Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner Win32/ransom.ej + Auswertungen

Trojaner Win32/ransom.ej + Auswertungen


Log-Analyse und Auswertung: Trojaner Win32/ransom.ej + Auswertungen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 04.02.2012, 16:05   #1
Faceried
 
Trojaner Win32/ransom.ej + Auswertungen - Standard

Trojaner Win32/ransom.ej + Auswertungen


Ich habe irgendwie seit heute morgen den Trojaner Win32/ransom.ej.
Wie es dazu kam? Ich weiß es nicht...war nur auf Facebook unterwegs und hab nen Club aus der Umgebung geliked. Da meldete sich dann sofort Microsoft Security Essentials.

Microsoft Security Essentials hat den Trojaner zwar sofort gelöscht und bis jetzt ist nichts aufgetreten aber wollte trotzdem ne Nummer sicher gehn.

Ich benutze Firefox vor ner Woche wollte ich auf Chrome umsteigen aber hatte Probleme mit den Youtube Tabs, sodass ich nun wieder Firefox benutze.

Ich hab die Schritte abgearbeitet und nun folgenden die Logs:
(Hab es nach der Liste gemacht die Kira hier gepostet hat:
http://www.trojaner-board.de/108317-...ransom-ej.html )

1.
Lade Dir Malwarebytes Anti-Malware (hab nen kompletten Scan gemacht)

CHECK:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.04.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ersin :: ERSIN-PC [Administrator]

04.02.2012 13:49:48
mbam-log-2012-02-04 (13-49-48).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 388791
Laufzeit: 1 Stunde(n), 22 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
2.
Sinnlose Toolbars gelöscht
Hatte eh keine.


3.
Fixen mit OTL

Code:
ATTFilter
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Programme\Winload\prxtbWin2.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll not found.
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680812&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: finder@meingutscheincode.de:3.0.3 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "hxxp://search.babylon.com/?babsrc=toolbar2&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
Folder C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\3gla13mi.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
Folder C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\3gla13mi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\ not found.
Folder C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\3gla13mi.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Folder C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\3gla13mi.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Folder C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\3gla13mi.default\extensions\battlefieldheroespatcher@ea.com\ not found.
Folder C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\3gla13mi.default\extensions\DTToolbar@toolbarnet.com\ not found.
Folder C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\3gla13mi.default\extensions\engine@conduit.com\ not found.
Folder C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\3gla13mi.default\extensions\finder@meingutscheincode.de\ not found.
File C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\3gla13mi.default\searchplugins\conduit.xml not found.
File C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\3gla13mi.default\searchplugins\daemon-search.xml not found.
File C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\3gla13mi.default\searchplugins\sweetim.xml not found.
File C:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\3gla13mi.default\searchplugins\youtube.xml not found.
File C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml not found.
File C:\Programme\mozilla firefox\searchplugins\eBay-de.xml not found.
File C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml not found.
File C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml not found.
File C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml not found.
File C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll not found.
File C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll not found.
File C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll not found.
File C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll not found.
File C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll not found.
File C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll not found.
File C:\Programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Programme\Winload\prxtbWin2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
File C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
File C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\ not found.
File C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Programme\Winload\prxtbWin2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
File C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BFB5F154-9212-46F3-B547-AC6106030A54} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
File To-Page\EPSON Web-To-Page.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
File C:\Programme\Winload\prxtbWin2.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVD2.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BFB5F154-9212-46F3-B547-AC6106030A54} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
File To-Page\EPSON Web-To-Page.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft® Windows Update not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MicrosoftWindowsUpdate not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6093497a-0b5a-11de-91d0-0001e3decf01}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6093497a-0b5a-11de-91d0-0001e3decf01}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6093497a-0b5a-11de-91d0-0001e3decf01}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6093497a-0b5a-11de-91d0-0001e3decf01}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6093497a-0b5a-11de-91d0-0001e3decf01}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6093497a-0b5a-11de-91d0-0001e3decf01}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93a8265d-cc86-11dd-bbda-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93a8265d-cc86-11dd-bbda-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93a8265d-cc86-11dd-bbda-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93a8265d-cc86-11dd-bbda-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93a8265d-cc86-11dd-bbda-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93a8265d-cc86-11dd-bbda-806d6172696f}\ not found.
File D:\SETUP.EXE not found.
File C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job not found.
File C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Ersin
->Temp folder emptied: 57251950 bytes
->Temporary Internet Files folder emptied: 338061245 bytes
->Java cache emptied: 10062 bytes
->FireFox cache emptied: 735074891 bytes
->Google Chrome cache emptied: 350951906 bytes
->Flash cache emptied: 881055 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1708152 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 731814 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 1512868093 bytes
 
