Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Trojaner PUP OFFER BUND...

GVU Trojaner PUP OFFER BUND...


Plagegeister aller Art und deren Bekämpfung: GVU Trojaner PUP OFFER BUND...

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 4 1 23 Letzte »
Alt 23.01.2013, 09:43   #1
LeGaston
 
GVU Trojaner PUP OFFER BUND... - Standard

GVU Trojaner PUP OFFER BUND...


PC reagiert sehr langsam,
XP SP3 neu aufgespielt
defragmentiert und aufgeräumt
avira suchen lassen und nichts gefunden
mit Mbam finde ich zwei GVU Trojaner - ab in die Quarantäne
Geschwindigkeit geht nicht besser
nochmals Mbam scannen lassen - und wieder einer...
Nun lese ich hier im Forum, dass es nur individuelle Lösungen gibt, keine für alle - was ist das dann für ein Quatsch, den die Bundespolizei als CD zum Runterladen anbietet???http://www.trojaner-board.de/images/...s/headbang.gif

Bitte um Hilfe, bin einer der letzten echten Laien...:confushttp://www.trojaner-board.de/images/...onfused.gifed:

Hier sind defogger_disable.log (ist das eine Fehlermeldung?),
OTL txt, Extra txt, Gmer txt, Mbam log files:


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:59 on 21/01/2013 (Mulch)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.01.2013 20:13:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Mulch\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,48 Mb Total Physical Memory | 427,13 Mb Available Physical Memory | 41,73% Memory free
1,66 Gb Paging File | 1,08 Gb Available in Paging File | 64,97% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 38,28 Gb Total Space | 11,17 Gb Free Space | 29,19% Space Free | Partition Type: NTFS
Drive F: | 3,73 Gb Total Space | 3,70 Gb Free Space | 99,20% Space Free | Partition Type: FAT32
 
