Trojaner-Board
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Scandoctor 2014 Logfile (https://www.trojaner-board.de/135844-scandoctor-2014-logfile.html)

schrauber 01.06.2013 08:47

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
SRV - (Update-Service) -- %SystemRoot%\System32\UpdSvc.dll File not found
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Jetzt bitte OTL öffnen, Scanne alle Benutzer anhaken, und folgendes Script einfügen:
Code:
%userprofile%\*.ink /600
Und Scan klicken, bitte das Logfile posten.

AlexisCorner 01.06.2013 09:52
Hi Schrauber, zum Glück ist heute so tolles Wetter, da bleibt man gerne im Haus;)

OTL removed:
Code:
========== OTL ==========
Service Update-Service stopped successfully!
Service Update-Service deleted successfully!
File  %SystemRoot%\System32\UpdSvc.dll File not found not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 06012013_100147
OTL-log
Code:
OTL logfile created on: 01.06.2013 10:16:15 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Aidy\Desktop\security
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,86% Memory free
6,18 Gb Paging File | 5,01 Gb Available in Paging File | 80,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,32 Gb Total Space | 132,08 Gb Free Space | 47,46% Space Free | Partition Type: NTFS
Drive D: | 19,76 Gb Total Space | 15,06 Gb Free Space | 76,23% Space Free | Partition Type: FAT32
 
