll
[2010/10/02 07:42:46 | 000,015,190 | ---- | C] () -- D:\Windows\M3000Twn.ini
[2010/10/02 07:26:36 | 000,134,592 | ---- | C] () -- D:\Windows\System32\igfcg500.bin
[2010/07/28 14:01:14 | 000,439,308 | ---- | C] () -- D:\Windows\System32\igcompkrng500.bin
[2010/07/28 14:01:12 | 000,092,356 | ---- | C] () -- D:\Windows\System32\igfcg500m.bin
[2010/07/28 14:01:10 | 000,982,240 | ---- | C] () -- D:\Windows\System32\igkrng500.bin
[2010/07/28 13:18:42 | 000,000,151 | ---- | C] () -- D:\Windows\System32\GfxUI.exe.config
[2010/07/28 13:14:38 | 000,208,896 | ---- | C] () -- D:\Windows\System32\iglhsip32.dll
[2010/07/28 13:14:38 | 000,143,360 | ---- | C] () -- D:\Windows\System32\iglhcp32.dll
[2009/08/27 14:04:44 | 000,557,003 | ---- | C] () -- D:\Windows\System32\libmplayer.dll
[2009/08/27 14:04:32 | 000,811,835 | ---- | C] () -- D:\Windows\System32\ff_x264.dll
[2009/08/27 14:03:52 | 004,456,201 | ---- | C] () -- D:\Windows\System32\libavcodec.dll
[2009/08/25 13:07:36 | 000,328,334 | ---- | C] () -- D:\Windows\System32\ff_kernelDeint.dll
[2009/08/25 12:38:04 | 000,425,040 | ---- | C] () -- D:\Windows\System32\TomsMoComp_ff.dll
[2009/08/25 11:56:56 | 000,829,781 | ---- | C] () -- D:\Windows\System32\xvidcore.dll
[2009/08/25 11:37:02 | 000,146,098 | ---- | C] () -- D:\Windows\System32\libmpeg2_ff.dll
[2009/08/11 15:21:26 | 000,087,552 | ---- | C] () -- D:\Windows\System32\ac3config.exe
[2009/07/30 02:17:12 | 000,002,048 | ---- | C] () -- D:\Windows\System32\EventLogMessages.dll
[2009/07/14 03:47:43 | 000,653,928 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2009/07/14 03:47:43 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2009/07/14 03:47:43 | 000,129,800 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2009/07/14 03:47:43 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2009/07/13 23:57:37 | 000,067,584 | ---- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,455,784 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,615,810 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,190 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009/07/13 19:19:49 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
[2009/06/02 12:15:44 | 000,113,152 | ---- | C] () -- D:\Windows\System32\ff_unrar.dll
[2009/06/02 12:15:18 | 000,146,944 | ---- | C] () -- D:\Windows\System32\ff_tremor.dll
[2009/06/02 12:15:04 | 000,183,296 | ---- | C] () -- D:\Windows\System32\ff_samplerate.dll
[2009/06/02 12:14:56 | 000,178,688 | ---- | C] () -- D:\Windows\System32\ff_libmad.dll
[2009/06/02 12:14:30 | 000,486,400 | ---- | C] () -- D:\Windows\System32\ff_libfaad2.dll
[2009/06/02 12:13:58 | 000,257,024 | ---- | C] () -- D:\Windows\System32\ff_libdts.dll
[2009/06/02 12:13:50 | 000,142,848 | ---- | C] () -- D:\Windows\System32\ff_liba52.dll
[2009/06/02 12:11:26 | 000,098,304 | ---- | C] () -- D:\Windows\System32\ff_wmv9.dll
[2009/06/02 12:11:16 | 000,085,504 | ---- | C] () -- D:\Windows\System32\ff_vfw.dll
[2009/05/20 06:04:42 | 000,045,568 | ---- | C] () -- D:\Windows\System32\spdifer_config.exe
[2009/01/10 17:17:32 | 000,163,840 | ---- | C] () -- D:\Windows\System32\ts.dll
[2009/01/10 17:16:56 | 000,148,480 | ---- | C] () -- D:\Windows\System32\mkx.dll
[2009/01/10 17:16:50 | 000,108,032 | ---- | C] () -- D:\Windows\System32\avi.dll
[2009/01/10 17:16:14 | 000,141,312 | ---- | C] () -- D:\Windows\System32\mp4.dll
[2009/01/10 17:16:04 | 000,335,872 | ---- | C] () -- D:\Windows\System32\gdsmux.exe
[2009/01/10 17:15:54 | 000,120,832 | ---- | C] () -- D:\Windows\System32\ogm.dll
[2009/01/10 17:15:44 | 000,159,744 | ---- | C] () -- D:\Windows\System32\mmfinfo.dll
[2009/01/10 17:15:36 | 000,103,424 | ---- | C] () -- D:\Windows\System32\dsmux.exe
[2009/01/10 17:15:32 | 000,102,400 | ---- | C] () -- D:\Windows\System32\avss.dll
[2009/01/10 17:15:28 | 000,246,784 | ---- | C] () -- D:\Windows\System32\dxr.dll
[2009/01/10 17:15:12 | 000,097,280 | ---- | C] () -- D:\Windows\System32\avs.dll
[2009/01/10 17:15:06 | 000,135,168 | ---- | C] () -- D:\Windows\System32\mkv2vfr.exe
[2009/01/10 17:14:08 | 000,079,360 | ---- | C] () -- D:\Windows\System32\mkzlib.dll
[2009/01/10 17:14:06 | 000,023,552 | ---- | C] () -- D:\Windows\System32\mkunicode.dll
[2008/12/03 17:11:50 | 000,180,224 | ---- | C] () -- D:\Windows\System32\xvidvfw.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- D:\Windows\System32\qt-dx331.dll
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- D:\Windows\System32\Registration.ini
[2003/05/09 17:36:30 | 000,151,744 | ---- | C] () -- D:\Windows\System32\ir32.dll
 
