Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
seth.avazutracking.net

seth.avazutracking.net


Plagegeister aller Art und deren Bekämpfung: seth.avazutracking.net

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 30.09.2013, 11:27   #1
WhiskyJack
 
seth.avazutracking.net - Standard

seth.avazutracking.net


Hi, ich habe auch den Seth.avazutracking virus und noch dazu qvo6.com
Einen quickscan mit otl habe ich schon gemacht.
otl hat mir nur die otl.txt ausgegeben. Die Extra.txt nicht, bzw weiß ne wo die ist.
Die otl.txt folgt direkt.


OTL logfile created on: 30.09.2013 11:53:10 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Franzi & Falko\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19458)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,54% Memory free
6,21 Gb Paging File | 4,77 Gb Available in Paging File | 76,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 135,13 Gb Free Space | 29,64% Space Free | Partition Type: NTFS

Computer Name: ACERASPIRE7735 | User Name: Franzi & Falko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Franzi & Falko\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\FRANZI~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Modules (No Company Name) ==========

MOD - C:\Users\FRANZI~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Windows\System32\atitmmxx.dll ()


========== Services (SafeList) ==========

SRV - (WebCake Desktop Updater) -- C:\Program Files\WebCake\WebCakeDesktop.Updater.exe C:\Users\Franzi File not found
SRV - (MSK80Service) -- File not found
SRV - (MpfService) -- File not found
SRV - (McSysmon) -- File not found
SRV - (McShield) -- File not found
SRV - (McProxy) -- File not found
SRV - (McODS) -- File not found
SRV - (McNASvc) -- File not found
SRV - (mcmscsvc) -- File not found
SRV - (GoogleDesktopManager-093009-130223) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File not found
SRV - (avg8wd) -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Garmin Core Update Service) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found
DRV - (StarOpen) -- File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (k57nd60x) -- system32\DRIVERS\k57nd60x.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (catchme) -- C:\Users\FRANZI~1\AppData\Local\Temp\catchme.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_090709PB4400Q7H62A2AX&ts=1379916928&type=default&q={ searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_090709PB4400Q7H62A2AX&ts=1379916928&type=default&q={ searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=HitachiXHTS545050B9A300_090709PB4400Q7H62A2AX&ts=1379916928&type=default&q={ searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.golsearch.com/?affID=119357&babsrc=HP_ss_Btisdt6&mntrId=62D10017C49EABA6/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119357&babsrc=SP_ss&mntrId=62D10017C49EABA6
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{E3C31AFE-6A3D-4F8B-A28E-471CEF7AA251}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "qvo6"
FF - prefs.js..browser.search.order.1: "qvo6"
FF - prefs.js..browser.search.selectedEngine: "qvo6"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: toolbar-ff%40payback.de:1.1.9.99
FF - prefs.js..extensions.enabledAddons: unplug%40compunach:2.054
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.5.1
FF - prefs.js..extensions.enabledAddons: 763ab44b-71df-436c-906e-2ee8e1d7b302%40af951efb-381e-47b2-ac45-80df41e44bc7.com:0.92.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.02.12 18:45:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.06.12 11:34:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.08.20 12:03:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.09.17 10:41:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013.02.12 18:45:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.08.20 12:03:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.09.17 10:41:23 | 000,000,000 | ---D | M]

