Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Der nächste mit dem GVU-Trojaner...

Der nächste mit dem GVU-Trojaner...


Log-Analyse und Auswertung: Der nächste mit dem GVU-Trojaner...

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 04.09.2012, 10:28   #1
Jucksnjo
 
Der nächste mit dem GVU-Trojaner... - Standard

Der nächste mit dem GVU-Trojaner...


Hallo zusammen,

auch mich hat es gestern leider erwischt. Der GVU-Trojaner legt bei bestehender Internetverbindung den Rechner lahm, bei gekapptem Internet habe ich festgestellt, dass der TaskManager nicht öffnet.

Schon im Voraus vielen Dank für euer Bemühen.

Hier die beiden OTL-Files.

OTl.txt
Code:
ATTFilter
OTL logfile created on: 9/4/2012 11:10:41 AM - Run 1
OTL by OldTimer - Version 3.2.60.0     Folder = C:\Users\Johannes\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 75.34% Memory free
5.93 Gb Paging File | 4.97 Gb Available in Paging File | 83.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.72 Gb Total Space | 107.29 Gb Free Space | 72.15% Space Free | Partition Type: NTFS
Drive D: | 301.95 Gb Total Space | 81.45 Gb Free Space | 26.98% Space Free | Partition Type: NTFS
Drive F: | 15.06 Gb Total Space | 3.53 Gb Free Space | 23.46% Space Free | Partition Type: NTFS
 
Computer Name: JOHANNES-LAPTOP | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Johannes\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Installationen\AntiVir\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Installationen\AntiVir\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Installationen\AntiVir\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Installationen\AntiVir\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Installationen\PhonoStar\phonostarTimer.exe ()
PRC - C:\Installationen\OpenOffice\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Installationen\OpenOffice\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Installationen\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Installationen\vpn-Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Installationen\CD_Burner\NMSAccessU.exe ()
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Installationen\PhonoStar\phonostarTimer.exe ()
MOD - C:\Installationen\PhonoStar\QtCore4.dll ()
MOD - C:\Installationen\PhonoStar\plugins\sqldrivers\qsqlite4.dll ()
MOD - C:\Installationen\PhonoStar\QtSql4.dll ()
MOD - C:\Installationen\PhonoStar\QtGui4.dll ()
MOD - C:\Installationen\OpenOffice\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3531.38598__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3531.38481__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3531.38538__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3531.38551__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3531.38490__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3531.38533__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3531.38571__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3531.38490__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3531.38569__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3531.38546__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3531.38595__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3531.38526__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3531.38502__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3531.38505__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3531.38532__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3531.38506__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3531.38531__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3531.38520__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3498.37534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3498.37533__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3498.37558__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3498.37615__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3498.37612__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3498.37554__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3498.37610__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3498.37541__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3498.37518__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3498.37603__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3498.37515__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3498.37517__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3498.37674__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3498.37602__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3498.37536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3498.37540__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3498.37526__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3498.37551__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3498.37571__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3498.37544__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3498.37574__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3498.37547__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3498.37583__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3498.37579__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3498.37557__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3498.37575__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3498.37572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3498.37580__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3498.37555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3531.38593__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3498.37578__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3498.37577__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3531.38575__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3498.37552__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3498.37553__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3498.37535__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3531.38478__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3531.38565__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3498.37528__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3498.37531__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3498.37547__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3531.38559__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3531.38563__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3531.38480__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3498.37546__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3498.37522__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3498.37548__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3531.38479__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3531.38486__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3498.37538__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3498.37549__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3498.37585__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3531.38565__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3531.38477__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3531.38478__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Installationen\FileZilla\fzshellext.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Installationen\AntiVir\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Installationen\AntiVir\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (CVPND) -- C:\Installationen\vpn-Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (NMSAccessU) -- C:\Installationen\CD_Burner\NMSAccessU.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (DgiVecp) -- C:\windows\system32\Drivers\DgiVecp.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (StarOpen) -- C:\windows\System32\drivers\StarOpen.sys ()
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "YouTube"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Installationen\Firefox11\components [2012/08/31 10:28:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Installationen\Firefox11\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Installationen\Thunderbird\components [2010/12/11 17:29:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Installationen\Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Installationen\Firefox11\components [2012/08/31 10:28:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Installationen\Firefox11\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Installationen\Thunderbird\components [2010/12/11 17:29:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Plugins: C:\Installationen\Thunderbird\plugins
 