========== LOP Check ==========
 
[2010/10/02 07:17:03 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2010/10/02 09:57:01 | 000,000,000 | ---D | M] -- D:\ProgramData\CheckPoint
[2011/07/18 02:27:55 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/10/02 07:17:03 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2010/10/02 07:17:03 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2011/01/23 04:41:06 | 000,000,000 | ---D | M] -- D:\ProgramData\FreeRIP
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/10/02 07:17:03 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2010/10/02 07:45:10 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2011/12/21 10:55:38 | 000,000,000 | ---D | M] -- D:\ProgramData\tmp
[2010/10/02 07:17:03 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2011/07/18 02:02:46 | 000,032,630 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
hier ist der Link zum Combofix log den ich gesstern gepostet habe. Danach gings wieder

http://www.trojaner-board.de/107074-...en-laptop.html


Hilfe!

Gruß
David

markusg 29.12.2011 12:58
jo bist ja auch selber schuld, warum arbeitest du auch nicht vernünftig bis zum ende.

als ob wir nicht schon genug zu tun hätten wäre nämlich locker zu vermeiden gewesen.
nimm jetzt (für immer) die finger von streaming seiten wie kino.to und nachfolger, sind eh illegal, sport streaming und am besten auch porno seiten.

und diesmal bis zum ende arbeiten, noch mal fange ich nicht von vorn an.

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O4 - HKU\Eichenberg_ON_D..\Run: [WBhXTAWuFpmNyON] D:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe (sYhiglWP)
O20 - HKLM Winlogon: Shell - (C:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe) - D:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe (sYhiglWP)
O20 - HKU\Eichenberg_ON_D Winlogon: Shell - (C:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe) - D:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe
(sYhiglWP)

:Files
D:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

öffne computer, öffne D: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

David1234 29.12.2011 13:30
Hallo,

habe jetzt den fix durchgeführt und es ist das Selbe problem wie gestern: schwarzer Screen und ich kann nur die Maus bewegen.
Der Task manager "Wurde vom Administrator gesperrt" auch der abgesicherte Modus funktioniert nicht.