Total Files Cleaned = 2.859,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 02042012_151943

Files\Folders moved on Reboot...
C:\Users\Ersin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ersin\AppData\Local\Mozilla\Firefox\Profiles\dzjl0h2c.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Ersin\AppData\Local\Mozilla\Firefox\Profiles\dzjl0h2c.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Ersin\AppData\Local\Mozilla\Firefox\Profiles\dzjl0h2c.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Ersin\AppData\Local\Mozilla\Firefox\Profiles\dzjl0h2c.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Ersin\AppData\Local\Mozilla\Firefox\Profiles\dzjl0h2c.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...

4.
CCleaner



Code:
ATTFilter
7-Zip 9.20		09.05.2011		
Adobe AIR	Adobe Systems Inc.	23.07.2011		2.0.2.12610
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	11.11.2010	6,00MB	10.1.102.64
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	10.12.2011	6,00MB	11.1.102.55
Adobe Reader 9.4.1 - Deutsch	Adobe Systems Incorporated	21.11.2010	246MB	9.4.1
Apple Application Support	Apple Inc.	11.11.2011	61,2MB	2.1.5
Apple Software Update	Apple Inc.	11.11.2011	2,38MB	2.1.3.127
Auslogics Disk Defrag	Auslogics Software Pty Ltd	15.07.2011	9,41MB	version 3.2
Battlefield Heroes	EA Digital illusions	30.11.2011		
CamStudio		18.01.2011		
CamStudio Lossless Codec		18.03.2011		
CCleaner	Piriform	03.02.2012		3.15
CDBurnerXP	CDBurnerXP	25.08.2011	12,0MB	4.3.8.2631
DivX-Setup	DivX, LLC	25.02.2011		2.4.0.6
Dropbox	Dropbox, Inc.	31.01.2012		1.2.51
Easy Display Manager	Samsung Electronics Co., Ltd.	01.10.2010		3.0
Easy Network Manager	Samsung	01.10.2010	19,1MB	4.2.4
FileZilla Client 3.3.5.1		08.01.2011		3.3.5.1
Free Audio CD Burner version 1.4.7	DVDVideoSoft Limited.	09.04.2011	10,7MB	
Free YouTube to MP3 Converter version 3.10.5.722	DVDVideoSoft Limited.	27.07.2011	44,8MB	
GlassFish Server Open Source Edition 3.1		30.08.2011		
Google Chrome	Google Inc.	30.10.2011		16.0.912.77
ICQ7.5	ICQ	11.06.2011		7.5
Java(TM) 6 Update 23 (64-bit)	Oracle	22.12.2010	90,9MB	6.0.230
Java(TM) 7	Oracle	31.08.2011	98,9MB	7.0.0
Java(TM) SE Development Kit 6 Update 23	Oracle	22.12.2010	128,3MB	1.6.0.230
Java(TM) SE Development Kit 6 Update 23 (64-bit)	Oracle	22.12.2010	146,3MB	1.6.0.230
Java(TM) SE Development Kit 7	Oracle	31.08.2011	116,8MB	1.7.0.0
JDownloader 0.9	AppWork GmbH	25.11.2011		0.9
K-Lite Codec Pack 6.8.0 (Full)		20.01.2011	48,8MB	6.8.0
Malwarebytes Anti-Malware Version 1.60.1.1000	Malwarebytes Corporation	03.02.2012	17,4MB	1.60.1.1000
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	10.10.2010	38,8MB	4.0.30319
Microsoft IntelliPoint 8.0	Microsoft	18.12.2010	38,0MB	8.0.225.0
Microsoft Office Ultimate 2007	Microsoft Corporation	16.10.2010		12.0.6425.1000
Microsoft Security Essentials	Microsoft Corporation	18.08.2011		2.1.1116.0
Microsoft Silverlight	Microsoft Corporation	15.01.2012	140,1MB	4.0.60831.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	18.08.2011	1,70MB	3.1.0000
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	17.01.2012	0,33MB	8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	04.10.2010	0,20MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	05.05.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	12.09.2011	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	02.10.2010	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	17.01.2012	0,22MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,59MB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	15.01.2012	13,8MB	10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	15.01.2012	15,0MB	10.0.40219
Mozilla Firefox 10.0 (x86 de)	Mozilla	02.02.2012	37,3MB	10.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	23.02.2011	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	23.02.2011	1,33MB	4.20.9876.0
Nero Backup Drivers	Nero AG	17.01.2012	94,00KB	1.0.11100.8.0
NetBeans IDE 7.0	NetBeans.org	30.08.2011		7.0
NetBeans IDE 7.0.1	NetBeans.org	31.08.2011		7.0.1
Nokia Connectivity Cable Driver	Nokia	28.04.2011	3,85MB	7.1.36.0
Nokia PC Suite	Nokia	28.04.2011		7.1.60.0
Notepad++		08.01.2011		5.8.6
PC Connectivity Solution	Nokia	28.04.2011	19,8MB	10.50.2.0
PunkBuster Services	Even Balance, Inc.	30.11.2011		0.990
QuickTime	Apple Inc.	11.11.2011	73,3MB	7.71.80.42
SecureW2 Personal Client - Distribution Edition 2.0.7 for Windows		15.11.2011		
Skype™ 5.5	Skype Technologies S.A.	01.10.2011	19,1MB	5.5.119
Snagit 10	TechSmith Corporation	18.01.2011	68,7MB	10.0.0
Spybot - Search & Destroy	Safer Networking Limited	24.10.2011		1.6.2
Synaptics Pointing Device Driver	Synaptics Incorporated	01.10.2010		14.0.10.0
TeamSpeak 3 Client	TeamSpeak Systems GmbH	18.09.2011		
TeamViewer 6	TeamViewer GmbH	08.07.2011		6.0.10722
Uninstall 1.0.0.1		09.04.2011	10,9MB	
VLC media player 1.1.4	VideoLAN	21.10.2010		1.1.4
Windows Live Essentials	Microsoft Corporation	19.08.2011		15.4.3538.0513
Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.8)	Nokia	28.04.2011		06/09/2010 7.01.0.8
Windows-Treiberpaket - Nokia Modem  (10/07/2010 4.6)	Nokia	28.04.2011		10/07/2010 4.6
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)	Nokia	28.04.2011		08/22/2008 7.0.0.0
WinHTTrack Website Copier 3.44-1	HTTrack	16.04.2011		3.44.1
WinRAR		01.10.2010