Computer Name: MULCHPC | User Name: Mulch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.21 16:22:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mulch\Desktop\OTL.exe
PRC - [2013.01.04 23:29:06 | 028,539,232 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Mulch\Anwendungsdaten\Dropbox\bin\Dropbox.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.29 16:06:12 | 001,926,496 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
PRC - [2012.11.29 16:06:10 | 001,723,744 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
PRC - [2012.11.21 19:00:02 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.08.22 16:13:36 | 001,573,584 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.06.09 12:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2009.08.13 12:09:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008.04.14 07:52:58 | 000,422,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.06.11 15:48:56 | 000,126,976 | ---- | M] (AccSys GmbH) -- C:\Programme\Gemeinsame Dateien\AccSys\accvssvc.exe
PRC - [2006.11.16 18:04:20 | 000,139,264 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.11.16 17:58:32 | 000,884,736 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006.10.23 00:40:14 | 000,046,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
PRC - [2006.10.22 22:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2006.10.19 12:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2005.07.07 16:17:31 | 000,020,480 | ---- | M] (Logitech) -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
PRC - [2005.05.12 00:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2004.07.15 10:56:56 | 000,581,632 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\SetPoint\KEM.exe
PRC - [2004.06.08 11:31:38 | 000,029,696 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\SetPoint\KHALMNPR.exe
PRC - [2002.07.23 10:02:28 | 000,233,472 | ---- | M] (Nikon Corporation) -- C:\Programme\Nikon\NkView5\NkvMon.exe
PRC - [2000.08.29 17:07:32 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
PRC - [1998.10.22 17:07:20 | 000,044,032 | ---- | M] (Caere Corporation) -- C:\Programme\Caere\OmniPagePro90\OPware32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.20 21:03:50 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6d9d02dc\mscorlib.dll
MOD - [2013.01.20 21:03:37 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_60e304de\system.drawing.dll
MOD - [2013.01.20 21:03:01 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_35f0d7d5\system.xml.dll
MOD - [2013.01.20 21:02:42 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_471e203b\system.windows.forms.dll
MOD - [2013.01.20 21:02:07 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_6ee52815\system.dll
MOD - [2013.01.20 21:01:32 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2013.01.20 21:01:23 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2013.01.20 21:01:17 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012.09.19 18:17:40 | 000,397,088 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2006.10.22 23:21:28 | 000,917,504 | ---- | M] () -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\AdistRes.DEU
MOD - [2006.02.06 12:44:41 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2006.02.06 12:44:41 | 000,061,440 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb.resources\4.0.0.0_de_a53cf5803f4c3827\hpqisrtb.resources.dll
MOD - [2006.02.06 12:44:39 | 000,774,144 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2006.02.06 12:44:39 | 000,294,912 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup.resources\3.0.0.0_de_a53cf5803f4c3827\hpqbakup.resources.dll
MOD - [2006.02.06 12:44:36 | 000,380,928 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2006.02.06 12:44:36 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_de_a53cf5803f4c3827\hpqcprsc.resources.dll
MOD - [2006.02.06 12:44:28 | 001,032,192 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2006.02.06 12:44:28 | 000,331,776 | ---- | M] () -- c:\windows\assembly\gac\hpqedit.resources\3.0.0.0_de_a53cf5803f4c3827\hpqedit.resources.dll
MOD - [2006.02.06 12:44:27 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2006.02.06 12:44:25 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2006.02.06 12:44:24 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2006.02.06 12:44:24 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2006.02.06 12:44:24 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2006.02.06 12:44:24 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc.resources\4.0.0.0_de_a53cf5803f4c3827\hpqprrsc.resources.dll
MOD - [2006.02.06 12:44:23 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2006.02.06 12:44:23 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2006.02.06 12:44:23 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2006.02.06 12:44:23 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2006.02.06 12:44:23 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2006.02.06 12:44:23 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2006.02.06 12:44:23 | 000,015,360 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\3.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2006.02.06 12:44:22 | 000,512,000 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2006.02.06 12:44:22 | 000,364,544 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2006.02.06 12:44:22 | 000,225,280 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2006.02.06 12:44:22 | 000,188,416 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2006.02.06 12:44:22 | 000,135,168 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2.resources\3.0.0.0_de_a53cf5803f4c3827\hpqcc2.resources.dll
MOD - [2006.02.06 12:44:22 | 000,122,880 | ---- | M] () -- c:\windows\assembly\gac\hpqtray.resources\4.0.0.0_de_a53cf5803f4c3827\hpqtray.resources.dll
MOD - [2006.02.06 12:44:22 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2006.02.06 12:44:22 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2006.02.06 12:44:22 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2006.02.06 12:44:22 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2006.02.06 12:44:22 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2006.02.06 12:44:22 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2006.02.06 12:44:22 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2006.02.06 12:44:22 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2006.02.06 12:44:22 | 000,012,800 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc.resources\4.0.0.0_de_a53cf5803f4c3827\hpqfmrsc.resources.dll
MOD - [2006.02.06 12:44:22 | 000,010,752 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\3.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2006.02.06 12:44:21 | 000,589,824 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2005.07.07 16:17:31 | 000,143,360 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwfiles.dll
MOD - [2005.07.07 16:17:31 | 000,114,688 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWScriptExt.dll
MOD - [2005.07.07 16:17:31 | 000,049,152 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll
MOD - [2005.07.07 16:17:31 | 000,020,480 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll
MOD - [2005.07.07 16:17:31 | 000,020,480 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll
MOD - [2005.02.07 16:38:22 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2005.02.07 16:33:31 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2005.02.07 16:33:31 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\system.resources\1.0.5000.0_de_b77a5c561934e089\system.resources.dll
MOD - [2005.02.07 16:32:39 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2004.10.07 06:31:10 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2004.10.07 06:31:06 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2004.07.15 10:54:24 | 000,086,016 | ---- | M] () -- C:\Programme\Logitech\SetPoint\lgscroll.dll
MOD - [2000.08.29 17:07:32 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
MOD - [1999.03.24 15:57:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\system32\PdfPorts.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013.01.05 04:44:06 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.04 15:38:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.29 16:06:10 | 001,723,744 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.08.13 12:09:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007.06.11 15:48:56 | 000,126,976 | ---- | M] (AccSys GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AccSys\accvssvc.exe -- (accvssvc)
SRV - [2007.03.20 15:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.10.19 12:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006.06.30 10:35:11 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006.03.03 21:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.11.27 10:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.22 15:51:13 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.11.22 15:50:51 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.11.16 16:38:46 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.06.05 14:37:14 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2004.08.03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2004.06.08 11:36:28 | 000,013,105 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2004.06.08 11:35:18 | 000,054,817 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2004.06.08 11:35:08 | 000,071,533 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004.01.02 18:54:32 | 000,385,077 | ---- | M] (cFos Software GmbH) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cFosNT.sys -- (cFosNT)
DRV - [2003.03.05 01:05:45 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2001.08.17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 12:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=50E7EAAC-FC07-448A-B398-7132145AFA7E&apn_sauid=E7EEA3D8-5099-478A-9B1D-64DE4A6FC498
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_deDE303
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.amway.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=&locale=&apn_uid=50E7EAAC-FC07-448A-B398-7132145AFA7E&apn_ptnrs=&apn_sauid=E7EEA3D8-5099-478A-9B1D-64DE4A6FC498&apn_dtid=%5E&&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programme\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll (Google)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.17 12:17:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.09.17 19:04:53 | 000,000,000 | ---D | M]
 