Wenn ich im abgesicherten Modus mit Eingabeauforderung die explorer.exe starte dann öffnet sich selbiger ud ich komme an OTL.
Hab jetzt nochmal nen Quickscan gemacht. Der neue Log ist hier:

Code:
OTL logfile created on: 29.12.2011 13:20:01 - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = C:\
Windows 7 Professional  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 88,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,03 Gb Total Space | 41,24 Gb Free Space | 52,85% Space Free | Partition Type: NTFS
Drive D: | 219,96 Gb Total Space | 178,43 Gb Free Space | 81,12% Space Free | Partition Type: NTFS
 
Computer Name: SCHLEPPI | User Name: Eichenberg
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.17 12:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.07.17 11:09:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.14 17:47:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.29 10:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010.06.28 12:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.07.30 08:25:02 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV - [2009.07.30 08:12:44 | 000,348,160 | ---- | M] (Red Bend Ltd.) [Auto] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.10.11 08:45:56 | 000,051,712 | ---- | M] (ArcSoft) [Auto] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (catchme)
DRV - [2011.07.18 08:28:27 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.07.17 11:09:05 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.17 11:09:05 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.05.15 15:30:50 | 000,461,400 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010.01.20 05:14:42 | 000,023,136 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009.07.30 08:06:10 | 000,056,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bpenum.sys -- (bpenum) Intel(R)
DRV - [2009.07.21 20:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.06.25 21:12:18 | 001,168,880 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009.06.15 03:46:22 | 000,475,648 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.08.06 11:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008.03.14 14:23:12 | 000,169,008 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006.02.20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-480914443-328749169-2925027588-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-480914443-328749169-2925027588-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-480914443-328749169-2925027588-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA BF 3B 1C 3D 62 CB 01  [binary data]
IE - HKU\S-1-5-21-480914443-328749169-2925027588-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.6
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.6
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.7.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\System32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97: C:\Programme\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.19 12:24:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.19 12:24:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.19 12:24:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.10.02 16:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eichenberg\AppData\Roaming\mozilla\Extensions
[2010.10.02 16:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eichenberg\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.29 09:08:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eichenberg\AppData\Roaming\mozilla\Firefox\Profiles\u2is866s.default\extensions
[2010.10.03 13:52:17 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Eichenberg\AppData\Roaming\mozilla\Firefox\Profiles\u2is866s.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.12.25 19:13:40 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\Eichenberg\AppData\Roaming\mozilla\Firefox\Profiles\u2is866s.default\extensions\toolbar@web.de
[2010.08.27 22:04:54 | 000,000,943 | ---- | M] () -- C:\Users\Eichenberg\AppData\Roaming\Mozilla\Firefox\Profiles\u2is866s.default\searchplugins\conduit.xml
[2011.09.17 11:14:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.02 16:11:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.09.17 11:14:37 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2010.10.02 16:11:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.09.17 11:14:38 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.09.14 22:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 22:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.14 22:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.14 22:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.14 22:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKU\S-1-5-21-480914443-328749169-2925027588-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [WBhXTAWuFpmNyON]  File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-480914443-328749169-2925027588-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-480914443-328749169-2925027588-1000..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKU\S-1-5-21-480914443-328749169-2925027588-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-480914443-328749169-2925027588-1000..\Run: [WBhXTAWuFpmNyON]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-480914443-328749169-2925027588-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-480914443-328749169-2925027588-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-480914443-328749169-2925027588-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\S-1-5-21-480914443-328749169-2925027588-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 1
O7 - HKU\S-1-5-21-480914443-328749169-2925027588-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-480914443-328749169-2925027588-1000 Winlogon: Shell - (C:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe) -  File not found
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.29 10:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.12.29 10:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.12.29 10:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.12.29 09:59:56 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011.12.29 09:53:40 | 000,095,744 | ---- | C] (Kassl GmbH) -- C:\Users\Eichenberg\AppData\Roaming\dwlGina3.dll
[2011.12.29 09:41:08 | 000,000,000 | ---D | C] -- C:\Users\Eichenberg\AppData\Roaming\OCS
[2011.12.29 01:23:52 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011.12.29 01:23:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.28 21:24:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.12.28 21:24:44 | 000,000,000 | ---D | C] -- C:\Users\Eichenberg\AppData\Local\temp
[2011.12.28 21:17:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.12.28 21:17:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.12.28 21:17:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.12.28 21:16:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.12.28 21:16:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.12.24 14:45:34 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2011.12.24 14:44:58 | 000,000,000 | ---D | C] -- C:\Users\Eichenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2011.12.24 14:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\FreeTime
[2011.12.16 18:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Müller Foto
[2011.12.16 18:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mueller Foto
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.29 13:16:10 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2011.12.29 13:15:57 | 2384,932,864 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.29 10:10:09 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.29 10:10:09 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.29 10:10:09 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.29 10:10:09 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.29 10:09:43 | 000,001,240 | ---- | M] () -- C:\Users\Eichenberg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011.12.29 10:09:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.12.29 09:53:40 | 000,095,744 | ---- | M] (Kassl GmbH) -- C:\Users\Eichenberg\AppData\Roaming\dwlGina3.dll
[2011.12.29 09:06:19 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.29 09:06:19 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.17 09:38:01 | 000,455,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.16 18:24:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Müller Foto
 
