Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Antivir, Firewall und Sicherheitscenter außer Betrieb, einschalten unmöglich (https://www.trojaner-board.de/123585-antivir-firewall-sicherheitscenter-ausser-betrieb-einschalten-unmoeglich.html)

Ronin07 06.09.2012 10:04
Antivir, Firewall und Sicherheitscenter außer Betrieb, einschalten unmöglich
 
Hallo liebe Community,

jetzt hat es mich wohl auch einmal mit einem Krabbelvieh erwischt.

Vorgestern Abend kam auf meinem HTPC eine sehr penetrante Aufforderung etwas zu installieren, aber bereits als UAC-Hinweis "Möchten Sie zulassen, dass durch das folgende Programm Änderungen..." Urheber war (soweit ich mich erinnere) Adobe Flash V11.4irgendwas. Das hatte ich bestimmt 10mal weggeklickt, kam aber im Sekundentakt immer wieder. Ich bin dann wohl drauf reingefallen und habe JA geklickt, weil ich nicht weiterkam. Ich kam noch nicht einmal an den Taskmanager ran.

Gestern Morgen ist mir aufgefallen, dass Antivir, Firewall und Sicherheitscenter aus sind. Einschalten geht nicht, es gibt immer Fehlermeldungen, dass der entsprechende Dienst nicht bereit sei oder einen Fehler verursacht hat und beendet wurde.

Auf dem Rechner läuft Windows 7 Home Premium 32bit. Er ist für externe Dienste (Zugriff per Dyndns) konfiguriert als E-Mail-Relais, Videorekorder, Videostreamer. Zusätzlich laufen noch Hardwareüberwachung, Teamviewer. Leider surfe ich damit auch manchmal.

Ich habe MBAM bewusst noch nicht drüber geschickt, um nicht die Ursache zu entfernen ohne den Schaden reparieren zu können.

Eigentlich möchte ich das Windows nicht neu aufsetzen, weil die Einrichtung der einzelnen Programme unendlich viel Zeit in Anspruch nimmt.

Logfiles Defogger, OTL, Extras und Gmer (anonymisiert):

defogger_disable.log
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:53 on 05/09/2012 (XXXXX)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
otl.txt
Code:
OTL logfile created on: 05.09.2012 20:57:14 - Run 2
OTL by OldTimer - Version 3.2.61.0    Folder = G:\
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,24 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 64,56% Memory free
6,48 Gb Paging File | 5,09 Gb Available in Paging File | 78,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 106,28 Gb Free Space | 71,35% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 409,45 Gb Free Space | 87,91% Space Free | Partition Type: NTFS
Drive E: | 1862,90 Gb Total Space | 1361,00 Gb Free Space | 73,06% Space Free | Partition Type: NTFS
Drive G: | 7,52 Gb Total Space | 5,36 Gb Free Space | 71,30% Space Free | Partition Type: FAT32
 