[2009.08.12 13:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mulch\Anwendungsdaten\Mozilla\Extensions
[2013.01.16 08:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mulch\Anwendungsdaten\Mozilla\Firefox\Profiles\f73wdlwk.default\extensions
[2013.01.16 08:38:05 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Dokumente und Einstellungen\Mulch\Anwendungsdaten\Mozilla\Firefox\Profiles\f73wdlwk.default\extensions\toolbar@ask.com
[2013.01.16 08:38:04 | 000,002,295 | ---- | M] () -- C:\Dokumente und Einstellungen\Mulch\Anwendungsdaten\Mozilla\Firefox\Profiles\f73wdlwk.default\searchplugins\askcom.xml
[2013.01.17 12:17:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.09.17 16:51:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.01.14 12:02:56 | 000,437,747 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15054 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe File not found
O4 - HKLM..\Run: [atwtusb] C:\WINDOWS\System32\atwtusb.exe ()
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [cFosDNT]  File not found
O4 - HKLM..\Run: [Corel Reminder]  File not found
O4 - HKLM..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66" File not found
O4 - HKLM..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe" File not found
O4 - HKLM..\Run: [OmniPage] C:\Programme\Caere\OmniPagePro90\OPware32.exe (Caere Corporation)
O4 - HKLM..\Run: [routcnf] C:\Programme\Telekom\Eumex 404PC\routcnf.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [cFos - Tip of the Day]  File not found
O4 - HKCU..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)
O4 - HKCU..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NkvMon.exe.lnk = C:\Programme\Nikon\NkView5\NkvMon.exe (Nikon Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Mulch\Startmenü\Programme\Autostart\Adobe Gamma.lnk =  File not found
O4 - Startup: C:\Dokumente und Einstellungen\Mulch\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Mulch\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRunBackup = 255
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_27.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///C:/Dokumente%20und%20Einstellungen/Mulch/Eigene%20Dateien/Eigene%20Videos/Sigrids_Fotos_2008/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///C:/Dokumente%20und%20Einstellungen/Mulch/Eigene%20Dateien/Eigene%20Videos/Sigrids_Fotos_2008/components/A9.ocx (A9Helper.A9)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154173103140 (WUWebControl Class)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///C:/Dokumente%20und%20Einstellungen/Mulch/Eigene%20Dateien/Eigene%20Videos/Sigrids_Fotos_2008/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC964E48-B943-4782-B580-1DF8620B25CF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Mulch\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Mulch\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.02.07 12:25:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.21 19:57:59 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Mulch\Desktop\esetsmartinstaller_enu.exe
[2013.01.21 19:57:58 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Dokumente und Einstellungen\Mulch\Desktop\revosetup194.exe
[2013.01.21 19:57:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mulch\Desktop\OTL.exe
[2013.01.21 19:57:55 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Mulch\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.20 21:41:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013.01.19 22:04:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mulch\Anwendungsdaten\Malwarebytes
[2013.01.19 22:03:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.01.19 22:03:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.01.19 22:02:52 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.19 22:02:51 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.19 18:59:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software
[2013.01.19 18:57:50 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2013.01.19 18:57:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2013
[2013.01.19 18:54:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mulch\Anwendungsdaten\TuneUp Software
[2013.01.19 18:52:38 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2013
[2013.01.19 18:49:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2013.01.19 18:46:27 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.19 18:46:24 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2013.01.19 18:24:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013.01.16 08:49:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mulch\Anwendungsdaten\Avira
[2013.01.16 08:38:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2013.01.16 08:32:55 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
[2013.01.16 08:31:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mulch\Lokale Einstellungen\Anwendungsdaten\AskToolbar
[2013.01.16 08:25:42 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013.01.16 08:25:36 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013.01.16 08:25:36 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013.01.16 08:25:36 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013.01.16 08:25:25 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2013.01.16 08:25:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2013.01.16 07:29:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2013.01.16 07:29:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013.01.15 23:08:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2013.01.15 21:26:00 | 000,000,000 | ---D | C] -- C:\Programme\Windows Resource Kits
[2013.01.14 22:33:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2013.01.14 22:33:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2013.01.14 20:39:06 | 000,000,000 | ---D | C] -- C:\86c3ea9ae74c42d7757d6a4f3ba9c2
[2013.01.14 19:56:12 | 000,000,000 | ---D | C] -- C:\aa1c9f475147b399ffa868
[2013.01.14 16:38:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mulch\Startmenü\Programme\Accessories
[2013.01.14 16:22:45 | 000,000,000 | ---D | C] -- C:\4c116b6dad548313251a1bd85a
[2013.01.14 16:07:20 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Mulch\IETldCache
[2013.01.14 13:50:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013.01.14 13:13:23 | 000,000,000 | ---D | C] -- C:\964745701c0c8e38563fb0ff8e39da
[2013.01.14 12:31:55 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik
[2013.01.14 11:34:38 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox
[401 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.22 06:02:21 | 000,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013.01.21 19:59:35 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Mulch\defogger_reenable
[2013.01.21 19:55:35 | 000,002,500 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.21 19:51:04 | 000,002,321 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk
[2013.01.21 19:49:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.21 19:49:36 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.21 16:47:14 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Mulch\Desktop\esetsmartinstaller_enu.exe
[2013.01.21 16:44:40 | 000,574,677 | ---- | M] () -- C:\Dokumente und Einstellungen\Mulch\Desktop\adwcleaner.exe
[2013.01.21 16:43:36 | 013,462,931 | ---- | M] () -- C:\Dokumente und Einstellungen\Mulch\Desktop\mbar-1.01.0.1016.zip
[2013.01.21 16:35:40 | 001,110,476 | ---- | M] () -- C:\Dokumente und Einstellungen\Mulch\Desktop\7z920.exe
[2013.01.21 16:24:46 | 000,365,568 | ---- | M] () -- C:\Dokumente und Einstellungen\Mulch\Desktop\gmer-2.0.18444.exe
[2013.01.21 16:22:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mulch\Desktop\OTL.exe
[2013.01.21 16:22:14 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Mulch\Desktop\Defogger.exe
[2013.01.21 16:18:22 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Mulch\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.21 16:15:34 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Dokumente und Einstellungen\Mulch\Desktop\revosetup194.exe
[2013.01.21 15:57:43 | 001,578,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.21 14:34:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.21 10:42:10 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013.01.20 21:46:51 | 000,452,460 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.20 21:46:51 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.20 21:46:51 | 000,082,264 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.20 21:46:51 | 000,069,250 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.19 22:03:27 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.19 18:57:31 | 000,001,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.01.19 18:57:31 | 000,001,707 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities 2013.lnk
[2013.01.17 12:17:58 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2013.01.16 09:14:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.01.16 08:38:45 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2013.01.15 23:22:07 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2013.01.15 21:45:58 | 000,000,532 | ---- | M] () -- C:\reset.cmd
[2013.01.15 20:40:57 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013.01.15 20:40:57 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013.01.14 16:45:13 | 805,306,368 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013.01.14 12:26:33 | 105,661,272 | ---- | M] () -- C:\avira_free_antivirus_de(2).exe
[2013.01.14 12:02:56 | 000,437,747 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.01.14 11:36:01 | 000,001,034 | ---- | M] () -- C:\Dokumente und Einstellungen\Mulch\Startmenü\Programme\Autostart\Dropbox.lnk
[401 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.21 19:59:35 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Mulch\defogger_reenable
[2013.01.21 19:57:59 | 000,365,568 | ---- | C] () -- C:\Dokumente und Einstellungen\Mulch\Desktop\gmer-2.0.18444.exe
[2013.01.21 19:57:59 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Mulch\Desktop\Defogger.exe
[2013.01.21 19:57:58 | 001,110,476 | ---- | C] () -- C:\Dokumente und Einstellungen\Mulch\Desktop\7z920.exe
[2013.01.21 19:57:58 | 000,574,677 | ---- | C] () -- C:\Dokumente und Einstellungen\Mulch\Desktop\adwcleaner.exe
[2013.01.21 19:57:55 | 013,462,931 | ---- | C] () -- C:\Dokumente und Einstellungen\Mulch\Desktop\mbar-1.01.0.1016.zip
[2013.01.19 22:03:27 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.19 18:57:31 | 000,001,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.01.19 18:57:30 | 000,001,707 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities 2013.lnk
[2013.01.19 18:57:21 | 000,001,713 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2013.lnk
[2013.01.17 23:02:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013.01.17 23:02:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2013.01.16 08:38:44 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2013.01.16 08:37:55 | 000,000,226 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013.01.16 07:28:51 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2013.01.15 21:42:37 | 000,000,532 | ---- | C] () -- C:\reset.cmd
[2013.01.14 12:19:31 | 105,661,272 | ---- | C] () -- C:\avira_free_antivirus_de(2).exe
[2013.01.14 11:36:00 | 000,001,034 | ---- | C] () -- C:\Dokumente und Einstellungen\Mulch\Startmenü\Programme\Autostart\Dropbox.lnk
[2008.12.19 18:25:34 | 000,000,147 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007.08.02 17:33:56 | 000,000,074 | ---- | C] () -- C:\Dokumente und Einstellungen\Mulch\default.pls
[2006.02.13 09:23:43 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2005.04.11 19:21:57 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\Mulch\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.02.07 16:37:43 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Mulch\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2005.02.07 15:22:27 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Mulch\Anwendungsdaten\dm.ini
 