========== Files Created - No Company Name ==========
 
[2011.12.29 10:09:43 | 000,001,240 | ---- | C] () -- C:\Users\Eichenberg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011.12.28 21:17:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.12.28 21:17:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.12.28 21:17:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.12.28 21:17:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.12.28 21:17:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.03.19 10:47:37 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.03.19 10:47:37 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.03.19 10:47:37 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.03.19 10:47:37 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.03.19 10:47:37 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.03.19 10:47:37 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.03.19 10:47:37 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.03.19 10:47:37 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.03.19 10:47:37 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.03.19 10:47:37 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.03.19 10:47:37 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.03.19 10:47:37 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.03.19 10:47:37 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.03.19 10:47:37 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.03.19 10:47:37 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.03.19 10:47:37 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.03.19 10:47:37 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.03.19 10:47:37 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.03.19 10:47:37 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.01.23 10:40:59 | 000,000,034 | ---- | C] () -- C:\Users\Eichenberg\AppData\Roaming\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011.01.23 10:40:56 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010.10.09 16:17:32 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.10.09 16:17:32 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.10.09 16:14:21 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2010.10.03 13:59:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.10.02 16:31:08 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL
[2010.10.02 16:31:06 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010.10.02 13:52:20 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010.10.02 13:42:46 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2010.10.02 13:26:36 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010.07.28 20:01:14 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.07.28 20:01:12 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.07.28 20:01:10 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.07.28 19:18:42 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.07.28 19:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.07.28 19:14:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009.08.27 20:04:44 | 000,557,003 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009.08.27 20:04:32 | 000,811,835 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009.08.27 20:03:52 | 004,456,201 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009.08.25 19:07:36 | 000,328,334 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009.08.25 18:38:04 | 000,425,040 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009.08.25 17:56:56 | 000,829,781 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.08.25 17:37:02 | 000,146,098 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009.08.11 21:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009.07.30 08:17:12 | 000,002,048 | ---- | C] () -- C:\Windows\System32\EventLogMessages.dll
[2009.07.14 09:47:43 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,455,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.06.02 18:15:44 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009.06.02 18:15:18 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009.06.02 18:15:04 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009.06.02 18:14:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009.06.02 18:14:30 | 000,486,400 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009.06.02 18:13:58 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009.06.02 18:13:50 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009.06.02 18:11:26 | 000,098,304 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009.06.02 18:11:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.05.20 12:04:42 | 000,045,568 | ---- | C] () -- C:\Windows\System32\spdifer_config.exe
[2009.01.10 23:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009.01.10 23:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009.01.10 23:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009.01.10 23:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009.01.10 23:16:04 | 000,335,872 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2009.01.10 23:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009.01.10 23:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009.01.10 23:15:36 | 000,103,424 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2009.01.10 23:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009.01.10 23:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009.01.10 23:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009.01.10 23:15:06 | 000,135,168 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2009.01.10 23:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009.01.10 23:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008.12.03 23:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007.10.13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2003.05.09 23:36:30 | 000,151,744 | ---- | C] () -- C:\Windows\System32\ir32.dll
 