5.
erneut einen Scan mit OTL:


Code:
ATTFilter
OTL logfile created on: 04.02.2012 15:37:05 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Ersin\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 66,12% Memory free
7,93 Gb Paging File | 6,52 Gb Available in Paging File | 82,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,09 Gb Total Space | 28,16 Gb Free Space | 28,42% Space Free | Partition Type: NTFS
Drive D: | 186,00 Gb Total Space | 162,71 Gb Free Space | 87,48% Space Free | Partition Type: NTFS
 
Computer Name: ERSIN-PC | User Name: Ersin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.04 15:16:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ersin\Downloads\OTL.exe
PRC - [2012.02.03 12:20:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.01.18 19:54:06 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ersin\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.12.01 18:35:25 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.08.01 09:28:16 | 000,124,480 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.5\ICQ.exe
PRC - [2009.09.12 20:26:50 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.03 12:20:51 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.12.11 12:58:22 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.01.13 09:00:00 | 003,668,992 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2006.08.12 11:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.04.27 15:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 15:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.12.01 18:35:25 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.06.19 18:56:16 | 004,122,968 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.12.08 13:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011.12.01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011.08.05 10:03:48 | 002,768,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.04.27 13:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.22 20:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010.07.21 16:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2009.10.09 18:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.28 14:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2008.08.28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="
FF - prefs.js..network.proxy.backup.ftp: "wwwproxy.fh-kiel.de"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "wwwproxy.fh-kiel.de"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "wwwproxy.fh-kiel.de"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "wwwproxy.fh-kiel.de"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "wwwproxy.fh-kiel.de"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "wwwproxy.fh-kiel.de"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "wwwproxy.fh-kiel.de"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ersin\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ersin\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.09.11 00:51:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.09.11 00:51:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.04.29 18:44:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.03 12:20:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.12 13:41:51 | 000,000,000 | ---D | M]
 