Computer Name: AIDY-PC | User Name: Aidy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Aidy\Desktop\security\OTL.exe (OldTimer Tools)
PRC - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
PRC - C:\Programme\Common Files\soft Xpansion\sxds10.exe (soft Xpansion)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.)
PRC - C:\Programme\EgisTec\VITAKEY\PdtWzd.exe (Egis Technology Inc.)
PRC - C:\Programme\EgisTec\VITAKEY\CompPtcVUI.exe (Egis Technology Inc.)
PRC - C:\Programme\EgisTec\VITAKEY\BASVC.exe (Egis Technology Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (SXDS10) -- C:\Program Files\Common Files\soft Xpansion\sxds10.exe (soft Xpansion)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ST2012_Svc) -- C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (FlipShare Service) -- C:\Programme\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (FlipShareServer) -- C:\Programme\Flip Video\FlipShareServer\FlipShareServer.exe ()
SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (IGBASVC) -- C:\Programme\EgisTec\VITAKEY\BASVC.exe (Egis Technology Inc.)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZY202_VS) -- system32\DRIVERS\WlanGZG.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Aidy\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (WsAudio_DeviceS(5) -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV - (WsAudio_DeviceS(4) -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV - (WsAudio_DeviceS(3) -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV - (WsAudio_DeviceS(2) -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV - (WsAudio_DeviceS(1) -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (FPSensor) -- C:\Windows\System32\drivers\FPSensor.sys (Egistec)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NPF_devolo) -- C:\Windows\System32\drivers\npf_devolo.sys (CACE Technologies)
DRV - (FPWinIo) -- C:\Windows\System32\drivers\FPWinIo.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (ZDCNDIS5) -- C:\Windows\System32\ZDCndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul =
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar =
IE - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
IE - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\..\SearchScopes,DefaultScope /d {67A2568C-7A0A-4EED-AECC-B5405DE63B64} /f >Nul 2>Nul =
IE - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\..\SearchScopes\{7E66F910-8804-4061-8673-45DF0A7F1ABE}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\..\SearchScopes\{914191DA-E641-4791-AE86-F790723A1825}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soft-xpansion/npsxpdf: C:\Program Files\Common Files\Freemium\np-sxpdf.dll (soft-Xpansion)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B45418F9-6406-4828-9D1A-35313FB1E2D6}: C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013.05.26 21:07:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.10.17 09:12:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{B45418F9-6406-4828-9D1A-35313FB1E2D6}: C:\ProgramData\Freemium\Free PDF Perfect\Data\fftb [2013.05.26 21:07:58 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - homepage:
CHR - homepage:
CHR - Extension: No name found = C:\Users\Aidy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Aidy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Aidy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.05.31 14:45:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Free PDF Perfect) - {EFC2B9BE-AB2B-47F1-A47D-9EB28E58C917} - C:\Programme\Freemium\Free PDF Perfect\ieagent32.dll (soft Xpansion)
O3 - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Programme\EgisTec\VITAKEY\PdtWzd.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-21-3007815829-2761418887-274972419-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\EgisTec\VITAKEY\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\..Trusted Domains: elsteronline.de ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3007815829-2761418887-274972419-1001\..Trusted Domains: kabelbw.de ([www] https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{228BBEBE-E967-411B-B950-8E7B8C6843A4}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Aidy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Aidy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.01 08:51:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.31 19:14:02 | 000,000,000 | ---D | C] -- C:\Users\Aidy\Desktop\security
[2013.05.31 15:29:55 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.31 15:29:42 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.31 14:48:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.31 14:48:17 | 000,000,000 | ---D | C] -- C:\Users\Aidy\AppData\Local\temp
[2013.05.31 14:31:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.31 14:31:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.31 14:31:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.31 14:31:42 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.05.31 14:26:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.31 14:25:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.30 22:27:37 | 000,000,000 | ---D | C] -- C:\FRST
[2013.05.29 13:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck
[2013.05.29 13:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck
[2013.05.28 20:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb
[2013.05.28 20:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\1und1DesktopIconsInstaller
[2013.05.26 21:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemium
[2013.05.26 21:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\soft Xpansion
[2013.05.26 21:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Freemium
[2013.05.26 21:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemium
[2013.05.26 21:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Freemium
[2013.05.26 21:06:18 | 000,000,000 | ---D | C] -- C:\Users\Aidy\Desktop\freepdf
[2013.05.26 21:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013.05.26 21:01:53 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013.05.16 13:09:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 12:51:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 12:51:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 12:51:37 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 12:51:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.05.16 12:51:33 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 12:51:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.05.16 12:51:30 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.05.15 08:39:07 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.05.15 08:38:53 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.12 15:43:42 | 000,000,000 | ---D | C] -- C:\BIFAB_MM
[2 C:\Users\Aidy\*.tmp files -> C:\Users\Aidy\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.01 10:20:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2013.06.01 10:14:27 | 000,086,174 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.01 10:14:27 | 000,025,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.01 10:14:27 | 000,013,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.01 10:14:27 | 000,007,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.01 10:10:27 | 000,042,464 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.06.01 10:10:18 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.01 10:09:55 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.06.01 10:06:42 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 10:06:42 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.01 10:06:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.01 10:05:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.06.01 09:54:07 | 001,039,769 | ---- | M] () -- C:\Users\Aidy\Desktop\LIFTTEC2_Aufzug_Lift.jpg
[2013.06.01 09:34:11 | 000,021,702 | ---- | M] () -- C:\Users\Aidy\Desktop\rundll.JPG
[2013.06.01 08:59:08 | 000,391,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.31 14:45:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.31 13:33:40 | 000,042,464 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.05.30 22:13:11 | 000,033,792 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2013.05.26 21:35:24 | 000,000,862 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.05.26 21:09:39 | 000,001,947 | ---- | M] () -- C:\Users\Aidy\Desktop\Free PDF Perfect.lnk
[2013.05.26 21:08:02 | 000,010,464 | ---- | M] () -- C:\Windows\System32\sx_p2d.tlb
[2013.05.20 08:12:29 | 000,029,184 | ---- | M] () -- C:\Users\Aidy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.18 21:43:25 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.05.16 20:10:29 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.16 20:10:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.13 05:52:48 | 000,023,624 | ---- | M] () -- C:\Windows\Launcher.exe
[2013.05.05 21:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2 C:\Users\Aidy\*.tmp files -> C:\Users\Aidy\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.01 09:51:18 | 001,039,769 | ---- | C] () -- C:\Users\Aidy\Desktop\LIFTTEC2_Aufzug_Lift.jpg
[2013.06.01 09:34:08 | 000,021,702 | ---- | C] () -- C:\Users\Aidy\Desktop\rundll.JPG
[2013.05.31 14:31:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.31 14:31:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.31 14:31:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.31 14:31:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.31 14:31:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.31 13:33:40 | 000,042,464 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2013.05.26 21:09:39 | 000,001,947 | ---- | C] () -- C:\Users\Aidy\Desktop\Free PDF Perfect.lnk
[2013.05.26 21:08:02 | 000,010,464 | ---- | C] () -- C:\Windows\System32\sx_p2d.tlb
[2013.05.26 21:04:57 | 000,000,862 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.05.26 21:02:51 | 000,023,624 | ---- | C] () -- C:\Windows\Launcher.exe
[2013.05.18 21:43:25 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.09.19 18:18:19 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.09.11 21:18:27 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Falk Navi-Manager classic.msi
[2012.08.30 21:49:33 | 000,000,048 | ---- | C] () -- C:\Users\Aidy\AppData\Local\AIDY-PC.cfg
[2011.12.29 15:59:58 | 000,000,001 | ---- | C] () -- C:\Users\Aidy\.SIG_PINSTATUS_VOREINSTELLUNG
[2011.12.29 15:59:58 | 000,000,001 | ---- | C] () -- C:\Users\Aidy\.SIG_DIALOG_VOREINSTELLUNG
[2011.02.18 13:47:09 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Falk Navi-Manager.msi
[2010.09.27 21:18:19 | 000,000,996 | ---- | C] () -- C:\Users\Aidy\2.sym
[2010.09.25 18:32:23 | 000,001,234 | ---- | C] () -- C:\Users\Aidy\3.sym
[2010.09.25 15:33:55 | 000,011,571 | ---- | C] () -- C:\Users\Aidy\1.sym
[2009.12.30 13:32:37 | 000,001,024 | ---- | C] () -- C:\Users\Aidy\.rnd
[2009.04.08 22:07:23 | 000,027,503 | ---- | C] () -- C:\Users\Aidy\AppData\Roaming\UserTile.png
[2009.02.23 20:43:59 | 000,000,680 | ---- | C] () -- C:\Users\Aidy\AppData\Local\d3d9caps.dat
[2009.02.14 22:13:33 | 000,049,247 | ---- | C] () -- C:\Users\Aidy\AppData\Roaming\mdbu.bin
[2008.12.23 01:07:05 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.10.30 22:55:35 | 000,029,184 | ---- | C] () -- C:\Users\Aidy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.28 06:28:06 | 000,042,464 | ---- | C] () -- C:\ProgramData\nvModes.001
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< %userprofile%\*.ink /600 >