[2009.08.10 20:14:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\Extensions
[2013.09.29 18:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\Firefox\Profiles\b4bc6umb.default\extensions
[2013.08.01 11:56:42 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\Firefox\Profiles\b4bc6umb.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.04.27 16:14:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\Firefox\Profiles\b4bc6umb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.09.16 12:43:01 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\Firefox\Profiles\b4bc6umb.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2013.08.27 19:00:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\Firefox\Profiles\b4bc6umb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.09.23 16:25:11 | 000,000,000 | ---D | M] ("LyriXeeker-1") -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\Firefox\Profiles\b4bc6umb.default\extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com
[2013.06.12 10:31:46 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\Firefox\Profiles\b4bc6umb.default\extensions\ffxtlbr@delta.com
[2013.06.12 10:31:33 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\Firefox\Profiles\b4bc6umb.default\extensions\plugin@getwebcake.com
[2013.09.24 12:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\Firefox\Profiles\b4bc6umb.default\extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData
[2013.09.24 12:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\Firefox\Profiles\b4bc6umb.default\extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins
[2013.09.24 12:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\Firefox\Profiles\b4bc6umb.default\extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\userCode
[2013.08.30 22:31:40 | 000,053,944 | ---- | M] () (No name found) -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\firefox\profiles\b4bc6umb.default\extensions\pricepeep@getpricepeep.com.xpi
[2012.03.26 16:26:28 | 000,128,837 | ---- | M] () (No name found) -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\firefox\profiles\b4bc6umb.default\extensions\toolbar-ff@payback.de.xpi
[2013.09.03 10:43:53 | 000,628,722 | ---- | M] () (No name found) -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\firefox\profiles\b4bc6umb.default\extensions\toolbar@web.de.xpi
[2013.02.01 19:13:28 | 000,142,907 | ---- | M] () (No name found) -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\firefox\profiles\b4bc6umb.default\extensions\unplug@compunach.xpi
[2013.06.12 10:31:35 | 000,006,470 | ---- | M] () -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\firefox\profiles\b4bc6umb.default\searchplugins\babylon.xml
[2013.06.12 10:31:50 | 000,001,294 | ---- | M] () -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\firefox\profiles\b4bc6umb.default\searchplugins\delta.xml
[2011.07.24 11:51:24 | 000,005,508 | ---- | M] () -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\firefox\profiles\b4bc6umb.default\searchplugins\webde-suche.xml
[2013.08.20 12:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.08.20 12:03:46 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2013.08.20 12:03:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.08.20 12:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.08.20 12:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.08.20 12:03:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.08.20 12:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.08.20 12:04:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2006.08.09 12:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npWebLaunch.dll
[2013.09.23 08:15:29 | 000,000,825 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\qvo6.xml