[2011/04/24 14:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions
[2010/02/17 16:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/07/26 10:13:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\csn4b5ew.default\extensions
[2011/10/15 11:58:52 | 000,000,000 | ---D | M] (dp Launcher Plugin) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\csn4b5ew.default\extensions\dplauncher@digitalpublishing.de
[2012/06/22 12:59:37 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\csn4b5ew.default\extensions\info@djzig.com
[2012/06/21 14:25:12 | 000,000,000 | ---D | M] (BlackFox V2) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\csn4b5ew.default\extensions\zigboom@hotmail.com
[2011/04/25 18:35:23 | 000,004,140 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\csn4b5ew.default\searchplugins\youtube.xml
[2011/10/29 18:05:02 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CSN4B5EW.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/07/02 22:31:56 | 000,009,284 | ---- | M] () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CSN4B5EW.DEFAULT\EXTENSIONS\LINKLOCATIONBAR@GNT.DE.XPI
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Installationen\AntiVir\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Installationen\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000..\Run: [Miranda Fusion] C:\Installationen\Miranda_Fusion_3\fusiontools\mfstart.exe (Miranda Fusion Team)
O4 - HKU\S-1-5-21-1393878847-3825134562-3829623230-1000..\Run: [phonostarTimer] C:\Installationen\PhonoStar\phonostarTimer.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Installationen\OpenOffice\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E127B983-48FB-47F8-82C3-8AC8049917F9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/09/04 11:02:07 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2012/08/15 13:36:04 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/08/15 13:36:03 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/08/15 13:36:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/08/15 13:36:03 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/08/15 13:36:03 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/08/15 13:35:48 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/08/15 13:35:47 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll
[2012/08/09 15:41:51 | 000,000,000 | ---D | C] -- C:\Users\Johannes\v80
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/04 10:55:09 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2012/09/04 10:24:17 | 000,015,012 | ---- | M] () -- C:\Users\Johannes\cc_20120904_102357.reg
[2012/09/04 10:20:28 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/04 10:20:28 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/04 10:16:37 | 000,700,836 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/09/04 10:16:37 | 000,653,898 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/04 10:16:37 | 000,149,920 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/09/04 10:16:37 | 000,121,090 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/04 10:12:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/04 10:12:41 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/03 19:52:24 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012/09/01 14:50:57 | 000,001,893 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/08/31 11:41:21 | 000,297,418 | ---- | M] () -- C:\Users\Johannes\280_Führerstand3.jpg
[2012/08/31 11:41:09 | 000,312,037 | ---- | M] () -- C:\Users\Johannes\280_Führerstand2.jpg
[2012/08/16 13:08:14 | 000,429,320 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/08/10 21:11:22 | 000,006,656 | ---- | M] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/08 15:05:54 | 000,170,953 | ---- | M] () -- C:\Users\Johannes\Zwischenablage01.jpg
[2012/08/08 14:44:12 | 000,464,306 | ---- | M] () -- C:\Users\Johannes\280_Führerstand.jpg