========== ZeroAccess Check ==========
 
[2005.02.07 16:32:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.08.13 11:03:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AccSys
[2007.03.21 13:36:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2013.01.19 18:46:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2007.03.21 13:06:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2007.03.21 13:08:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2009.01.07 22:00:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2013.01.19 18:58:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2013.01.19 18:46:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.21 19:54:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mulch\Anwendungsdaten\Dropbox
[2007.05.18 11:23:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mulch\Anwendungsdaten\Haufe
[2005.02.07 18:03:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mulch\Anwendungsdaten\InterVideo
[2006.07.22 18:03:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mulch\Anwendungsdaten\klickTel
[2007.05.19 07:51:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mulch\Anwendungsdaten\Lexware
[2008.12.25 14:38:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mulch\Anwendungsdaten\MAGIX
[2009.08.12 13:37:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mulch\Anwendungsdaten\Nikon
[2013.01.19 18:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mulch\Anwendungsdaten\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.01.2013 20:13:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Mulch\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,48 Mb Total Physical Memory | 427,13 Mb Available Physical Memory | 41,73% Memory free
1,66 Gb Paging File | 1,08 Gb Available in Paging File | 64,97% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 38,28 Gb Total Space | 11,17 Gb Free Space | 29,19% Space Free | Partition Type: NTFS
Drive F: | 3,73 Gb Total Space | 3,70 Gb Free Space | 99,20% Space Free | Partition Type: FAT32
 