< End of report >
........und falls benötigt, noch die Extras:

Code:
OTL Extras logfile created on: 01.06.2013 10:16:16 - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Aidy\Desktop\security
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,86% Memory free
6,18 Gb Paging File | 5,01 Gb Available in Paging File | 80,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,32 Gb Total Space | 132,08 Gb Free Space | 47,46% Space Free | Partition Type: NTFS
Drive D: | 19,76 Gb Total Space | 15,06 Gb Free Space | 76,23% Space Free | Partition Type: FAT32
 
Computer Name: AIDY-PC | User Name: Aidy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Fotoservice.exe" "%1" ()
Directory [PlayWithVLC] -- C:\Program Files\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Saturn Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Saturn Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FDB3FD-AF99-4880-BF68-6044AB5FE11F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{020C45E6-8A14-43FE-8E5B-18BDD77BBFF8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{04EF0630-8A72-44A6-9A84-8B8359B63562}" = lport=137 | protocol=17 | dir=in | app=system |
"{0800057C-EEC1-4428-A739-CA1E1DCB7892}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0C6E4011-B23B-4631-B972-0EDD3016D34B}" = rport=137 | protocol=17 | dir=out | app=system |
"{2BACB4FB-4F99-46AF-8237-9A557DF085C6}" = lport=445 | protocol=6 | dir=in | app=system |
"{2C92BA7D-67D5-485F-AEBD-92484201EDBF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4DDDEEB7-3CB0-4233-8C64-C62DE24D4BC6}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver |
"{52F214C3-05E2-4E97-B19B-04349AA2D9A9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{534E2B8B-47BA-43DD-ADC8-2DFBD57FC9BA}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{6A6FCA28-6BBE-4C78-80B7-E30B49F323A7}" = rport=138 | protocol=17 | dir=out | app=system |
"{6C5877DD-112C-4853-8F34-9F51EE96EA39}" = rport=139 | protocol=6 | dir=out | app=system |
"{7019014C-8CDA-436B-8924-A45EF93D3B25}" = lport=138 | protocol=17 | dir=in | app=system |
"{8DCDF223-DF6C-40CE-B98F-A6C623F660AA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8FC45708-A7FE-4392-894A-FF9A97E8E497}" = rport=445 | protocol=6 | dir=out | app=system |
"{964862EE-5F5E-427C-90B2-4F9FA07337EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A1822F71-1510-4AA8-AD88-4B8F657E9B61}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A61CA599-20F2-4D52-88AF-5FE27DB6E974}" = lport=139 | protocol=6 | dir=in | app=system |
"{A8EBB4FD-BF5E-49AC-BB9F-AE81E02C0991}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver |
"{B0663DA3-55D3-4248-8DE7-608E799416ED}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{B100512D-7F34-47BB-8F62-61282C1D5F16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BF06A31D-5D06-421E-912F-0D590C595B1E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BF706BC5-9499-4725-A9D4-84ACFEAB3833}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D1FB60F4-AB6A-4A01-A74C-9D2D636982A4}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DD454A1-D94D-4BE5-B6C2-8BD335FC86FC}" = protocol=17 | dir=in | app=c:\users\aidy\appdata\roaming\dropbox\bin\dropbox.exe |
"{2D154B45-DCAB-473E-BA75-4BD63663C7BD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{38E64B9A-FEA1-4827-9034-F864C12FE89A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{3FDBE423-8712-4DC3-866E-D67CC36CB7A4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4051F486-1EC0-4237-AF1B-646EA61E453F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{471739D8-E1AD-46E6-BC2B-A44CC7863DF3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5AE16606-4596-4649-9FE3-8B2E1BC5BB0F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{69CA9712-023A-4762-AD38-768475B69666}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{70D0A20D-ABE8-49FC-A865-F39920462815}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{7F12D708-E9D3-44CB-A2F3-F205FECD04D4}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{8ADE1889-B592-4A09-BB41-3D3016179AEC}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{96B6DA03-64F3-4026-BBC5-05DCBC9F7092}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A84DCDAE-1523-412C-82A4-9AAC2B88E7A3}" = dir=in | app=c:\program files\hometab\tbupdater.dll |
"{B3F03309-F11B-4E8E-A4B2-2B95DA1C0CC7}" = dir=out | app=c:\program files\hometab\tbupdater.dll |
"{B577ED98-8841-4508-9CA1-A382F241BB34}" = protocol=6 | dir=in | app=c:\users\aidy\appdata\roaming\dropbox\bin\dropbox.exe |
"{BE758E6A-F30C-4252-B895-C02BE704C61D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C9BA320A-9B0D-46D6-B61D-57EAEF8EB00A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CC0CED3B-3F03-436D-BFA9-04CA81ED960B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CFBDF621-2C22-45F8-81DF-C9DB0EE8CFD6}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{D56F3A26-2D4F-4E5C-9280-B250D2FD91E8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D8FB8F8D-8F98-43A6-B850-E2A6A4E0B283}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{DE43EBB1-D1BB-4BA7-B7EB-26FC7959079D}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{FF5A375F-53C6-40AF-8B56-7B6C2ADAB985}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{44FD4A20-2BD6-4E36-AD74-E19447714020}C:\medusa4_personal_v4_0\medcolraster\m2d\run\draft.exe" = protocol=6 | dir=in | app=c:\medusa4_personal_v4_0\medcolraster\m2d\run\draft.exe |