========== LOP Check ==========
 
[2010.10.02 15:58:22 | 000,000,000 | ---D | M] -- C:\Users\Eichenberg\AppData\Roaming\CheckPoint
[2011.07.18 08:30:57 | 000,000,000 | ---D | M] -- C:\Users\Eichenberg\AppData\Roaming\DAEMON Tools Lite
[2011.04.10 08:33:06 | 000,000,000 | ---D | M] -- C:\Users\Eichenberg\AppData\Roaming\FreeBurner
[2011.12.29 09:41:08 | 000,000,000 | ---D | M] -- C:\Users\Eichenberg\AppData\Roaming\OCS
[2010.10.02 16:05:27 | 000,000,000 | ---D | M] -- C:\Users\Eichenberg\AppData\Roaming\OpenOffice.org
[2011.03.19 10:51:02 | 000,000,000 | ---D | M] -- C:\Users\Eichenberg\AppData\Roaming\Panasonic
[2010.10.02 16:17:48 | 000,000,000 | ---D | M] -- C:\Users\Eichenberg\AppData\Roaming\Thunderbird
[2011.12.26 17:10:41 | 000,000,000 | ---D | M] -- C:\Users\Eichenberg\AppData\Roaming\XnView
[2010.10.02 13:17:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010.10.02 15:57:01 | 000,000,000 | ---D | M] -- C:\ProgramData\CheckPoint
[2011.07.18 08:27:55 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010.10.02 13:17:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010.10.02 13:17:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011.01.23 10:41:06 | 000,000,000 | ---D | M] -- C:\ProgramData\FreeRIP
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010.10.02 13:17:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2010.10.02 13:45:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011.12.21 16:55:38 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp
[2010.10.02 13:17:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011.07.18 08:02:46 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
Den Moved Files.zip wollte ich hochladen. Im Uplad Channel kam Folgende Meldung:

Zitat:
Datei: Moved Files.zip empfangen

Fehler: Die Dateien konnten nicht empfangen werden. Bitte melden Sie sich im Forum.
Danke für deine Geduld!
David

Noch eine Frage: sollte ich den Stick mit dem ich die Daten transferiere eigentlich lieber plattmachen bzw ganz entsorgen nach der Sache hier? Zwecks Infektionsvermeidung?

David1234 29.12.2011 14:35
Jetzt hat das mit dem Hochladen geklappt...

markusg 29.12.2011 14:41
nein nicht nötig
abgesicherter modus mit eingabeaufforderung, mit f8 nach pc start zu erreichen
auf dem sauberen pc auf nen stick kopieren hinterher an den infizierten pc
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

malwarebytes:

dann schreibe, wenn stick am pc is:
d:\combofix.exe
enter
falls das nicht klappt:
e:\combofix.exe
usw. dann falls meldung von aktievem antimalware kommt, überspringen, dann pc evtl. falls nicht von allein startet, in den normalen modus starten, log posten