[2012/08/07 14:32:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/08/07 14:32:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012/09/04 10:24:09 | 000,015,012 | ---- | C] () -- C:\Users\Johannes\cc_20120904_102357.reg
[2012/09/01 14:50:57 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012/09/01 14:50:57 | 000,001,893 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/08/31 11:41:21 | 000,297,418 | ---- | C] () -- C:\Users\Johannes\280_Führerstand3.jpg
[2012/08/31 11:41:09 | 000,312,037 | ---- | C] () -- C:\Users\Johannes\280_Führerstand2.jpg
[2012/08/08 15:05:54 | 000,170,953 | ---- | C] () -- C:\Users\Johannes\Zwischenablage01.jpg
[2012/08/08 14:44:12 | 000,464,306 | ---- | C] () -- C:\Users\Johannes\280_Führerstand.jpg
[2012/06/07 11:01:30 | 000,037,665 | ---- | C] () -- C:\Users\Johannes\Verzeichnis_Zusatz.pdf
[2011/07/21 17:27:32 | 000,001,547 | ---- | C] () -- C:\windows\wininit.ini
[2011/07/21 17:27:01 | 000,069,632 | ---- | C] () -- C:\windows\RAUNINST.EXE
[2011/05/22 13:04:07 | 3192,264,704 | ---- | C] () -- C:\Users\Johannes\de_windows_7_professional_x64_dvd.iso
[2011/05/22 12:56:55 | 2463,242,240 | ---- | C] () -- C:\Users\Johannes\de_windows_7_professional_x86_dvd_x15-65812.iso
[2011/01/16 14:21:25 | 000,032,433 | ---- | C] () -- C:\Users\Johannes\Franken.pdf
[2010/09/13 11:11:16 | 000,482,408 | ---- | C] () -- C:\windows\ssndii.exe
[2010/09/13 11:10:28 | 000,026,624 | ---- | C] () -- C:\windows\System32\ssp4ml3.dll
[2010/08/04 17:34:18 | 000,006,656 | ---- | C] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/18 16:06:58 | 000,000,642 | ---- | C] () -- C:\Users\Johannes\Eigene Musik.lnk
[2010/02/18 15:30:32 | 000,000,642 | ---- | C] () -- C:\Users\Johannes\Eigene Fotos.lnk
[2010/02/17 14:56:27 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2010/02/17 15:42:51 | 000,000,000 | -HSD | M] -- C:\Users\Johannes\AppData\Roaming\.#
[2010/02/17 17:37:28 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Canneverbe Limited
[2010/11/02 17:03:23 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\CoCreate
[2012/05/12 15:34:23 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Dev-Cpp
[2011/10/15 11:58:54 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\digital publishing
[2012/07/03 17:52:10 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\FileZilla
[2010/03/20 18:21:23 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Foxit Software
[2012/03/10 17:29:36 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\gtk-2.0
[2011/10/26 12:54:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Miranda Fusion
[2011/06/30 19:50:38 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\mkvtoolnix
[2010/02/18 13:29:29 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\OpenOffice.org
[2010/09/17 11:15:37 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\phonostar GmbH
[2012/08/12 02:19:59 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\phonostar-Player
[2010/02/17 16:39:02 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Thunderbird
[2012/05/12 15:37:54 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Ubisoft
[2012/08/07 16:27:26 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Youtube Downloader HD
[2012/08/17 13:54:28 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 9/4/2012 11:10:41 AM - Run 1
OTL by OldTimer - Version 3.2.60.0     Folder = C:\Users\Johannes\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 75.34% Memory free
5.93 Gb Paging File | 4.97 Gb Available in Paging File | 83.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.72 Gb Total Space | 107.29 Gb Free Space | 72.15% Space Free | Partition Type: NTFS
Drive D: | 301.95 Gb Total Space | 81.45 Gb Free Space | 26.98% Space Free | Partition Type: NTFS
Drive F: | 15.06 Gb Total Space | 3.53 Gb Free Space | 23.46% Space Free | Partition Type: NTFS
 