"TCP Query User{552C4610-4933-44E8-98B6-32FC3403C7DD}C:\users\aidy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\aidy\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{A97653B0-4E5A-49A0-B4EB-F3F3222E0B6B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B496357E-0D1A-4F85-B2C4-F0201512FF34}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{D35F4179-DDFB-4BA1-AE0D-B212AD8D49FA}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{F937324C-0801-4C93-8FB4-5CCDBDAE6DE9}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"TCP Query User{F98E67D4-45C1-4F89-B8BF-49758B35D22B}C:\medusa4_personal_v4_0\medsys\med\java\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\medusa4_personal_v4_0\medsys\med\java\jre\bin\java.exe |
"UDP Query User{076A6AF3-711A-4626-B1E3-84B25C2214CD}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{13318B47-1F39-4A42-A8F8-CCC90C95AFE8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{27E985F6-1A06-4AA6-81BD-DD34FC938555}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{48CEE6E0-2973-474D-AF74-AECAB787F048}C:\medusa4_personal_v4_0\medsys\med\java\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\medusa4_personal_v4_0\medsys\med\java\jre\bin\java.exe |
"UDP Query User{629E01C0-9D53-4928-AF29-209765B9D675}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{A9AFD32E-8432-4894-8183-533418CC2953}C:\medusa4_personal_v4_0\medcolraster\m2d\run\draft.exe" = protocol=17 | dir=in | app=c:\medusa4_personal_v4_0\medcolraster\m2d\run\draft.exe |
"UDP Query User{B55B63B5-AAE6-4B5C-A062-93FA3C33E8DA}C:\users\aidy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\aidy\appdata\roaming\dropbox\bin\dropbox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0590BB91-B280-4BAB-95D7-D6558117D27C}" = SA304x Device Manager
"{0E806605-5B82-4A4F-BC31-AA4FADA03C42}" = t@x 2012
"{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}" = SA304x Media Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2899C5-8938-4232-98CC-7A075ECB3172}" = t@x 2010 Standard
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3222B0CE-59C5-4CA0-B545-2B88F200756B}" = Falk Navi-Manager
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Foxlink Webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A9135AC-592E-4767-B029-ADCAC182CCFA}" = Falk Navi-Manager classic
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64a0a565-da88-4664-9c17-dbf1b23642fe}" = Free Pdf Perfect Prereq
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker 3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{88265079-D6F4-4292-86BE-D2053E80BFE4}" = Freemium Free PDF Perfect
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = VITAKEY
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.5 - Deutsch
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B0414A3B-3AE3-47B8-8FC0-2129781FF425}" = t@x 2011
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B72CF634-2F89-478A-86E7-96F80CDAF284}" = SA304x Media Converter
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 7.0
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BFF2D920-80F2-46E9-8246-79A20BB9D8B2}" = Crazy Machines - Neues aus dem Labor
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DEA26700-69D8-4EE1-AD8A-609BD28965E6}" = Falk Navi-Manager
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E96FF910-1BC9-4EE5-BC12-0A30D4E20F37}" = NWZ-E440 WALKMAN Guide
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F37360B3-A429-46BA-AC9F-418152C462A6}" = tax 2013 Freibetrag
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEA017A3-E8DC-4208-9FA9-76EA95DAE1D7}" = Falk Navi-Manager classic
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE MailCheck für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira Free Antivirus
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dm-Fotowelt" = dm-Fotowelt
"dslmon" = devolo Informer
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Fotoservice" = Fotoservice
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{9428A68A-9B43-473D-9771-FDA1D15B4C0D}" = VITAKEY
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"IrfanView" = IrfanView (remove only)
"LetsTrade" = LetsTrade Komponenten
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX Video deluxe SE D" = MAGIX Video deluxe SE 6.5.4.2 (D)
"MEDUSA4_PERSONAL_V4_0_0" = MEDUSA4 PERSONAL V4.0.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"NVIDIA Drivers" = NVIDIA Drivers
"Personal Backup 5_is1" = Personal Backup 5.3
"RasterVect Free Edition_is1" = RasterVect Free Edition
"Ravensburger tiptoi" = Ravensburger tiptoi
"Saturn Fotoservice" = Saturn Fotoservice
"SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008)
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 0.9.8a
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"X10Hardware" = Remote Wonder Series Driver and Control Panel
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3007815829-2761418887-274972419-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{40030378-9EB9-482A-AC10-195097CA624D}" = t@x 2009 Standard
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >
Was sagt der Fachmann? :daumenhoc