[2010.10.02 13:05:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ersin\AppData\Roaming\mozilla\Extensions
[2012.01.16 13:13:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ersin\AppData\Roaming\mozilla\Firefox\Profiles\dzjl0h2c.default\extensions
[2010.10.30 23:59:22 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ersin\AppData\Roaming\mozilla\Firefox\Profiles\dzjl0h2c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.25 12:28:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ersin\AppData\Roaming\mozilla\Firefox\Profiles\dzjl0h2c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.12.01 18:28:17 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Ersin\AppData\Roaming\mozilla\Firefox\Profiles\dzjl0h2c.default\extensions\battlefieldheroespatcher@ea.com
[2011.09.27 13:21:20 | 000,000,931 | ---- | M] () -- C:\Users\Ersin\AppData\Roaming\Mozilla\Firefox\Profiles\dzjl0h2c.default\searchplugins\conduit.xml
[2012.01.28 13:11:35 | 000,001,056 | ---- | M] () -- C:\Users\Ersin\AppData\Roaming\Mozilla\Firefox\Profiles\dzjl0h2c.default\searchplugins\icqplugin.xml
[2012.01.25 17:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\ERSIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DZJL0H2C.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.XPI
[2012.02.03 12:20:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.01 15:18:31 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ersin\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ersin\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ersin\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Java(TM) Platform SE 7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ersin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Ersin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\Ersin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Mail = C:\Users\Ersin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - Startup: C:\Users\Ersin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ersin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58C11708-515F-473F-B027-E6288ECBEDF6}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.14 19:25:57 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.04 15:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.02.04 15:19:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.25 22:16:25 | 000,000,000 | ---D | C] -- C:\Users\Ersin\Desktop\Leicester
[2012.01.18 22:17:01 | 000,015,920 | ---- | C] (Nero AG) -- C:\Windows\SysNative\drivers\NBVolUp.sys
[2012.01.18 22:16:49 | 000,072,240 | ---- | C] (Nero AG) -- C:\Windows\SysNative\drivers\NBVol.sys
[2012.01.18 22:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012.01.16 16:22:41 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012.01.16 16:22:25 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.01.16 16:22:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.01.16 16:22:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.01.16 16:22:24 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.01.16 16:22:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.01.16 16:22:23 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.01.16 16:22:23 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.01.16 16:22:20 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012.01.16 16:22:20 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012.01.16 16:21:34 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012.01.16 16:21:33 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012.01.16 16:21:33 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012.01.16 16:21:33 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012.01.16 16:21:30 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.01.16 16:21:30 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.01.16 16:21:30 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.01.16 16:21:29 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.01.16 16:21:27 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.01.16 16:21:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.01.16 16:21:18 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012.01.16 16:21:18 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012.01.16 16:20:59 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.16 16:16:22 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.01.16 16:16:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012.01.09 17:16:47 | 000,000,000 | ---D | C] -- C:\Users\Ersin\Desktop\SMM Hausarbeit
[2012.01.09 13:06:23 | 000,000,000 | ---D | C] -- C:\Users\Ersin\AppData\Roaming\TeamViewer
[1 C:\Users\Ersin\Documents\*.tmp files -> C:\Users\Ersin\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.04 15:37:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-403835693-2988452433-2933104344-1000UA.job
[2012.02.04 15:33:49 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.04 15:33:49 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.04 15:31:56 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.04 15:25:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.04 15:25:31 | 3193,393,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.03 23:58:05 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-403835693-2988452433-2933104344-1000Core.job
[2012.02.02 20:31:54 | 000,077,861 | ---- | M] () -- C:\Users\Ersin\Desktop\CV and LOM Ersin Eromay.pdf