Computer Name: MULCHPC | User Name: Mulch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Corel\Graphics10\Register\NAVBrowser.exe" = C:\Programme\Corel\Graphics10\Register\NAVBrowser.exe:*:Disabled:NAVBrowser -- (Naviant, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4
"C:\Programme\Adobe\Photoshop 7.0\Photoshop.exe" = C:\Programme\Adobe\Photoshop 7.0\Photoshop.exe:LocalSubNet:Enabled:Adobe Photoshop 7.0
"C:\Programme\AntiVir PersonalEdition Premium\avcenter.exe" = C:\Programme\AntiVir PersonalEdition Premium\avcenter.exe:*:Enabled:AntiVir PersonalEdition Premium starten
"C:\Programme\Adobe\Acrobat 4.0\Registrierung\AdobeReg32.exe" = C:\Programme\Adobe\Acrobat 4.0\Registrierung\AdobeReg32.exe:*:Disabled:Acrobat 4.0 registrieren -- (Adobe Systems, Inc.)
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech)
"C:\Programme\InterVideo\DVD6\WinDVD.exe" = C:\Programme\InterVideo\DVD6\WinDVD.exe:*:Disabled:WinDVD -- (InterVideo Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Dokumente und Einstellungen\Mulch\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Mulch\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{046E3336-9A83-4347-AC13-091D0400EE57}" = TAXMAN 2007
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{0819B21B-E958-438C-B06C-5A54C98833E9}" = DSL Connection Manager
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B657E63-2A6E-414C-9F92-7569C621CBBF}" = TAXMAN 2006
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362BFFCD-8274-11D8-97C8-000129760CBE}" = MediaLife 
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{469436E4-A436-4a2f-8113-239EE6D1A60F}" = HP Scanjet 4800 series
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB}" = InterVideo WinDVD 6
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6BD56B1C-71E3-411E-8B45-8A73EE81C42F}" = DSL Connection Manager
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 5
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E544E5-EF3C-4103-A57B-3A499FD91031}" = Nero 7 Essentials
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D76E8E9D-1198-4585-BEFB-D11A68BBC194}" = hpg4850QFolder
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F5DA4BCE-78D3-4B15-A74B-1688A6EF38E3}" = hpg4850
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"AdobeESD" = Adobe Download Manager 2.0 (Nur entfernen)
"Avira AntiVir Desktop" = Avira Free Antivirus
"CorelDRAW 10" = CorelDRAW 10
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"ESC66 Referenzhandbuch" = ESC66 Referenzhandbuch
"Google Updater" = Google Updater
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InterActual Player" = InterActual Player
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Fotos auf CD & DVD 8 deluxe D" = MAGIX Fotos auf CD & DVD 8 deluxe 8.0.2.6 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.25.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
"RmTablet" = HyperPen USB Series
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.01.2013 14:21:00 | Computer Name = MULCHPC | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 21.01.2013 04:24:31 | Computer Name = MULCHPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung rundll32.exe, Version 5.1.2600.5512, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.01.2013 05:32:15 | Computer Name = MULCHPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung msconfig.exe, Version 5.1.2600.5512, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.01.2013 05:50:50 | Computer Name = MULCHPC | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 21.01.2013 05:54:48 | Computer Name = MULCHPC | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 21.01.2013 07:33:27 | Computer Name = MULCHPC | Source = .NET Runtime Optimization Service | ID = 1111
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
 - Service reached limit of transient errors. Will shut down. Last error returned
 from Service Manager: 0x80004004. 
 
Error - 21.01.2013 11:04:12 | Computer Name = MULCHPC | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 21.01.2013 11:06:15 | Computer Name = MULCHPC | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 21.01.2013 14:58:14 | Computer Name = MULCHPC | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 21.01.2013 15:01:43 | Computer Name = MULCHPC | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
[ System Events ]
Error - 21.01.2013 21:03:09 | Computer Name = MULCHPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 21.01.2013 21:03:20 | Computer Name = MULCHPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 21.01.2013 21:03:22 | Computer Name = MULCHPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 21.01.2013 21:33:09 | Computer Name = MULCHPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 21.01.2013 21:33:09 | Computer Name = MULCHPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 21.01.2013 21:33:09 | Computer Name = MULCHPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 21.01.2013 21:33:09 | Computer Name = MULCHPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 21.01.2013 21:33:09 | Computer Name = MULCHPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 21.01.2013 21:33:09 | Computer Name = MULCHPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 21.01.2013 21:33:09 | Computer Name = MULCHPC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "RAS-Verbindungsverwaltung" ist vom Dienst "Telefonie" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
--- --- ---

GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-22 18:04:27
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6E040L0 rev.NAR61HA0 38,29GB
Running: gmer-2.0.18444.exe; Driver: C:\DOKUME~1\Mulch\LOKALE~1\Temp\fxtdypog.sys


---- System - GMER 2.0 ----

SSDT F7CBCEFC ZwClose
SSDT F7CBCEB6 ZwCreateKey
SSDT F7CBCF06 ZwCreateSection
SSDT F7CBCEAC ZwCreateThread
SSDT F7CBCEBB ZwDeleteKey
SSDT F7CBCEC5 ZwDeleteValueKey
SSDT F7CBCEF7 ZwDuplicateObject
SSDT F7CBCECA ZwLoadKey
SSDT F7CBCE98 ZwOpenProcess
SSDT F7CBCE9D ZwOpenThread
SSDT F7CBCF1F ZwQueryValueKey
SSDT F7CBCED4 ZwReplaceKey
SSDT F7CBCF10 ZwRequestWaitReplyPort
SSDT F7CBCECF ZwRestoreKey
SSDT F7CBCF0B ZwSetContextThread
SSDT F7CBCF15 ZwSetSecurityObject
SSDT F7CBCEC0 ZwSetValueKey
SSDT F7CBCF1A ZwSystemDebugControl
SSDT F7CBCEA7 ZwTerminateProcess