Computer Name: HTPC | User Name: XXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SmarterTools\SmarterMail\Service\MailService.exe ()
PRC - C:\Programme\SmarterTools\SmarterMail\Web Server\SMWebSvr.exe (SmarterTools Inc)
PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe ()
PRC - C:\Programme\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe ()
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Dyn Updater\DynUpSvc.exe (Dyn, Inc.)
PRC - C:\Programme\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
PRC - C:\Windows\System32\WinMsgBalloonServer.exe (AMD)
PRC - C:\Windows\System32\WinMsgBalloonClient.exe (AMD)
PRC - C:\Programme\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
PRC - C:\Programme\AMD\RAIDXpert\bin\RAIDXpert.exe (AMD)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\FatAttitude\Remote Potato\RemotePotatoService.exe (FatAttitude)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\mcShoutCast\mcShoutCastECommerceService.exe ()
PRC - C:\Programme\mcShoutCast\ShoutCastLauraFMService.exe (Sörnt Poppe)
PRC - C:\Programme\mcShoutCast\ShoutCastProxyService.exe (Sörnt Poppe)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\SmarterTools\SmarterMail\Service\Clam\bin\clamd.exe (SourceFire, Inc.)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
PRC - C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Programme\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (RemoteKeySrv) -- C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MailService) -- C:\Programme\SmarterTools\SmarterMail\Service\MailService.exe ()
SRV - (SMWebSvr) -- C:\Programme\SmarterTools\SmarterMail\Web Server\SMWebSvr.exe (SmarterTools Inc)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Motorola Device Manager) -- C:\Programme\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe ()
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (DeviceMonitorService) -- C:\Programme\Motorola Media Link\Lite\NServiceEntry.exe (Nero AG)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Dyn Updater) -- C:\Programme\Dyn Updater\DynUpSvc.exe (Dyn, Inc.)
SRV - (PST Service) -- C:\Programme\Motorola\MotForwardDaemon\ForwardDaemon.exe (Motorola)
SRV - (AMD_RAIDXpert) -- C:\Programme\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Remote Potato Service) -- C:\Programme\FatAttitude\Remote Potato\RemotePotatoService.exe (FatAttitude)
SRV - (mcShoutCastECommerceService) -- C:\Programme\mcShoutCast\mcShoutCastECommerceService.exe ()
SRV - (mcShoutCastLauraFM) -- C:\Programme\mcShoutCast\ShoutCastLauraFMService.exe (Sörnt Poppe)
SRV - (mcShoutCastProxy) -- C:\Programme\mcShoutCast\ShoutCastProxyService.exe (Sörnt Poppe)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
SRV - (DpHost) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (genport) -- C:\Program Files\RemoteKeySrv\GenPort.sys File not found
DRV - (cpuz135) -- C:\Users\XXXXX~1\AppData\Local\Temp\cpuz135\cpuz135_x32.sys File not found
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola Mobility Inc)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola Mobility Inc)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola Mobility Inc)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola Mobility Inc)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (silabser) -- C:\Windows\System32\drivers\silabser.sys (Silicon Laboratories)
DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (UDST7000HID) -- C:\Windows\System32\drivers\TerraTecUsbHid.sys (TerraTec Electronic GmbH.)
DRV - (UDST7000BDA) -- C:\Windows\System32\drivers\TerraTecUsbBda.sys (TerraTec Electronic GmbH.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (silabenm) -- C:\Windows\System32\drivers\silabenm.sys (Silicon Laboratories)
DRV - (dpK00701) -- C:\Windows\System32\drivers\dpK00701.sys (DigitalPersona, Inc.)
DRV - (UsbdpFP) -- C:\Windows\System32\drivers\usbdpfp.sys (DigitalPersona, Inc.)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (Advanced Micro Devices, Inc)
DRV - (motandroidusb) -- C:\Windows\System32\drivers\motoandroid.sys (Motorola)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2627767576-3586868-1174844085-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2627767576-3586868-1174844085-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2627767576-3586868-1174844085-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2627767576-3586868-1174844085-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 DE 02 3D DE EC CC 01  [binary data]
IE - HKU\S-1-5-21-2627767576-3586868-1174844085-1001\..\SearchScopes,DefaultScope = {74377171-C6D2-4E30-BDC1-57A612ABD058}
IE - HKU\S-1-5-21-2627767576-3586868-1174844085-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2627767576-3586868-1174844085-1001\..\SearchScopes\{74377171-C6D2-4E30-BDC1-57A612ABD058}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2627767576-3586868-1174844085-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2627767576-3586868-1174844085-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://XXXXX.dyndns.info/Default.aspx"
FF - prefs.js..extensions.enabledAddons: avi@affinitysearch.com:1.0
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2012.02.16 20:58:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.17 21:34:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.31 06:52:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2012.02.16 20:58:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.31 06:52:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.06.25 19:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXX\AppData\Roaming\mozilla\Extensions
[2012.08.05 00:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXX\AppData\Roaming\mozilla\Firefox\Profiles\4qzn4t4n.default\extensions
[2012.06.25 22:03:07 | 000,019,014 | ---- | M] () (No name found) -- C:\Users\XXXXX\AppData\Roaming\mozilla\firefox\profiles\4qzn4t4n.default\extensions\avi@affinitysearch.com.xpi
[2012.07.19 20:25:23 | 000,827,050 | ---- | M] () (No name found) -- C:\Users\XXXXX\AppData\Roaming\mozilla\firefox\profiles\4qzn4t4n.default\extensions\ffe_ff3aeroff4@game-point.net.xpi
[2012.08.05 00:30:51 | 002,966,066 | ---- | M] () (No name found) -- C:\Users\XXXXX\AppData\Roaming\mozilla\firefox\profiles\4qzn4t4n.default\extensions\{c7b3cf78-9cbc-47b9-ba47-bb84a56069dd}.xpi
[2012.06.25 19:01:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.31 06:52:38 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 06:52:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\.DEFAULT..\Run: [RemotePotatoIRHelper] C:\Programme\FatAttitude\Remote Potato\RPKeySender.exe (FatAttitude)