[2012.02.01 17:35:13 | 000,001,017 | ---- | M] () -- C:\Users\Ersin\Desktop\Dropbox.lnk
[2012.02.01 17:35:13 | 000,000,997 | ---- | M] () -- C:\Users\Ersin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.01.30 23:18:50 | 001,492,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.30 23:18:50 | 000,650,804 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.30 23:18:50 | 000,613,432 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.30 23:18:50 | 000,129,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.30 23:18:50 | 000,106,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.26 12:32:13 | 000,002,397 | ---- | M] () -- C:\Users\Ersin\Desktop\Google Chrome.lnk
[2012.01.25 17:38:54 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.25 17:04:33 | 000,010,864 | ---- | M] () -- C:\Users\Ersin\AppData\Roaming\89c122e9
[2012.01.25 17:04:33 | 000,010,800 | ---- | M] () -- C:\ProgramData\22cd857d
[2012.01.25 17:04:33 | 000,010,772 | ---- | M] () -- C:\Users\Ersin\AppData\Local\121045d3
[2012.01.17 18:19:19 | 000,431,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.16 23:46:29 | 000,041,944 | ---- | M] () -- C:\Users\Ersin\Desktop\daily_picdump_842_640_32.jpg
[2012.01.15 03:00:00 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\FrontLine Registry Cleaner Scheduled Scan - Ersin.job
[1 C:\Users\Ersin\Documents\*.tmp files -> C:\Users\Ersin\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.04 15:31:56 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.02 20:31:53 | 000,077,861 | ---- | C] () -- C:\Users\Ersin\Desktop\CV and LOM Ersin Eromay.pdf
[2012.01.25 17:38:54 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.25 16:45:46 | 000,010,864 | ---- | C] () -- C:\Users\Ersin\AppData\Roaming\89c122e9
[2012.01.25 16:45:46 | 000,010,800 | ---- | C] () -- C:\ProgramData\22cd857d
[2012.01.25 16:45:46 | 000,010,772 | ---- | C] () -- C:\Users\Ersin\AppData\Local\121045d3
[2012.01.16 23:46:28 | 000,041,944 | ---- | C] () -- C:\Users\Ersin\Desktop\daily_picdump_842_640_32.jpg
[2011.12.01 18:35:27 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.01 18:35:25 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.08.19 11:39:51 | 000,016,276 | -HS- | C] () -- C:\ProgramData\pw73h786j5atpctpsy7r4wes4n372d88oa8d7
[2011.08.19 11:39:51 | 000,016,268 | -HS- | C] () -- C:\Users\Ersin\AppData\Local\pw73h786j5atpctpsy7r4wes4n372d88oa8d7
[2011.08.19 11:39:43 | 000,000,000 | ---- | C] () -- C:\Users\Ersin\AppData\Roaming\8506165.exe
[2011.08.19 11:39:43 | 000,000,000 | ---- | C] () -- C:\Users\Ersin\AppData\Roaming\6844483.exe
[2011.08.19 11:39:43 | 000,000,000 | ---- | C] () -- C:\Users\Ersin\AppData\Roaming\366727.exe
[2011.08.19 11:39:43 | 000,000,000 | ---- | C] () -- C:\Users\Ersin\AppData\Roaming\2337032.exe
[2011.05.09 16:42:40 | 000,010,240 | ---- | C] () -- C:\Users\Ersin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.16 19:41:23 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011.01.26 15:21:30 | 001,514,526 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.21 00:09:56 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.01.21 00:09:55 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.01.21 00:09:51 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.01.21 00:09:50 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.01.21 00:09:50 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.10.19 13:21:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2010.10.15 15:01:40 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.10.15 15:01:40 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7010.DAT
[2010.10.02 12:16:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.07.16 14:39:11 | 000,000,000 | ---D | M] -- C:\Users\Ersin\AppData\Roaming\Auslogics
[2011.08.25 23:21:33 | 000,000,000 | ---D | M] -- C:\Users\Ersin\AppData\Roaming\Canneverbe Limited
[2011.07.24 18:36:19 | 000,000,000 | ---D | M] -- C:\Users\Ersin\AppData\Roaming\com.bigfatsimulations.airportmadness3.3A85083A650345D1ADAB4572C5816AD2DC9802A3.1
[2012.02.04 15:26:41 | 000,000,000 | ---D | M] -- C:\Users\Ersin\AppData\Roaming\Dropbox
[2011.07.28 10:45:56 | 000,000,000 | ---D | M] -- C:\Users\Ersin\AppData\Roaming\DVDVideoSoft
[2011.04.10 11:36:49 | 000,000,000 | ---D | M] -- C:\Users\Ersin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.17 20:43:26 | 000,000,000 | ---D | M] -- C:\Users\Ersin\AppData\Roaming\FileZilla
[2012.02.04 15:28:03 | 000,000,000 | ---D | M] -- C:\Users\Ersin\AppData\Roaming\ICQ
[2010.12.11 17:07:00 | 000,000,000 | ---D | M] -- C:\Users\Ersin\AppData\Roaming\Nokia
[2011.09.11 00:52:00 | 000,000,000 | ---D | M] -- C:\Users\Ersin\AppData\Roaming\Notepad++
[2010.12.11 16:39:33 | 000,000,000 | ---D | M] -- C:\Users\Ersin\AppData\Roaming\PC Suite
[2012.01.09 15:46:53 | 000,000,000 | ---D | M] -- C:\Users\Ersin\AppData\Roaming\TeamViewer
[2011.12.09 21:31:35 | 000,000,000 | ---D | M] -- C:\Users\Ersin\AppData\Roaming\TS3Client
[2011.04.24 00:37:58 | 000,000,000 | ---D | M] -- C:\Users\Ersin\AppData\Roaming\VMLoad
[2011.02.16 19:41:58 | 000,000,000 | ---D | M] -- C:\Users\Ersin\AppData\Roaming\World-Loom
[2012.01.15 03:00:00 | 000,000,460 | ---- | M] () -- C:\Windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Ersin.job
[2012.01.17 18:16:16 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:DBC416F8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >


Code:
ATTFilter
OTL Extras logfile created on: 04.02.2012 15:37:05 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Ersin\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 66,12% Memory free
7,93 Gb Paging File | 6,52 Gb Available in Paging File | 82,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,09 Gb Total Space | 28,16 Gb Free Space | 28,42% Space Free | Partition Type: NTFS
Drive D: | 186,00 Gb Total Space | 162,71 Gb Free Space | 87,48% Space Free | Partition Type: NTFS
 
Computer Name: ERSIN-PC | User Name: Ersin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{64A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23 (64-bit)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows-Treiberpaket - Nokia Modem  (10/07/2010 4.6)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"camcodec" = CamStudio Lossless Codec
"CCleaner" = CCleaner
"E5372C32E8562C76C24DBA6525002B1031495F34" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.8)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"nbi-glassfish-mod-3.1.43.0.0" = GlassFish Server Open Source Edition 3.1
"nbi-nb-base-7.0.0.0.0" = NetBeans IDE 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CamStudio" = CamStudio
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.8.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"nbi-nb-base-7.0.1.0.0" = NetBeans IDE 7.0.1
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"PunkBusterSvc" = PunkBuster Services
"SecureW2 Personal Client - Distribution Edition" = SecureW2 Personal Client - Distribution Edition 2.0.7 for Windows
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"ULTIMATER" = Microsoft Office Ultimate 2007
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.3.5.1
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.10.2011 15:44:41 | Computer Name = Ersin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 05.10.2011 15:44:41 | Computer Name = Ersin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 05.10.2011 15:44:41 | Computer Name = Ersin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 05.10.2011 15:44:41 | Computer Name = Ersin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 05.10.2011 15:44:41 | Computer Name = Ersin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 05.10.2011 15:44:41 | Computer Name = Ersin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 05.10.2011 15:56:43 | Computer Name = Ersin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 05.10.2011 15:56:43 | Computer Name = Ersin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 05.10.2011 15:56:43 | Computer Name = Ersin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 05.10.2011 15:56:43 | Computer Name = Ersin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 04.02.2012 07:30:05 | Computer Name = Ersin-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 04.02.2012 07:30:05 | Computer Name = Ersin-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 04.02.2012 07:30:36 | Computer Name = Ersin-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 04.02.2012 08:36:58 | Computer Name = Ersin-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 04.02.2012 08:36:58 | Computer Name = Ersin-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 04.02.2012 08:37:33 | Computer Name = Ersin-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 04.02.2012 10:19:43 | Computer Name = Ersin-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 04.02.2012 10:25:37 | Computer Name = Ersin-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 04.02.2012 10:25:37 | Computer Name = Ersin-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 04.02.2012 10:26:07 | Computer Name = Ersin-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
 
< End of report >

So das war alles.