David1234 29.12.2011 14:57
Hallo,
hier ist der Combofix log

Code:
ComboFix 11-12-29.02 - Eichenberg 29.12.2011  14:47:26.2.2 - x86 MINIMAL
Microsoft Windows 7 Professional  6.1.7600.0.1252.49.1031.18.3033.2338 [GMT 1:00]
ausgeführt von:: G:\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Eichenberg\AppData\Roaming\dwlGina3.dll
c:\windows\system32\msprpde.dll
c:\windows\system32\msstkprp.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-11-28 bis 2011-12-29  ))))))))))))))))))))))))))))))
.
.
2011-12-29 13:53 . 2011-12-29 13:53        --------        d-----w-        c:\users\Eichenberg\AppData\Local\temp
2011-12-29 13:53 . 2011-12-29 13:53        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-12-29 13:45 . 2011-12-29 13:45        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{67D86898-EA4D-4F12-BF05-AB33B5015CC9}\offreg.dll
2011-12-29 12:58 . 2011-12-29 12:58        --------        d-----w-        c:\users\Eichenberg\AppData\Roaming\Malwarebytes
2011-12-29 12:57 . 2011-12-29 12:57        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-12-29 12:57 . 2011-12-29 12:57        --------        d-----w-        c:\programdata\Malwarebytes
2011-12-29 12:57 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-29 09:09 . 2011-12-29 10:03        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2011-12-29 09:09 . 2011-12-29 09:10        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2011-12-29 08:41 . 2011-12-29 08:41        --------        d-----w-        c:\users\Eichenberg\AppData\Roaming\OCS
2011-12-29 00:23 . 2011-07-13 02:55        2237440        ----a-r-        C:\OTLPE.exe
2011-12-29 00:23 . 2011-12-29 12:23        --------        d-----w-        C:\_OTL
2011-12-27 10:57 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{67D86898-EA4D-4F12-BF05-AB33B5015CC9}\mpengine.dll
2011-12-24 13:44 . 2011-12-24 13:44        --------        d-----w-        c:\program files\FreeTime
2011-12-16 17:28 . 2011-12-16 17:28        --------        d-----w-        c:\users\Eichenberg\restore
2011-12-16 17:12 . 2011-12-16 17:12        --------        d-----w-        c:\program files\Mueller Foto
2011-12-16 16:02 . 2011-11-24 04:23        2340352        ----a-w-        c:\windows\system32\win32k.sys
2011-12-16 16:02 . 2011-11-05 04:30        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-12-16 16:02 . 2011-10-15 05:48        534528        ----a-w-        c:\windows\system32\EncDec.dll
2011-12-16 16:02 . 2011-10-26 04:25        38912        ----a-w-        c:\windows\system32\csrsrv.dll
2011-12-16 16:02 . 2011-10-26 04:42        3901808        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-12-16 16:02 . 2011-10-26 04:42        3957104        ----a-w-        c:\windows\system32\ntkrnlpa.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 13:29 . 2010-10-02 14:23        222080        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"WBhXTAWuFpmNyON"="c:\users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe" [BU]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2009-07-30 1425408]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-26 163840]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-07-15 4081480]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-25 5064520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-18 281768]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-28 1043968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-08-17 534880]
"WBhXTAWuFpmNyON"="c:\users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO HD Edition.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2011-3-19 44176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^Eichenberg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Eichenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07        932288        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47        35760        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-05-26 14:46        1159168        ------w-        c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 08:26        114688        ------w-        c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
2003-11-27 22:56        733184        ----a-w-        c:\program files\Corel\Corel Graphics 12\Languages\DE\Programs\registration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44        248552        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-14 136360]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-08-17 402328]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-07-30 348160]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-07-30 815104]
R3 bpenum;Intel(R) WiMAX Link Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2009-07-30 56320]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-18 218688]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper        REG_MULTI_SZ          nosGetPlusHelper
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: &FreeRIP Search - c:\program files\FreeRIP3\toolband.dll/MENUSEARCH.HTM
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Eichenberg\AppData\Roaming\Mozilla\Firefox\Profiles\u2is866s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: WEB.DE Toolbar: toolbar@web.de - %profile%\extensions\toolbar@web.de
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-12-29  14:54:48
ComboFix-quarantined-files.txt  2011-12-29 13:54
ComboFix2.txt  2011-12-28 20:24
.
Vor Suchlauf: 11 Verzeichnis(se), 44.448.272.384 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 44.217.253.888 Bytes frei
.
- - End Of File - - 4FD1E23F71193E53D7386DA7CB144E7F

markusg 29.12.2011 15:44
öffne malwarebytes, logdateien alle scan logs posten

David1234 29.12.2011 19:33
Hat ein bisschen gedauert, weil ich unterwegs war.
Aber hier nun der logfile von Malwarebytes:

Code:
Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.29.04

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Eichenberg :: SCHLEPPI [Administrator]

Schutz: Aktiviert

29.12.2011 18:12:52
mbam-log-2011-12-29 (18-12-52).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 296348
Laufzeit: 56 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WBhXTAWuFpmNyON (Trojan.Agent) -> Daten: C:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WBhXTAWuFpmNyON (Trojan.Agent) -> Daten: C:\Users\Eichenberg\AppData\Roaming\sbcvvhost_win86.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Schein ja noch 2 mal drauf gewesen zu sein. Bin auf eine Expertenmeinung gespannt.