O4 - HKU\S-1-5-18..\Run: [RemotePotatoIRHelper] C:\Programme\FatAttitude\Remote Potato\RPKeySender.exe (FatAttitude)
O4 - HKU\S-1-5-21-2627767576-3586868-1174844085-1001..\Run: [Gaasdazyh] "C:\Users\XXXXX\AppData\Roaming\Idho\ocidc.exe" File not found
O4 - HKU\S-1-5-21-2627767576-3586868-1174844085-1001..\Run: [Heatmaster] C:\Program Files\Alphacool\Heatmaster 2009\Heatmaster.exe ()
O4 - HKU\S-1-5-21-2627767576-3586868-1174844085-1001..\Run: [MyPhoneExplorer] C:\Program Files\MyPhoneExplorer\MyPhoneExplorer.exe (F.J. Wechselberger)
O4 - HKU\S-1-5-21-2627767576-3586868-1174844085-1001..\Run: [webcam 7] "C:\Program Files\webcam 7\wLite.exe" -auto File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yawcam.lnk = C:\Programme\Yawcam\Yawcam.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.27.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A7D6EA2-E4D0-405A-9BD3-CC774B66BEF9}: DhcpNameServer = 192.168.27.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{178b0c2a-e631-11e1-8406-00242124c943}\Shell - "" = AutoRun
O33 - MountPoints2\{178b0c2a-e631-11e1-8406-00242124c943}\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.05 20:56:48 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\Diagnostics
[2012.09.05 06:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.09.05 06:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.09.05 06:47:15 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.09.05 06:47:09 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.09.05 06:47:09 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.09.05 06:47:09 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.09.04 20:41:14 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012.09.03 19:20:38 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\Gaufib
[2012.09.03 08:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmarterMail
[2012.08.28 06:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.08.28 06:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012.08.28 06:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.08.23 06:39:16 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.15 03:01:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.15 03:01:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.15 03:01:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.15 03:01:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.15 03:01:51 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.15 03:01:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.15 03:01:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.15 00:54:45 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012.08.15 00:54:44 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.15 00:54:42 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012.08.14 20:43:08 | 000,000,000 | ---D | C] -- D:\XXXXX\Documents\Podcast
[2012.08.14 20:38:39 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\.gstreamer-0.10
[2012.08.14 20:38:20 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\Motorola
[2012.08.14 20:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2012.08.14 20:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012.08.14 20:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Media Link
[2012.08.14 20:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola
[2012.08.14 20:37:31 | 000,000,000 | ---D | C] -- C:\Temp
[2012.08.14 20:37:31 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\Motorola Mobility
[2012.08.14 20:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012.08.14 20:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Mobility
[2012.08.14 20:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012.08.14 20:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012.08.14 20:36:29 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\Motorola
[2012.08.14 20:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2012.08.14 20:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Mobility
[2012.08.14 20:35:33 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\MotoCast
[2012.08.14 10:08:55 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\MyPhoneExplorer
[2012.08.14 10:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2012.08.14 10:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\MyPhoneExplorer
[2012.08.13 13:17:39 | 000,073,416 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.05 21:02:22 | 000,015,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.05 21:02:22 | 000,015,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.05 20:54:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.05 20:54:39 | 2610,765,824 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.05 20:53:27 | 000,000,020 | ---- | M] () -- C:\Users\XXXXX\defogger_reenable
[2012.09.05 20:28:22 | 000,706,088 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.05 20:28:22 | 000,660,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.05 20:28:22 | 000,153,762 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.05 20:28:22 | 000,126,550 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.05 20:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.05 06:53:56 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.09.05 06:47:04 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.09.05 06:47:04 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.09.05 06:47:04 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.09.05 06:47:04 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.09.05 06:47:04 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.09.05 06:47:04 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.09.04 20:34:26 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.09.04 20:34:26 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.15 03:23:02 | 000,346,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.14 22:56:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2012.08.14 22:11:32 | 000,002,585 | ---- | M] () -- C:\Users\Public\Desktop\RSD Lite.lnk
[2012.08.14 20:38:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2012.08.14 20:38:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motfilt_01007.Wdf
[2012.08.14 20:37:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2012.08.14 20:37:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.08.14 20:37:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2012.08.14 20:37:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2012.08.14 20:37:40 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2012.08.14 10:08:51 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
 