Alex

schrauber 01.06.2013 09:58
Alles gut :)

die Meldung beim Start kommt noch? Wenn ja ist dass das einzige was noch zu machen ist.

AlexisCorner 01.06.2013 10:08
Hi Schrauber,

das ist ja mal n' :applaus: wert und auch eine Spende :abklatsch:

Die Meldung beim Start kommt noch, wenn das weiter keine Probleme macht, kann ich damit leben.....

Grüße
Alex

schrauber 01.06.2013 10:11
Nee die will ich noch weg haben :)

Code:
%userprofile%\Start Menu\Programs\Startup /s
Das bitte in OTL Box reinpacken und, dann oben auf None klicken, dann auf Scan.

AlexisCorner 01.06.2013 10:35
Liste der Anhänge anzeigen (Anzahl: 1)
...........ist noch da..........

Passt die Einstellung?
Anhang 55639

Alex

schrauber 01.06.2013 11:44
jetzt noch oben auf den button "Nichts" klicken und dann auf "Scan" :)

AlexisCorner 01.06.2013 17:49
........will immer noch nicht, mich stört es langsam aber auch nicht mehr:)

Hier noch zur Info das file:

Code:
OTL logfile created on: 01.06.2013 18:08:27 - Run 8
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Aidy\Desktop\security
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 55,01% Memory free
6,19 Gb Paging File | 4,51 Gb Available in Paging File | 72,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,32 Gb Total Space | 131,76 Gb Free Space | 47,34% Space Free | Partition Type: NTFS
Drive D: | 19,76 Gb Total Space | 15,06 Gb Free Space | 76,23% Space Free | Partition Type: FAT32
 
Computer Name: AIDY-PC | User Name: Aidy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Custom Scans ==========
 
< %userprofile%\Start Menu\Programs\Startup /s >

< End of report >
Grüße
Alex

schrauber 01.06.2013 18:09
Code:
%userprofile%\Start Menu\Programs\Startup /s
%ALLUSERSPROFILE%\Start Menu\Programs\Startup /s
%LOCALAPPDATA%\Start Menu\Programs\Startup  /s
Das bitte in OTL Box reinpacken und, dann oben auf Nichts klicken, Scanne Alle Benutzer anhaken, dann auf Scan.

AlexisCorner 02.06.2013 08:06
Moin Schrauber,

ist immer noch da, aber ich kann damit leben............nur du nicht, so sagt mir mein Gefühl:zunge:

Code:
OTL logfile created on: 02.06.2013 08:30:09 - Run 10
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Aidy\Desktop\security
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,42% Memory free
6,18 Gb Paging File | 4,98 Gb Available in Paging File | 80,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,32 Gb Total Space | 131,32 Gb Free Space | 47,18% Space Free | Partition Type: NTFS
Drive D: | 19,76 Gb Total Space | 15,06 Gb Free Space | 76,23% Space Free | Partition Type: FAT32
 
Computer Name: AIDY-PC | User Name: Aidy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Custom Scans ==========
 
< %userprofile%\Start Menu\Programs\Startup /s >
 
< %ALLUSERSPROFILE%\Start Menu\Programs\Startup /s >
 
< %LOCALAPPDATA%\Start Menu\Programs\Startup  /s >

< End of report

Rechner läuft tipptopp, ist auch deutlich schneller geworden............:daumenhoc

Gruß
Alex

schrauber 02.06.2013 08:09
Zitat:
ist immer noch da, aber ich kann damit leben............nur du nicht, so sagt mir mein Gefühl
Hehe ein Hellseher :D

Scan mit SystemLook

Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    :filefind
    *HomeTab*
    :folderfind
    *HomeTab*
    :regfind
    HomeTab
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

AlexisCorner 02.06.2013 18:49
Das nenn' ich mal schrauberehrgeiz :daumenhoc

Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 19:16 on 02/06/2013 by Aidy
Administrator - Elevation successful

========== filefind ==========

Searching for "*HomeTab*"
C:\ProgramData\Spybot - Search & Destroy\Quarantine\SimplyTech.HomeTab-0000.zip        --a---- 3333554 bytes        [20:57 30/05/2013]        [20:57 30/05/2013] E5858C7BCD8A9F4ABDE70D40444A759C
C:\ProgramData\Spybot - Search & Destroy\Quarantine\SimplyTech.HomeTab-0001.zip        --a---- 2295 bytes        [06:58 31/05/2013]        [06:58 31/05/2013] CB095780477FF96E80F59E0C1486FF7E
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\SimplyTech.HomeTab-0000.zip        --a---- 3333554 bytes        [20:57 30/05/2013]        [20:57 30/05/2013] E5858C7BCD8A9F4ABDE70D40444A759C
C:\Users\All Users\Spybot - Search & Destroy\Quarantine\SimplyTech.HomeTab-0001.zip        --a---- 2295 bytes        [06:58 31/05/2013]        [06:58 31/05/2013] CB095780477FF96E80F59E0C1486FF7E