O1 HOSTS File: ([2012.08.08 17:08:30 | 000,000,030 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (LyriXeeker-1) - {11111111-1111-1111-1111-110411181156} - C:\Program Files\LyriXeeker-1\LyriXeeker-1-bho.dll (Lyrics)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files\WebCake\WebCakeIEClient.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - Reg Error: Value error. File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll (PricePeep)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [Anti-Trojan-Watch] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{022CC1B9-D4AC-4ED3-9CF2-BA1AB31FDE08}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\googledesktopnetwork3.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Franzi & Falko\Desktop\Bilder Stefan\03.jpg
O24 - Desktop BackupWallPaper: C:\Users\Franzi & Falko\Desktop\Bilder Stefan\03.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^web'n'walk Manager.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Franzi & Falko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Franzi & Falko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk - - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
MsConfig - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
MsConfig - StartUpReg: boincmgr - hkey= - key= - C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
MsConfig - StartUpReg: boinctray - hkey= - key= - C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: DivXMediaServer - hkey= - key= - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: EgisTecLiveUpdate - hkey= - key= - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
MsConfig - StartUpReg: Family Tree Builder Update - hkey= - key= - C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
MsConfig - StartUpReg: GarminExpressTrayApp - hkey= - key= - C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: ishutdown2 - hkey= - key= - C:\Program Files\ishutdown\iShutdown\ilauncher.exe ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LManager - hkey= - key= - File not found
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
MsConfig - StartUpReg: PinnacleDriverCheck - hkey= - key= - File not found
MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
MsConfig - StartUpReg: PLFSetI - hkey= - key= - C:\Windows\PLFSetI.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - File not found
MsConfig - StartUpReg: Trojancheck 6 Guard - hkey= - key= - File not found
MsConfig - StartUpReg: WebCake Desktop - hkey= - key= - File not found
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.09.30 11:51:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Franzi & Falko\Desktop\OTL.exe
[2013.09.29 20:35:37 | 000,000,000 | ---D | C] -- C:\Users\Franzi & Falko\AppData\Roaming\ParetoLogic
[2013.09.29 20:35:22 | 000,000,000 | ---D | C] -- C:\Users\Franzi & Falko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
[2013.09.29 20:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2013.09.29 20:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013.09.29 20:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2013.09.29 20:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.09.29 20:32:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.09.29 20:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.09.29 20:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.09.29 19:13:49 | 000,000,000 | ---D | C] -- C:\Users\Franzi & Falko\AppData\Roaming\DivX
[2013.09.23 08:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.09.23 08:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.09.23 08:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.09.23 08:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.09.23 08:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\MyPC Backup
[2013.09.23 08:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\LyriXeeker-1
[2013.09.23 08:15:30 | 000,000,000 | ---D | C] -- C:\User Data
[2013.09.23 08:15:17 | 000,000,000 | ---D | C] -- C:\Users\Franzi & Falko\AppData\Roaming\Systweak
[2013.09.23 08:15:15 | 000,018,776 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2013.09.23 08:15:13 | 000,000,000 | ---D | C] -- C:\Program Files\PricePeep
[2013.09.09 14:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.09.30 11:57:38 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AF2CD976-D037-4616-97C4-4BF40B1B55DC}.job
[2013.09.30 11:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.09.30 11:51:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Franzi & Falko\Desktop\OTL.exe
[2013.09.30 11:37:44 | 000,460,552 | ---- | M] () -- C:\Users\Franzi & Falko\Desktop\AdwCleaner_Setup_Download.exe
[2013.09.30 11:33:57 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.09.30 11:31:00 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013.09.30 11:28:26 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.09.30 11:16:52 | 000,000,079 | ---- | M] () -- C:\Windows\wininit.ini
[2013.09.30 11:09:28 | 000,001,302 | ---- | M] () -- C:\Windows\tasks\LyriXeeker-1-updater.job
[2013.09.30 11:09:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.09.30 11:09:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.09.30 11:09:25 | 000,001,828 | ---- | M] () -- C:\Windows\tasks\LyriXeeker-1-firefoxinstaller.job
[2013.09.30 11:09:24 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.09.30 11:09:24 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\LyriXeeker-1-enabler.job
[2013.09.30 11:09:22 | 000,001,206 | ---- | M] () -- C:\Windows\tasks\LyriXeeker-1-codedownloader.job
[2013.09.30 11:09:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.09.30 11:09:09 | 3215,814,656 | -HS- | M] () -- C:\hiberfil.sys
[2013.09.29 21:33:13 | 000,000,091 | ---- | M] () -- C:\Users\Franzi & Falko\AppData\Roaming\WB.CFG
[2013.09.29 21:33:13 | 000,000,005 | ---- | M] () -- C:\Users\Franzi & Falko\AppData\Roaming\WBPU-TTL.DAT
[2013.09.29 20:35:22 | 000,000,947 | ---- | M] () -- C:\Users\Franzi & Falko\Desktop\RegCure Pro.lnk