========== Files Created - No Company Name ==========
 
[2012.09.05 20:53:13 | 000,000,020 | ---- | C] () -- C:\Users\XXXXX\defogger_reenable
[2012.09.05 06:53:47 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.08.23 06:39:17 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.14 22:56:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2012.08.14 22:11:32 | 000,002,597 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSD Lite.lnk
[2012.08.14 22:11:32 | 000,002,585 | ---- | C] () -- C:\Users\Public\Desktop\RSD Lite.lnk
[2012.08.14 20:38:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2012.08.14 20:38:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motfilt_01007.Wdf
[2012.08.14 20:37:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2012.08.14 20:37:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.08.14 20:37:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2012.08.14 20:37:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2012.08.14 20:37:40 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2012.08.14 10:08:51 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2012.07.27 22:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.04.12 21:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.02.17 23:54:42 | 000,023,040 | ---- | C] () -- C:\Windows\System32\BeepApp.exe
[2012.02.17 23:54:42 | 000,006,656 | R--- | C] () -- C:\Windows\System32\WinIo32.sys
[2012.02.16 21:00:42 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2012.02.16 21:00:41 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2012.02.15 04:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.02.15 04:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.02.14 00:24:56 | 004,407,808 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2012.02.12 16:20:36 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2012.02.12 14:33:30 | 001,143,059 | ---- | C] () -- C:\Windows\System32\avformat-lav-53.dll
[2012.02.12 14:33:30 | 000,360,729 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2012.02.12 14:33:30 | 000,203,818 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll
[2012.02.12 14:33:28 | 006,414,616 | ---- | C] () -- C:\Windows\System32\avcodec-lav-53.dll
[2012.02.12 14:33:28 | 000,138,774 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll
[2012.02.09 00:53:06 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.02.09 00:52:02 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2012.02.09 00:51:54 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2012.02.09 00:51:54 | 000,099,840 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2012.02.09 00:51:52 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2012.02.09 00:51:52 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2012.02.09 00:51:50 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2012.02.09 00:51:50 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2012.02.09 00:51:48 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2012.02.09 00:51:48 | 000,137,728 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2012.01.18 19:24:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.09.08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011.09.08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011.09.08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011.09.08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011.09.08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011.09.08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011.09.08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011.09.08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011.09.08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011.09.08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.05.30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.05.23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
 
========== LOP Check ==========
 
[2012.02.16 21:05:22 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\DigitalPersona
[2012.09.03 21:20:40 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Gaufib
[2012.08.14 20:50:55 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\MotoCast
[2012.08.14 20:36:34 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Motorola
[2012.08.14 20:37:31 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Motorola Mobility
[2012.08.19 11:11:31 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\MyPhoneExplorer
[2012.02.26 19:09:26 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Opera
[2012.05.13 08:25:23 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
extras.txt
Code:
OTL Extras logfile created on: 05.09.2012 20:57:14 - Run 2
OTL by OldTimer - Version 3.2.61.0    Folder = G:\
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,24 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 64,56% Memory free
6,48 Gb Paging File | 5,09 Gb Available in Paging File | 78,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 106,28 Gb Free Space | 71,35% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 409,45 Gb Free Space | 87,91% Space Free | Partition Type: NTFS
Drive E: | 1862,90 Gb Total Space | 1361,00 Gb Free Space | 73,06% Space Free | Partition Type: NTFS
Drive G: | 7,52 Gb Total Space | 5,36 Gb Free Space | 71,30% Space Free | Partition Type: FAT32
 