Computer Name: JOHANNES-LAPTOP | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Installationen\Firefox11\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Installationen\vlc_Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Installationen\vlc_Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Installationen\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Installationen\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Installationen\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09AB10EE-BA37-4354-9811-ECE17ABC06FC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0F316849-29FF-4DD3-9548-D53A40A1FCDA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1E129319-1524-4A9D-A1D2-078270F6F7AB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2A7887CE-13C0-4665-B049-C168ECBA4D34}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4350C3D7-6918-4CC4-896F-685DFE74835D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4A6723CC-C46E-4316-9D99-AC3FA0106400}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B9A5E0B-0B04-4196-8C9B-33010C732803}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5177CF10-FE8D-4DA4-B0C6-615DB361B330}" = rport=139 | protocol=6 | dir=out | app=system | 
"{56B5375F-7C3D-4F9B-847F-6FF0D3F6B59C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6BC1C2A3-672A-45FD-BDE9-32CDFBC8F276}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7107B8C4-A638-4D2A-A54A-AD57C87BDA6B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{72360054-CDD0-42BE-AB05-B623150912EF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{947FB2D0-6171-4CA2-A092-98E4A1912277}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{95B559CB-F083-4733-BB8D-13FE0D9F40B0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9744F3E7-EE28-4BC8-9E36-DD9D87DBBCA1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9A12306F-4C66-4F3C-AD70-F093A0F9825D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9DA64B69-D911-436B-BA21-86EFB0DB6BE2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C9F412F5-00B6-4FE8-BCF3-2BAC53E93994}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E43415F6-4C0F-4039-862D-D8A0A42BF535}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E6CD453A-0E9B-4B3C-9761-5F38DB0B15D7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{EE55BCB0-5FCD-4869-9D54-69BCA99C50DA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F03A5DDB-CFB8-4396-92C5-ABAEF3353BC7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FD8CC95A-1C7F-4D19-980B-1895ADC59426}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027742A6-C173-4D09-BE70-86F0F04D101C}" = protocol=17 | dir=in | app=c:\installationen\miranda_fusion\miranda32.exe | 
"{11B0D436-F7EB-4D98-95A4-E3D18AA5B4EB}" = protocol=17 | dir=in | app=d:\spiele\anno2070\autopatcher.exe | 
"{1BDA39C1-6867-460F-B7C7-B884B4D9086F}" = protocol=6 | dir=in | app=c:\installationen\miranda_fusion\miranda32.exe | 
"{2A2FC34B-3425-4E39-AE4E-61D9863F514C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{2AE3209F-9AE6-451D-84B0-51FD1FAC2E2E}" = protocol=6 | dir=out | app=system | 
"{2E381290-3356-4CE6-9B53-4041F26DA701}" = protocol=17 | dir=in | app=c:\installationen\miranda_fusion_3\fusiontools\updater.exe | 
"{36C7FCEC-31C5-4719-B975-6C4FD07EF42A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3D7AA914-DF55-4272-9ACF-281B74A996FB}" = protocol=17 | dir=in | app=d:\spiele\anno2070\initengine.exe | 
"{3DFD180D-A329-42E9-A573-23B5FAA63983}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{4071C946-296E-4C71-B544-1126818E34E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{47FFF8A0-B4F1-4E4A-A29A-DEA721D5CD5A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{57011D5A-E8F7-4477-AFF7-D10E967AC24D}" = protocol=6 | dir=in | app=d:\spiele\anno2070\initengine.exe | 
"{58AAB87F-AAE5-4C53-AED1-767889F55C66}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{5DB87843-8B98-45C0-8F03-0F288D675F6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{61484C19-34AF-4808-8E0A-5E92D03759E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{63C407E1-CABE-4A36-A93E-8CC4E030DD54}" = protocol=6 | dir=in | app=c:\installationen\miranda_fusion_3\miranda32.exe | 
"{6CF847E8-AD4E-4819-9E01-DDFA2015630B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6E783A3C-8BFD-436A-A1EC-246223D1DB40}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{79B4B58E-5E3A-41DD-9618-D4AD5DE8BE4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8188E256-607B-4D54-ABBF-DDEAF8E7FCEC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8AFEB3CB-9AC3-43B7-A2D8-963BD816A9E3}" = protocol=6 | dir=in | app=c:\installationen\miranda_fusion_3\fusiontools\updater.exe | 
"{907266CF-3535-47F8-9C4D-00FE330F2BCE}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{93C8A943-A065-4174-9937-31C4E810B900}" = protocol=17 | dir=in | app=c:\installationen\miranda_fusion_3\miranda32.exe | 
"{93FBBCBA-9DC0-4E62-90EA-4BFA3BDAA3FF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9A115448-12B3-48E4-A62A-5D6F884D74CD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9B530963-1B4F-4771-B1DF-A7907003E17A}" = protocol=6 | dir=in | app=d:\spiele\anno2070\anno5.exe | 