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\DS\ObjectNames@Directory Service Object 7680
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@PolicyObject 5632
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@SecretObject 5648
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@TrustedDomainObject 5664
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\LSA\ObjectNames@UserAccountObject 5680
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\NetDDE Object\ObjectNames@DDE Share 7424
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames@SC_MANAGER Object 7168
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\SC Manager\ObjectNames@SERVICE Object 7184
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_ALIAS 5424
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_DOMAIN 5392
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_GROUP 5408
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_SERVER 5376
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_USER 5440
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@TypesSupported 31
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@ParameterMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryCount 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventSourceFlags 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames@Document 6944
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames@Printer 6928
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\Spooler\ObjectNames@Server 6912
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\DS@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\DS\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\DS\ObjectNames@Directory Service Object 7680
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames@PolicyObject 5632
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames@SecretObject 5648
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames@TrustedDomainObject 5664
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\LSA\ObjectNames@UserAccountObject 5680
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\NetDDE Object@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\NetDDE Object\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\NetDDE Object\ObjectNames@DDE Share 7424
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager\ObjectNames@SC_MANAGER Object 7168
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\SC Manager\ObjectNames@SERVICE Object 7184
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_ALIAS 5424
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_DOMAIN 5392
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_GROUP 5408
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_SERVER 5376
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Security Account Manager\ObjectNames@SAM_USER 5440
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@TypesSupported 31
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@ParameterMessageFile c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryCount 3
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@EventSourceFlags 1
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\ServiceModel 3.0.0.0@CategoryMessageFile %SystemRoot%\System32\MsAuditE.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler@ParameterMessageFile %SystemRoot%\System32\MsObjs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler\ObjectNames (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler\ObjectNames@Document 6944
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler\ObjectNames@Printer 6928
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\Spooler\ObjectNames@Server 6912
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BE57927156491684595B7CBBD6D36EA2\Usage@DocViewerExe 1110849272

---- EOF - GMER 2.0 ----

2013/01/19 22:09:08 +0100 MULCHPC Mulch MESSAGE Starting protection
2013/01/19 22:09:08 +0100 MULCHPC Mulch MESSAGE Protection started successfully
2013/01/19 22:09:08 +0100 MULCHPC Mulch MESSAGE Starting IP protection
2013/01/19 22:10:30 +0100 MULCHPC Mulch MESSAGE IP Protection started successfully
2013/01/19 22:27:02 +0100 MULCHPC Mulch MESSAGE Executing scheduled update: Daily
2013/01/19 22:36:21 +0100 MULCHPC MESSAGE Starting protection
2013/01/19 22:36:21 +0100 MULCHPC MESSAGE Protection started successfully
2013/01/19 22:36:21 +0100 MULCHPC MESSAGE Starting IP protection
2013/01/19 22:38:09 +0100 MULCHPC Mulch MESSAGE IP Protection started successfully

2013/01/20 07:40:56 +0100 MULCHPC MESSAGE Starting protection
2013/01/20 07:40:56 +0100 MULCHPC MESSAGE Protection started successfully
2013/01/20 07:40:56 +0100 MULCHPC MESSAGE Starting IP protection
2013/01/20 07:42:59 +0100 MULCHPC Mulch MESSAGE IP Protection started successfully
2013/01/20 10:23:22 +0100 MULCHPC MESSAGE Starting protection
2013/01/20 10:23:22 +0100 MULCHPC MESSAGE Protection started successfully
2013/01/20 10:23:22 +0100 MULCHPC MESSAGE Starting IP protection
2013/01/20 10:28:22 +0100 MULCHPC Mulch MESSAGE IP Protection started successfully
2013/01/20 19:01:21 +0100 MULCHPC MESSAGE Starting protection
2013/01/20 19:01:24 +0100 MULCHPC MESSAGE Protection started successfully
2013/01/20 19:01:27 +0100 MULCHPC MESSAGE Starting IP protection
2013/01/20 19:06:34 +0100 MULCHPC Mulch MESSAGE IP Protection started successfully


2013/01/21 07:26:18 +0100 MULCHPC Mulch MESSAGE Executing scheduled update: Daily
2013/01/21 07:36:47 +0100 MULCHPC Mulch MESSAGE Scheduled update executed successfully: database updated from version v2013.01.19.10 to version v2013.01.21.03
2013/01/21 07:36:47 +0100 MULCHPC Mulch MESSAGE Starting database refresh
2013/01/21 07:37:36 +0100 MULCHPC Mulch MESSAGE Database refreshed successfully
2013/01/21 10:47:08 +0100 MULCHPC MESSAGE Starting protection
2013/01/21 10:47:09 +0100 MULCHPC MESSAGE Protection started successfully
2013/01/21 10:47:09 +0100 MULCHPC MESSAGE Starting IP protection
2013/01/21 10:51:44 +0100 MULCHPC Mulch MESSAGE IP Protection started successfully
2013/01/21 15:58:47 +0100 MULCHPC MESSAGE Starting protection
2013/01/21 15:58:48 +0100 MULCHPC MESSAGE Protection started successfully
2013/01/21 15:58:48 +0100 MULCHPC MESSAGE Starting IP protection
2013/01/21 16:02:43 +0100 MULCHPC Mulch ERROR IP protection failed: PfBindInterfaceToIPAddress failed with error code 87
2013/01/21 18:59:59 +0100 MULCHPC Mulch MESSAGE Executing scheduled update: Daily
2013/01/21 19:10:04 +0100 MULCHPC Mulch ERROR Scheduled update failed: Host not found failed with error code 0
2013/01/21 19:50:57 +0100 MULCHPC MESSAGE Starting protection
2013/01/21 19:50:57 +0100 MULCHPC MESSAGE Protection started successfully
2013/01/21 19:50:57 +0100 MULCHPC MESSAGE Starting IP protection
2013/01/21 19:55:19 +0100 MULCHPC Mulch MESSAGE IP Protection started successfully