Alt 05.02.2012, 20:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Win32/ransom.ej + Auswertungen - Standard

Trojaner Win32/ransom.ej + Auswertungen


Du kannst nciht einfach fremde Fixscripte auf deinen Rechner anwenden! Fixscripte sind immer individuell auf ein Rechner in einer bestimmten Situation erstellt worden!

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________

__________________
Antwort

Themen zu Trojaner Win32/ransom.ej + Auswertungen
.dll, 2.0.7, administrator, alternate, bho, converter, dateien, dateisystem, error, excel, explorer, explorer.exe, fehler, firefox, flash player, format, google chrome, heuristiks/extra, heuristiks/shuriken, hotspot, hotspot shield, install.exe, langs, malwarebytes, microsoft, microsoft office word, microsoft security, mp3, office 2007, plug-in, programme, registry cleaner, rundll, scan, security, security update, senden, server, software, sweetim, trojaner, webcheck, win32/ransom.ej, winlogon


« Langsame Internetverbindung (17kb/s) trotz DSL1000 ? | Auch - Sparkasse Onlinebanking "warten sie bis ihrer Computer identifiziert wird »


Ähnliche Themen: Trojaner Win32/ransom.ej + Auswertungen


  1. Trojaner: Trojan-Ransom.Win32.Foreign blockiert Rechner
    Plagegeister aller Art und deren Bekämpfung - 26.06.2014 (19)
  2. Trojan-Ransom.Win32.Crypren.prr
    Plagegeister aller Art und deren Bekämpfung - 28.03.2014 (5)
  3. Kaspersky findet Backdoor.Win32.Zaccess, Trojan-Ransom.Win32.Gimeno, Trojan.Win32.Inject
    Log-Analyse und Auswertung - 01.02.2014 (17)
  4. Win7 ransomware wgsdgsdgdsgsd.dll, Win32/Reveton!lnk (runctf.lnk), Trojan.Ransom.Win32.Foreign.AMN (A)
    Plagegeister aller Art und deren Bekämpfung - 30.12.2012 (9)
  5. TR/Ransom.294912 (Antivir) / Trojan-Ransom.Win32.Gimemo.vyp (Kaspersky)
    Log-Analyse und Auswertung - 20.07.2012 (18)
  6. Tojan.Ransom.Win32 Gimemo.uov
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (1)
  7. trojan-ransom.win32.gimemo
    Plagegeister aller Art und deren Bekämpfung - 26.05.2012 (1)
  8. Trojan-Ransom.Win32.Gumemo.roq
    Log-Analyse und Auswertung - 11.05.2012 (20)
  9. RannohDecryptor: Verschlüsselungs-Trojaner Trojan-Ransom.Win32.Rannoh
    Diskussionsforum - 07.05.2012 (3)
  10. Trojan:Win32/Ransom.EZ
    Log-Analyse und Auswertung - 29.04.2012 (1)
  11. Trojaner Win32/ransom.ej
    Log-Analyse und Auswertung - 01.03.2012 (25)
  12. XoristDecryptor: Verschlüsselungs-Trojaner Trojan-Ransom.Win32.Xorist
    Anleitungen, FAQs & Links - 28.02.2012 (0)
  13. Trojaner Befall durch win32/ransom.ej
    Log-Analyse und Auswertung - 14.02.2012 (1)
  14. Trojaner Win32/ransom.ej
    Log-Analyse und Auswertung - 21.01.2012 (3)
  15. Trojan:Win32/Ransom.EJ
    Plagegeister aller Art und deren Bekämpfung - 02.01.2012 (3)
  16. Trojaner , Trojan:Win32/Ransom.EJ auf dem Netbook. Windows Version blockiert.
    Plagegeister aller Art und deren Bekämpfung - 18.12.2011 (1)
  17. Keylogger? log auswertungen
    Log-Analyse und Auswertung - 30.04.2010 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner Win32/ransom.ej + Auswertungen - Ich habe irgendwie seit heute morgen den Trojaner Win32/ransom.ej. Wie es dazu kam? Ich weiß es nicht...war nur auf Facebook unterwegs und hab nen Club aus der Umgebung geliked. Da - Trojaner Win32/ransom.ej + Auswertungen...
Archiv
Du betrachtest: Trojaner Win32/ransom.ej + Auswertungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131