"{A14ECB7B-8C17-45EB-92D5-A23C02649DC6}" = protocol=58 | dir=in | app=system | 
"{C7FB6511-906B-4024-8E7A-8547A4B18C17}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C816F42F-224C-4442-8A77-A8169B3D282D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CE65CCCE-057A-4AF4-BBFD-F9EE3AC52F82}" = protocol=6 | dir=in | app=d:\spiele\anno2070\autopatcher.exe | 
"{DB49AC84-7FC1-47B8-823E-670F2D10468D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F0F6F728-8C68-414D-B948-32B0A132105F}" = dir=in | app=c:\installationen\skype\phone\skype.exe | 
"{F5A50DBA-B60B-46C2-BA24-FF00D39DBDB7}" = protocol=17 | dir=in | app=d:\spiele\anno2070\anno5.exe | 
"{FC588AE0-FCC2-4DE1-9D6D-41A131886217}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{78938E09-2209-4E79-A8AE-D7086E9746BF}C:\installationen\miranda\miranda32.exe" = protocol=6 | dir=in | app=c:\installationen\miranda\miranda32.exe | 
"TCP Query User{82654CC4-ED18-4E25-919F-3873A29CC035}C:\installationen\miranda_fusion_3\miranda32.exe" = protocol=6 | dir=in | app=c:\installationen\miranda_fusion_3\miranda32.exe | 
"TCP Query User{84501DF9-4AE0-4EF1-AF40-FBA9DD3F1144}C:\installationen\miranda_3\miranda32.exe" = protocol=6 | dir=in | app=c:\installationen\miranda_3\miranda32.exe | 
"TCP Query User{91E28D41-A032-45DF-8F5E-F0083ECB49DA}C:\installationen\phonostar\phonostar.exe" = protocol=6 | dir=in | app=c:\installationen\phonostar\phonostar.exe | 
"TCP Query User{B8E5A64F-C425-47B9-8CFD-551EC2F1422C}C:\installationen\vlc_player\vlc.exe" = protocol=6 | dir=in | app=c:\installationen\vlc_player\vlc.exe | 
"TCP Query User{E92090C5-3ED8-483E-AE00-FE41F33F47B8}C:\installationen\phonostar2plus\ps_olect.exe" = protocol=6 | dir=in | app=c:\installationen\phonostar2plus\ps_olect.exe | 
"UDP Query User{35C1D8D6-769E-4649-B280-28A292406CAF}C:\installationen\vlc_player\vlc.exe" = protocol=17 | dir=in | app=c:\installationen\vlc_player\vlc.exe | 
"UDP Query User{3A3D81FA-0602-4E12-A4E8-19D282CBBBFC}C:\installationen\phonostar2plus\ps_olect.exe" = protocol=17 | dir=in | app=c:\installationen\phonostar2plus\ps_olect.exe | 
"UDP Query User{993D530C-A1B1-4E61-B23F-5135C3769161}C:\installationen\phonostar\phonostar.exe" = protocol=17 | dir=in | app=c:\installationen\phonostar\phonostar.exe | 
"UDP Query User{A613417B-6F51-41B4-AE71-F8523AEB147C}C:\installationen\miranda_3\miranda32.exe" = protocol=17 | dir=in | app=c:\installationen\miranda_3\miranda32.exe | 
"UDP Query User{CD258015-BE36-4136-8325-0AAA777285B2}C:\installationen\miranda\miranda32.exe" = protocol=17 | dir=in | app=c:\installationen\miranda\miranda32.exe | 
"UDP Query User{DB521903-12D6-40A8-92F1-249A4887AC1E}C:\installationen\miranda_fusion_3\miranda32.exe" = protocol=17 | dir=in | app=c:\installationen\miranda_fusion_3\miranda32.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian
"{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{26D20F5D-1D37-5BD1-34AB-6411AC34E2A9}" = ccc-utility
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai
"{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek
"{6848704E-C8D4-4F4F-9181-5926D4A11E98}" = ATI Catalyst Install Manager
"{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light
"{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish
"{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch
"{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New
"{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian
"{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish
"{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"FileZilla Client" = FileZilla Client 3.2.7.1
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IrfanView" = IrfanView (remove only)
"LSI Soft Modem" = LSI HDA Modem
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MirandaFusion" = Miranda Fusion 3.1.15.1
"MKVtoolnix" = MKVtoolnix 4.8.0
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.8
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.2
"Red Alert" = Red Alert Windows 95
"Samsung ML-191x 252x Series" = Wartung Samsung ML-191x 252x Series
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"www.zusi.de/zusi3/demo_is1" = Zusi 3.0.2 (Beta-Demo)
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.9.2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1393878847-3825134562-3829623230-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird (3.0.11)" = Mozilla Thunderbird (3.0.11)
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/15/2012 6:48:10 AM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/11/2012 3:45:43 PM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/11/2012 3:46:16 PM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/11/2012 3:47:49 PM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/11/2012 3:47:50 PM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/19/2012 4:51:34 AM | Computer Name = Johannes-Laptop | Source = Application Hang | ID = 1002
Description = Programm winamp.exe, Version 5.5.7.2830 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 620    Startzeit: 
01cd7de7be0c0733    Endzeit: 24    Anwendungspfad: C:\Installationen\Winamp\winamp.exe    Berichts-ID:
 110c62de-e9db-11e1-ae1e-0024541e0db8  
 