2013/01/22 09:04:05 +0100 MULCHPC MESSAGE Starting protection
2013/01/22 09:04:05 +0100 MULCHPC MESSAGE Protection started successfully
2013/01/22 09:04:05 +0100 MULCHPC MESSAGE Starting IP protection
2013/01/22 09:05:36 +0100 MULCHPC Mulch MESSAGE IP Protection started successfully
2013/01/22 09:33:46 +0100 MULCHPC MESSAGE Starting protection
2013/01/22 09:33:47 +0100 MULCHPC MESSAGE Protection started successfully
2013/01/22 09:33:47 +0100 MULCHPC MESSAGE Starting IP protection
2013/01/22 09:38:30 +0100 MULCHPC Mulch MESSAGE IP Protection started successfully
2013/01/22 10:17:45 +0100 MULCHPC MESSAGE Starting protection
2013/01/22 10:17:45 +0100 MULCHPC MESSAGE Protection started successfully
2013/01/22 10:17:46 +0100 MULCHPC MESSAGE Starting IP protection
2013/01/22 10:20:48 +0100 MULCHPC Mulch MESSAGE IP Protection started successfully
2013/01/22 18:23:37 +0100 MULCHPC MESSAGE Starting protection
2013/01/22 18:23:37 +0100 MULCHPC MESSAGE Protection started successfully
2013/01/22 18:23:37 +0100 MULCHPC MESSAGE Starting IP protection


2013/01/23 09:13:46 +0100 MULCHPC MESSAGE Starting protection
2013/01/23 09:13:46 +0100 MULCHPC MESSAGE Protection started successfully
2013/01/23 09:13:46 +0100 MULCHPC MESSAGE Starting IP protection
2013/01/23 09:18:39 +0100 MULCHPC Mulch MESSAGE IP Protection started successfully

Im abgesicherten Modus läuft er normal, hat mit Mbam auch nichts mehr gefunden (war aber auch nicht mehr im Netz damit).
Im normalen Modus ist die CPU Auslastung wieder 100% und nix läuft richtig rund...

Alt 23.01.2013, 11:42   #2
markusg
/// Malware-holic
 
GVU Trojaner PUP OFFER BUND... - Standard

GVU Trojaner PUP OFFER BUND...


hi
na wenn das System eh frisch neu gemacht ist, können wir das ja eig noch mal machen.
hast du denn noch Daten zu sichern?
__________________

__________________
Alt 23.01.2013, 11:55   #3
LeGaston
 
GVU Trojaner PUP OFFER BUND... - Standard

GVU Trojaner PUP OFFER BUND...


Hallo Markus,

Daten sichern - auf jeden Fall!
Habe bisher nur das Update SP3 aufgespielt - nicht Windows komplett.

Habe auch schon mit dem Gedanken gespielt, alles neu zu machen...

Ist das auch dein Vorschlag?

Gruß
Kolja
__________________
Alt 23.01.2013, 13:22   #4
markusg
/// Malware-holic
 
GVU Trojaner PUP OFFER BUND... - Standard

GVU Trojaner PUP OFFER BUND...


hi,
ja das machen wir noch mal.
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 24.01.2013, 11:25   #5
LeGaston
 
GVU Trojaner PUP OFFER BUND... - Standard

GVU Trojaner PUP OFFER BUND...


So, nun sind alle Daten gesichert - aber es gibt keine Recovery oder Installations CD...das Betriebssystem wurde von einem PC-Laden installiert, der leider nicht greifbar ist.
Ich habe noch eiine XP SP2 Version auf einer mobilen Platte - jedoch fehlt mir der 25 stellige Code dazu...
Gibt es für so eine vertrackte Situation eine passable Lösung?


Alt 24.01.2013, 12:14   #6
markusg
/// Malware-holic
 
GVU Trojaner PUP OFFER BUND... - Standard

GVU Trojaner PUP OFFER BUND...


hi
ist das n legales xp was du da noch hast?
du meinst aber schon ne xp instalation, nicht ein fertig instaliertes.
bzw kannst du dir ein xp leien, dann können wir deinen Key auslesen.
__________________
--> GVU Trojaner PUP OFFER BUND...

Alt 24.01.2013, 12:41   #7
LeGaston
 
GVU Trojaner PUP OFFER BUND... - Standard

GVU Trojaner PUP OFFER BUND...


Ja, das ist ne legale Installations Version, nur die Nummer habe ich irgendwo gespeichert und finde sie nicht mehr.
Auf dem verseuchten PC ist auch eine legale XP2 Version am "laufen", die Nummer müsste dann ja auch für die Inst.Version gehen, oder? Nur wo finde ich die? Am Gerät ist kein Aufkleber. Ich habe gelesen, dass es Programme gibt, die diese Nummer aus der regestry auslesen können (Belarc Advisor) - ist das der richtige Weg?

Alt 24.01.2013, 16:25   #8
markusg
/// Malware-holic
 
GVU Trojaner PUP OFFER BUND... - Standard

GVU Trojaner PUP OFFER BUND...


hi
nicht 1 lizenz auf 2 laufenen pcs nutzen.
lies die nummer auf dem betroffenen gerät aus:
http://filepony.de/download-magical_...ean_keyfinder/
und leih dir, falls nötig ne xp cd
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.01.2013, 09:30   #9
LeGaston
 
GVU Trojaner PUP OFFER BUND... - Standard

GVU Trojaner PUP OFFER BUND...