========== folderfind ==========

Searching for "*HomeTab*"
C:\Users\Aidy\AppData\LocalLow\HomeTab        d------        [19:03 26/05/2013]

========== regfind ==========

Searching for "HomeTab"
[HKEY_CURRENT_USER\Software\HomeTab]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A84DCDAE-1523-412C-82A4-9AAC2B88E7A3}"="v2.0|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\HomeTab\TBUpdater.dll|Name=Browser Updater|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B3F03309-F11B-4E8E-A4B2-2B95DA1C0CC7}"="v2.0|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files\HomeTab\TBUpdater.dll|Name=Browser Updater|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A84DCDAE-1523-412C-82A4-9AAC2B88E7A3}"="v2.0|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\HomeTab\TBUpdater.dll|Name=Browser Updater|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B3F03309-F11B-4E8E-A4B2-2B95DA1C0CC7}"="v2.0|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files\HomeTab\TBUpdater.dll|Name=Browser Updater|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A84DCDAE-1523-412C-82A4-9AAC2B88E7A3}"="v2.0|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\HomeTab\TBUpdater.dll|Name=Browser Updater|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B3F03309-F11B-4E8E-A4B2-2B95DA1C0CC7}"="v2.0|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files\HomeTab\TBUpdater.dll|Name=Browser Updater|Edge=FALSE|"
[HKEY_USERS\S-1-5-21-3007815829-2761418887-274972419-1001\Software\HomeTab]

-= EOF =-
Gruß
Alex

schrauber 02.06.2013 20:00

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:files
C:\Users\Aidy\AppData\LocalLow\HomeTab
:reg
[-HKEY_CURRENT_USER\Software\HomeTab]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A84DCDAE-1523-412C-82A4-9AAC2B88E7A3}"=-
"{B3F03309-F11B-4E8E-A4B2-2B95DA1C0CC7}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A84DCDAE-1523-412C-82A4-9AAC2B88E7A3}"=-
"{B3F03309-F11B-4E8E-A4B2-2B95DA1C0CC7}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A84DCDAE-1523-412C-82A4-9AAC2B88E7A3}"=-
"{B3F03309-F11B-4E8E-A4B2-2B95DA1C0CC7}"=-
[-HKEY_USERS\S-1-5-21-3007815829-2761418887-274972419-1001\Software\HomeTab]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

AlexisCorner 03.06.2013 20:29
Hello again,

attached the log-file:

Code:
========== FILES ==========
C:\Users\Aidy\AppData\LocalLow\HomeTab folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\HomeTab\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A84DCDAE-1523-412C-82A4-9AAC2B88E7A3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A84DCDAE-1523-412C-82A4-9AAC2B88E7A3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B3F03309-F11B-4E8E-A4B2-2B95DA1C0CC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3F03309-F11B-4E8E-A4B2-2B95DA1C0CC7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A84DCDAE-1523-412C-82A4-9AAC2B88E7A3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A84DCDAE-1523-412C-82A4-9AAC2B88E7A3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B3F03309-F11B-4E8E-A4B2-2B95DA1C0CC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3F03309-F11B-4E8E-A4B2-2B95DA1C0CC7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A84DCDAE-1523-412C-82A4-9AAC2B88E7A3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A84DCDAE-1523-412C-82A4-9AAC2B88E7A3}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B3F03309-F11B-4E8E-A4B2-2B95DA1C0CC7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3F03309-F11B-4E8E-A4B2-2B95DA1C0CC7}\ not found.
Registry key HKEY_USERS\S-1-5-21-3007815829-2761418887-274972419-1001\Software\HomeTab\ not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 06032013_211436
ALex

schrauber 03.06.2013 20:43
Und jetzt sagst Du mir bestimmt dass die Meldung weg ist, sonst spring ich nämlich im Dreieck :D


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:26 Uhr.
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129