Computer Name: HTPC | User Name: XXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-2627767576-3586868-1174844085-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{02B647BD-B02F-4D17-B717-0A247E294DA8}" = mcShoutCast
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{071E3D6A-79AB-0085-8CCF-EF52AEC6666F}" = AMD Accelerated Video Transcoding
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2AADC4EE-94C8-422B-977B-547774C4A463}" = Motorola Device Software Update
"{305C431C-CC6E-5506-CE75-29512315D306}" = AMD Drag and Drop Transcoding
"{33FFD86B-569C-9E8D-6659-A1F84D07CAD0}" = AMD Catalyst Install Manager
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{4F198874-3C7D-5983-02EB-9E234C43F174}" = AMD Steady Video Plug-In
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = AMD VISION Engine Control Center
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{5ED80B30-4DAE-4D73-9D62-AD89F661AF46}" = RSDLite
"{63F9D765-E8DE-D921-1C6A-DF17C1DFDDA1}" = ccc-utility
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6567F265-62EC-4BA9-9629-6B483B608854}" = SmarterMail Sync for Outlook 2003 and above
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71EB2BFF-7B03-45DA-BC36-A82D493E0692}" = Alphacool heatmaster® 2009
"{73A1B527-5A5C-4A59-9D6B-A866AF730FB0}" = SmarterMail
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{8C5C331A-97D6-46DE-BFF4-8424BD06A888}" = UltraVnc
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.8
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96A0DEB6-093D-B872-955C-BE865574C448}" = AMD Media Foundation Decoders
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B002889A-F359-4F2A-9113-10B0A438AD70}" = DigitalPersona Personal 4.10
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{C11504B9-1E67-C1E1-E448-EC30D25E453C}" = AMD Fuel
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDC6CF2A-3CA2-44A5-AC4F-695738B81A16}" = My Channel Logos
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{F35D5A5E-7739-49DB-8A0E-23E2E8F99D1A}" = Motorola Mobile Drivers Installation 5.9.0
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F40E2F0E-97CD-40F9-B8E8-DCF26342472B}" = Remote Potato
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"DivX Setup" = DivX-Setup
"DynUpdater" = Dyn Updater
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{73A1B527-5A5C-4A59-9D6B-A866AF730FB0}" = SmarterMail
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Opera 11.62.1347" = Opera 11.62
"TeamViewer 7" = TeamViewer 7
"TERRATEC H7" = TERRATEC H7 V1.00.07.601
"VLC media player" = VLC media player 1.1.11
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.9.0
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"X10Hardware" = X10 Hardware(TM)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.09.2012 14:08:57 | Computer Name = HTPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x12b8  Startzeit der fehlerhaften Anwendung: 0x01cd8b9184db0447  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: c2894c86-f784-11e1-a14a-00242124c943
 
Error - 05.09.2012 14:09:58 | Computer Name = HTPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x16cc  Startzeit der fehlerhaften Anwendung: 0x01cd8b91a8acb33b  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: e65e56e7-f784-11e1-a14a-00242124c943
 
Error - 05.09.2012 14:10:58 | Computer Name = HTPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x14b4  Startzeit der fehlerhaften Anwendung: 0x01cd8b91cc812159  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 0a31daa2-f785-11e1-a14a-00242124c943
 
Error - 05.09.2012 14:11:58 | Computer Name = HTPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x1498  Startzeit der fehlerhaften Anwendung: 0x01cd8b91f0542fe3  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 2e031464-f785-11e1-a14a-00242124c943
 
Error - 05.09.2012 14:12:58 | Computer Name = HTPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x1214  Startzeit der fehlerhaften Anwendung: 0x01cd8b921424cd63  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 51d315a2-f785-11e1-a14a-00242124c943
 
Error - 05.09.2012 14:13:58 | Computer Name = HTPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x1550  Startzeit der fehlerhaften Anwendung: 0x01cd8b9237f4f5b1  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 75a75cb0-f785-11e1-a14a-00242124c943
 
Error - 05.09.2012 14:14:58 | Computer Name = HTPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xd54  Startzeit der fehlerhaften Anwendung: 0x01cd8b925bc98ae0  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 997a6b39-f785-11e1-a14a-00242124c943
 
Error - 05.09.2012 14:15:58 | Computer Name = HTPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x10bc  Startzeit der fehlerhaften Anwendung: 0x01cd8b927f9c4b48  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: bd4d79c2-f785-11e1-a14a-00242124c943
 
Error - 05.09.2012 14:16:58 | Computer Name = HTPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x744  Startzeit der fehlerhaften Anwendung: 0x01cd8b92a36fa7f2  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: e120fd7d-f785-11e1-a14a-00242124c943
 
Error - 05.09.2012 14:17:58 | Computer Name = HTPC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x350  Startzeit der fehlerhaften Anwendung: 0x01cd8b92c7432bad  Pfad der
 fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 04f93c3a-f786-11e1-a14a-00242124c943
 