Schon klar, immer nur eine Nummer.
Aber, gehen beim Formatieren auch wirklich alle Daten, sprich auch die Trojaner weg? Muss da nicht noch irgendein "Reinigungsprogramm" laufen?

Alt 25.01.2013, 11:40   #10
markusg
/// Malware-holic
 
GVU Trojaner PUP OFFER BUND... - Standard

GVU Trojaner PUP OFFER BUND...


nein, sonst hätte ich das schon gepostet :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.01.2013, 12:43   #11
LeGaston
 
GVU Trojaner PUP OFFER BUND... - Standard

GVU Trojaner PUP OFFER BUND...


Ok.
Habe das mit den Nummern geklärt.
Kriege die eben gebrannte Instalations CD allerdings nicht gebootet - muss sie von der Windowsoberfläche mit setup starten.
Ist das ein Problem?

Alt 25.01.2013, 12:55   #12
markusg
/// Malware-holic
 
GVU Trojaner PUP OFFER BUND... - Standard

GVU Trojaner PUP OFFER BUND...


ja, das geht nicht
starte neu, drücke f12, bzw evtl. eine andere f-taste, gehe ins boot menü und wähle das cd laufwerk.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 26.01.2013, 22:25   #13
LeGaston
 
GVU Trojaner PUP OFFER BUND... - Standard

GVU Trojaner PUP OFFER BUND...


Hallo Markus,
kriege Dienstag erst eine vernünftige Version zum booten und werde mich dann ans Abarbeiten meiner Hausaufgaben machen. Melde mich dann wieder.

Alt 29.01.2013, 13:38   #14
LeGaston
 
GVU Trojaner PUP OFFER BUND... - Standard

GVU Trojaner PUP OFFER BUND...


So, Hausaufgaben sind gemacht.
Problem gibt es nur mit dem Update von MS Dateien via IE8 - der hat einen Fehler festgestellt und bricht dann ab. Muss ich beim Updaten den Virenscanner ausschalten?

Alt 29.01.2013, 13:43   #15
markusg
/// Malware-holic
 
GVU Trojaner PUP OFFER BUND... - Standard

GVU Trojaner PUP OFFER BUND...


Hi
treiber aktualisiert, mainboard, graka etc?
fals nicht, tu das mal, update dann und poste, falls vorhanden, fehlermeldung(en)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort
Seite 1 von 4 1 23 Letzte »

Themen zu GVU Trojaner PUP OFFER BUND...
antivir, antivirus, bonjour, error, failed, firefox, flash player, format, gvu trojaner, gvu trojaner entfernen windows xp, helper, installation, langsam, logfile, mozilla, object, officejet, pc sehr langsam, plug-in, realtek, registry, scan, security, sehr langsam, server, software, trojaner, verseuchte kiste, windows internet


« BKA Trojaner/Virus GVU Version 2.11 | Trojaner - es ist einfach nur langsam! »


Ähnliche Themen: GVU Trojaner PUP OFFER BUND...


  1. Offer.alibaba.com entfernen
    Anleitungen, FAQs & Links - 13.11.2015 (2)
  2. Ads By Download Offer entfernen
    Anleitungen, FAQs & Links - 24.10.2015 (2)
  3. Offer Boulevard entfernen
    Anleitungen, FAQs & Links - 24.08.2014 (2)
  4. CERT-Bund: Trojaner-Opfer ändern Passwörter, PCs bleiben infiziert
    Nachrichten - 01.07.2014 (0)
  5. DANE: Bund sichert nach Mail-Transport auch Webservice mittels DANE ab
    Nachrichten - 04.06.2014 (0)
  6. Offer Mosqito 1.1 vollständig entfernen
    Log-Analyse und Auswertung - 21.12.2013 (9)
  7. Web-Seiten von Bund und BSI mit gefährlicher Verschlüsselung
    Nachrichten - 12.11.2013 (0)
  8. BSI will TLS 1.2 als Mindeststandard für den Bund
    Nachrichten - 08.10.2013 (0)
  9. BSI.bund.exe führt zu weißem Bildschirm - Win 7
    Log-Analyse und Auswertung - 02.06.2012 (7)
  10. Web Offer
    Log-Analyse und Auswertung - 23.04.2006 (1)
  11. Web Offer
    Log-Analyse und Auswertung - 07.02.2006 (3)
  12. Web offer
    Log-Analyse und Auswertung - 05.02.2006 (5)
  13. Hilfe WEB Offer und noch son ding!!!
    Log-Analyse und Auswertung - 06.01.2006 (1)
  14. Web Offer Will nicht mehr Weg !
    Log-Analyse und Auswertung - 11.08.2005 (5)
  15. Web offer popup!!! Hilfe
    Log-Analyse und Auswertung - 08.08.2005 (14)
  16. web offer
    Log-Analyse und Auswertung - 31.01.2005 (3)
  17. Web Offer
    Plagegeister aller Art und deren Bekämpfung - 17.12.2004 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner PUP OFFER BUND... - PC reagiert sehr langsam, XP SP3 neu aufgespielt defragmentiert und aufgeräumt avira suchen lassen und nichts gefunden mit Mbam finde ich zwei GVU Trojaner - ab in die Quarantäne Geschwindigkeit - GVU Trojaner PUP OFFER BUND......
Archiv
Du betrachtest: GVU Trojaner PUP OFFER BUND... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131