Error - 8/19/2012 6:35:17 AM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/19/2012 6:35:45 AM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/19/2012 6:37:07 AM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/19/2012 6:37:08 AM | Computer Name = Johannes-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 9/4/2012 4:13:49 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 9/4/2012 4:13:50 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 9/4/2012 4:13:51 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 9/4/2012 4:13:52 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 9/4/2012 4:13:52 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 9/4/2012 4:13:53 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 9/4/2012 5:08:49 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 9/4/2012 5:08:50 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 9/4/2012 5:08:50 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 9/4/2012 5:08:51 AM | Computer Name = Johannes-Laptop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
 
< End of report >

 

Themen zu Der nächste mit dem GVU-Trojaner...
7-zip, antivir, autorun, avg, avira, bho, branding, defender, downloader, error, fehler, firefox, flash player, format, helper, home, install.exe, logfile, microsoft office 2003, office 2007, plug-in, realtek, registry, rundll, scan, security, software, svchost.exe, taskhost.exe, taskmanager, udp, windows, youtube downloader


« GVU Trojaner mit Webcam | "TR/Drop.Injector.fkta" bei Windows Vista »


Ähnliche Themen: Der nächste mit dem GVU-Trojaner...


  1. Der nächste Noob mit einem GVU:-(
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (35)
  2. Suisa die nächste
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (3)
  3. BKA Trojaner der nächste, Vista nur noch im abgesicherten Modus mit Netzwerktreibern
    Mülltonne - 04.07.2012 (2)
  4. Windows-Verschlüsselungs Trojaner, der nächste
    Log-Analyse und Auswertung - 08.05.2012 (5)
  5. Sparkassen Trojaner die nächste...
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (2)
  6. GEMA Trojaner -Ich habe nächste Woche eine Präsentation
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (1)
  7. Diverse Trojaner gefunden? (Blacole.A u.a.) - unsicher über nächste Schritte
    Plagegeister aller Art und deren Bekämpfung - 18.01.2012 (15)
  8. Und der nächste mit dem Bundestrojaner
    Log-Analyse und Auswertung - 17.08.2011 (2)
  9. ILoveYou - Nächste Runde ?
    Diskussionsforum - 27.06.2011 (1)
  10. Der nächste mit dem Metropolitan Police
    Plagegeister aller Art und deren Bekämpfung - 22.06.2011 (24)
  11. System Security Trojaner - der Nächste
    Log-Analyse und Auswertung - 13.01.2009 (0)
  12. Nächste Mail die im Umlauf ist
    Überwachung, Datenschutz und Spam - 14.04.2007 (5)
  13. CoolWebSearch, die nächste
    Log-Analyse und Auswertung - 10.06.2005 (17)
  14. about blank, der nächste
    Plagegeister aller Art und deren Bekämpfung - 21.01.2005 (13)
  15. Der nächste, bitte ...
    Log-Analyse und Auswertung - 18.09.2004 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Der nächste mit dem GVU-Trojaner... - Hallo zusammen, auch mich hat es gestern leider erwischt. Der GVU-Trojaner legt bei bestehender Internetverbindung den Rechner lahm, bei gekapptem Internet habe ich festgestellt, dass der TaskManager nicht öffnet. Schon - Der nächste mit dem GVU-Trojaner......
Archiv
Du betrachtest: Der nächste mit dem GVU-Trojaner... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131