Gruß
David

markusg 29.12.2011 19:42
hi,
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.

David1234 30.12.2011 11:14
Moin,
hab jetzt alle vefügbaren Updates installiert.
Gibt es sonst noch was was ich tun muss oder bin ich den Plagegeist dank deiner geduldigen Hilfe endlich los?

Gruß
David

markusg 30.12.2011 12:14
noch nicht, wir räumen jetzt den pc auf und sichern ihn weiter ab,
damit du in zukunft besser geschützt bist

lade den CCleaner standard:
CCleaner Download - CCleaner 3.14.1616
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

David1234 31.12.2011 11:53
Hallo,
hier die auf meinem System vorhandenen Progs. Mit Kommentaren

Code:
Adobe Download Manager    NOS Microsystems Ltd.    02.01.2011        1.6.2.97            Nötig
Adobe Flash Player 10 ActiveX    Adobe Systems Incorporated    02.01.2011    6,00MB    10.1.102.64    Nötig
Adobe Flash Player 10 Plugin    Adobe Systems Incorporated    17.09.2011    6,00MB    10.3.183.7    Nötig
Adobe Reader 9.4.1 - Deutsch    Adobe Systems Incorporated    13.01.2011    167,4MB    9.4.1        Nötig
ALPS Touch Pad Driver        01.10.2010                                Nötig
Apple Application Support    Apple Inc.    18.03.2011    52,7MB    1.4.1                Unnötig
Apple Software Update    Apple Inc.    01.10.2010    2,16MB    2.1.1.116                Unnötig
ArcSoft Software Suite    ArcSoft    18.03.2011        1.0                        Nötig
Audiograbber 1.83 SE    Audiograbber    10.04.2011        1.83 SE                Unnötig   
Audiograbber MP3-Plugin    AG    09.04.2011        1.0                        Unnötig
Avira AntiVir Personal - Free Antivirus    Avira GmbH    28.10.2011    61,8MB    10.2.0.704        Nötig
Broadcom 802.11 Wireless Driver        01.10.2010        1.0.0.0                    Nötig?
Broadcom Gigabit Integrated Controller    Broadcom Corporation    01.10.2010    1,23MB    12.24.01    Unbekannt
Brother MFL-Pro Suite DCP-165C    Brother Industries, Ltd.    08.10.2010        1.0.1.0        Nötig
CCleaner    Piriform    30.12.2011        3.14                        Unnötig
Cole2k Media - Codec Pack (Advanced) 7.8.0    Cole2k Media    18.03.2011                Unbekannt
Conexant HD Audio    Conexant    01.10.2010        4.98.4.0                Nötig?
CorelDRAW Graphics Suite 12    Corel Corporation    03.10.2010    422MB    12.0.0.458        Nötig
DAEMON Tools Lite    DT Soft Ltd    17.07.2011        4.40.2.0131                Unnötig
Energy Management    Lenovo    01.10.2010        4.3.1.1                        Nötig
FormatFactory 2.80    Free Time    23.12.2011        2.80                    Unnötig
Free Easy Burner V 4.1    Koyote soft    01.10.2010    8,33MB    4.1.0.0                    Unnötig
Intel(R) Graphics Media Accelerator Driver    Intel Corporation    03.10.2010    38.086MB    Nötig
Intel(R) TV Wizard    Intel Corporation    01.10.2010                        Nötig
Intel® Matrix Storage Manager    Intel Corporation    01.10.2010                    Nötig
Intel® PROSet/Wireless WiMAX Software    Intel Corporation    01.10.2010    11,3MB    1.04.0000    Nötig
Java(TM) 6 Update 21    Sun Microsystems, Inc.    01.10.2010    97,2MB    6.0.210                Nötig?
Lenovo EasyCamera    Lenovo EasyCamera    01.10.2010        6.32.2018.03            Unnötig
Lenovo OneKey Recovery    CyberLink Corp.    01.10.2010    329MB    7.0.0723                Nötig?
Malwarebytes Anti-Malware Version 1.60.0.1800    Malwarebytes Corporation    28.12.2011    18,6MB    1.60.0.1800    Sehr Nützlich
Mein CEWE FOTOBUCH        03.01.2011                                Unnötig