[ Media Center Events ]
Error - 05.09.2012 09:19:36 | Computer Name = HTPC | Source = MCUpdate | ID = 0
Description = 15:19:36 - Fehler beim Herstellen der Internetverbindung.  15:19:36
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 05.09.2012 09:19:51 | Computer Name = HTPC | Source = MCUpdate | ID = 0
Description = 15:19:41 - Fehler beim Herstellen der Internetverbindung.  15:19:41
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 05.09.2012 10:19:56 | Computer Name = HTPC | Source = MCUpdate | ID = 0
Description = 16:19:56 - Fehler beim Herstellen der Internetverbindung.  16:19:56
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 05.09.2012 10:20:06 | Computer Name = HTPC | Source = MCUpdate | ID = 0
Description = 16:20:01 - Fehler beim Herstellen der Internetverbindung.  16:20:01
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 05.09.2012 11:20:11 | Computer Name = HTPC | Source = MCUpdate | ID = 0
Description = 17:20:11 - Fehler beim Herstellen der Internetverbindung.  17:20:11
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 05.09.2012 11:20:21 | Computer Name = HTPC | Source = MCUpdate | ID = 0
Description = 17:20:16 - Fehler beim Herstellen der Internetverbindung.  17:20:16
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 05.09.2012 12:20:26 | Computer Name = HTPC | Source = MCUpdate | ID = 0
Description = 18:20:26 - Fehler beim Herstellen der Internetverbindung.  18:20:26
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 05.09.2012 12:20:37 | Computer Name = HTPC | Source = MCUpdate | ID = 0
Description = 18:20:31 - Fehler beim Herstellen der Internetverbindung.  18:20:31
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 19.07.2012 00:38:54 | Computer Name = HTPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%-2140993535
 
Error - 19.07.2012 00:39:03 | Computer Name = HTPC | Source = PNRPSvc | ID = 102
Description =
 
Error - 19.07.2012 00:39:03 | Computer Name = HTPC | Source = PNRPSvc | ID = 102
Description =
 
Error - 19.07.2012 00:39:03 | Computer Name = HTPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:  %%-2140993535
 
Error - 19.07.2012 00:39:03 | Computer Name = HTPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%-2140993535
 
Error - 19.07.2012 00:39:03 | Computer Name = HTPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:  %%-2140993535
 
Error - 19.07.2012 00:39:03 | Computer Name = HTPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%-2140993535
 
Error - 19.07.2012 00:45:33 | Computer Name = HTPC | Source = PNRPSvc | ID = 102
Description =
 
Error - 19.07.2012 00:45:33 | Computer Name = HTPC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:  %%-2140993535
 
Error - 19.07.2012 00:45:33 | Computer Name = HTPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde:  %%-2140993535
 
 
< End of report >
gmer.log
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-05 21:25:48
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000005b WDC_____ rev.03.0
Running: c6bqslx9.exe; Driver: C:\Users\XXXXX~1\AppData\Local\Temp\pgldipog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 140D  82E7F3C9 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2    82EB8D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          C:\Windows\system32\DRIVERS\atikmdag.sys  section is writeable [0x93229000, 0x147F58, 0xE8000020]

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000046        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

markusg 06.09.2012 14:38
nutzt du den pc für onlinebanking zum einkaufen für sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie berufliches?

Ronin07 06.09.2012 15:33
Zitat:
Zitat von markusg (Beitrag 909473)
nutzt du den pc für onlinebanking zum einkaufen für sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie berufliches?
Immer mal wieder eBay und Paypal, auch Online-Banking. Nicht beruflich.

markusg 06.09.2012 16:17
ok, bank anrufen, online banking wegen zbot trojaner sperren lassen.
alle passwörter später endern.
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

Ronin07 06.09.2012 16:36
Ok, Online-Banking ist dicht, die wichtigsten Passwörter ändere ich gerade von Arbeit aus.

Windows neu, hach so'n Mist. Aber danke erst einmal.

Muss ich beim Neuaufsetzen alle Platten formatieren oder reicht C: ?
Die meisten meiner Daten habe ich auf D: und E: ausgelagert.

Kannst Du sehen, wie lange der schon drauf ist? Ich hab da ein Backup von C: von vor ca. 2 Wochen (Acronis).

markusg 06.09.2012 21:40
na 2 wochen ist wohl zu frisch.
du musst alle platten, wo programme instaliert sind, formatieren.


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131