Microsoft .NET Framework 4 Client Profile    Microsoft Corporation    02.10.2010    38,8MB    4.0.30319    Nötig?
Microsoft .NET Framework 4 Client Profile DEU Language Pack    Microsoft Corporation    02.10.2010    2,94MB    4.0.30319  Nötig
Microsoft Office File Validation Add-In    Microsoft Corporation    29.12.2011    7,95MB    14.0.5130.5003        Nötig?
Microsoft Office Professional Plus 2007    Microsoft Corporation    28.12.2011        12.0.6612.1000        Nötig?
Microsoft Silverlight    Microsoft Corporation    28.10.2011    140,1MB    4.0.60831.0                Nötig?
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053    Microsoft Corporation    18.03.2011    0,25MB    8.0.50727.4053        Nötig?
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    20.06.2011    0,29MB    8.0.61001                    Nötig?
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570    Microsoft Corporation    12.04.2011    0,58MB    9.0.30729.5570    Nötig?
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729    Microsoft Corporation    03.01.2011    0,24MB    9.0.30729            Nötig?
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    01.10.2010    0,58MB    9.0.30729.4148            Nötig?
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    20.06.2011    0,59MB    9.0.30729.6161            Nötig?
Mozilla Firefox (3.6.10)    Mozilla    01.10.2010        3.6.10 (de)                                    Unnötig
Mozilla Thunderbird (3.1.4)    Mozilla    01.10.2010        3.1.4 (de)                                    Unnötig? (von meinem Bruder)
MSXML 4.0 SP2 (KB954430)    Microsoft Corporation    08.10.2010    1,28MB    4.20.9870.0                Unbekannt
MSXML 4.0 SP2 (KB973688)    Microsoft Corporation    14.10.2010    1,33MB    4.20.9876.0                Unbekannt
Müller Foto        15.12.2011                                        Unnötig
OpenOffice.org 3.2    OpenOffice.org    01.10.2010    379MB    3.2.9502                    Unnötig
PDFCreator    Frank Heindörfer, Philip Chinery    02.10.2010        1.0.2                Unnötig
pdfforge Toolbar v4.6    Spigot, Inc.    16.09.2011    3,17MB    4.6                        Nötig??
PHOTOfunSTUDIO HD Edition    Panasonic    18.03.2011        3.00.126                Unnötig
QuickTime    Apple Inc.    18.03.2011    73,7MB    7.69.80.9                        Unnötig (zum .mov dateien abspielen?)
Spybot - Search & Destroy    Safer Networking Limited    28.12.2011        1.6.2            sehr Nützlich
VLC media player 1.1.4    VideoLAN    01.10.2010        1.1.4                        Unnötig
XnView 1.97.8    Gougelet Pierre-e    18.03.2011    29,7MB    1.97.8                        Unnötig
ZoneAlarm    Check Point, Inc    01.10.2010        9.2.058.000                    Unnötig
Vielen dank und GUTEN RUTSCH INS NEUE JAHR
David

markusg 02.01.2012 16:38
deinstaliere:
Adobe Flash Player alle
Adobe - Andere Version des Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Apple beide
Audiograbber beide
Cole2k
DAEMON Tools
FormatFactory
Free Easy
Java
Download der kostenlosen Java-Software
downloade java jre instalieren.

deinstaliere:
Lenovo EasyCamera
Mein CEWE
Mozilla Firefox unbedingt website aufsuchen, thunderbird und firefox da fehlen ne menge updates, also viele sicherheitslücken.
deinstaliere
Müller Foto
PDFCreator
pdfforge
PHOTOfunSTUDIO
Spybot sehr unnötig, bringt kaum was.
XnView
ZoneAlarm

ccleaner öffnen, analysieren, bereinigen.
berichten wie der pc läuft


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:29 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131