[2013.09.29 20:30:35 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.09.25 22:07:42 | 000,540,039 | ---- | M] () -- C:\Users\Franzi & Falko\Documents\BA-Arbeit_Ungermann,Franziska.pdf
[2013.09.23 17:50:37 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.09.23 17:50:37 | 000,596,246 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.09.23 17:50:37 | 000,126,704 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.09.23 17:50:37 | 000,104,320 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.09.23 08:37:07 | 000,001,628 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.09.17 15:12:41 | 003,736,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.09.10 19:18:29 | 000,541,859 | ---- | M] () -- C:\Users\Franzi & Falko\Documents\BA-Arbeit_22.08.13.pdf
[2013.09.08 19:56:39 | 000,088,840 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.09.30 11:37:42 | 000,460,552 | ---- | C] () -- C:\Users\Franzi & Falko\Desktop\AdwCleaner_Setup_Download.exe
[2013.09.30 11:16:38 | 000,000,079 | ---- | C] () -- C:\Windows\wininit.ini
[2013.09.29 20:35:22 | 000,000,947 | ---- | C] () -- C:\Users\Franzi & Falko\Desktop\RegCure Pro.lnk
[2013.09.29 20:30:35 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.09.25 22:07:38 | 000,540,039 | ---- | C] () -- C:\Users\Franzi & Falko\Documents\BA-Arbeit_Ungermann,Franziska.pdf
[2013.09.23 08:37:07 | 000,001,628 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.09.23 08:16:53 | 000,001,302 | ---- | C] () -- C:\Windows\tasks\LyriXeeker-1-updater.job
[2013.09.23 08:16:45 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\LyriXeeker-1-enabler.job
[2013.09.23 08:16:32 | 000,001,206 | ---- | C] () -- C:\Windows\tasks\LyriXeeker-1-codedownloader.job
[2013.09.23 08:15:39 | 000,001,828 | ---- | C] () -- C:\Windows\tasks\LyriXeeker-1-firefoxinstaller.job
[2013.09.10 19:18:25 | 000,541,859 | ---- | C] () -- C:\Users\Franzi & Falko\Documents\BA-Arbeit_22.08.13.pdf
[2013.07.29 17:31:03 | 000,000,091 | ---- | C] () -- C:\Users\Franzi & Falko\AppData\Roaming\WB.CFG
[2013.06.16 18:31:06 | 000,000,005 | ---- | C] () -- C:\Users\Franzi & Falko\AppData\Roaming\WBPU-TTL.DAT
[2013.02.12 18:13:05 | 000,177,936 | ---- | C] () -- C:\Windows\hpoins36.dat
[2012.12.18 16:56:52 | 000,000,636 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2012.12.18 16:53:31 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2012.04.03 15:02:55 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012.04.03 12:57:43 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2011.12.17 21:19:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.12.17 21:19:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.12.17 21:19:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.12.17 21:19:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.12.17 21:19:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.05.24 12:51:08 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.08.28 18:23:41 | 000,000,408 | ---- | C] () -- C:\Users\Franzi & Falko\AppData\Roaming\wklnhst.dat
[2009.08.13 12:50:36 | 000,006,836 | ---- | C] () -- C:\Users\Franzi & Falko\AppData\Local\d3d9caps.dat
[2009.08.11 19:28:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.10 20:38:43 | 000,179,200 | ---- | C] () -- C:\Users\Franzi & Falko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009.08.12 10:59:17 | 000,000,000 | -HSD | M] -- C:\Users\Franzi & Falko\AppData\Roaming\.#
[2009.07.19 12:25:53 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\Acer GameZone Console
[2012.12.18 19:20:30 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\Ahnenblatt
[2011.10.28 17:33:25 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\Audacity
[2009.10.31 16:23:19 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\Auslogics
[2013.06.12 10:31:51 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\BabSolution
[2013.06.12 10:31:23 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\Babylon
[2010.05.24 12:36:49 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\Canneverbe Limited
[2012.10.14 12:04:47 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2012.05.14 10:43:36 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\DAEMON Tools Lite
[2009.11.01 11:28:38 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\Desktop Sidebar
[2009.10.31 15:55:17 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\DriverCure
[2013.06.12 10:31:27 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\DSite
[2010.05.15 12:10:14 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\enchant
[2009.08.12 08:53:41 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\eSobi
[2011.10.20 19:09:27 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\FreeAudioPack
[2013.08.01 12:19:24 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\Garmin
[2011.06.19 17:27:21 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\GenJ3
[2013.02.14 20:13:02 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\GetRightToGo
[2010.08.31 16:29:16 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\gtk-2.0
[2013.02.19 14:58:26 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\ICQ
[2013.06.12 11:04:21 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\ImgBurn
[2012.12.18 16:56:20 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\MyHeritage
[2013.09.29 20:35:37 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\ParetoLogic
[2009.08.11 07:04:19 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\PowerCinema
[2009.08.10 18:40:20 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\SoftDMA
[2010.01.30 13:02:45 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\Sony
[2010.01.30 12:58:10 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\Sony Setup
[2012.10.14 12:07:37 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.09.24 12:41:57 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\Systweak
[2009.08.28 18:34:40 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\Template
[2011.09.22 11:58:18 | 000,000,000 | ---D | M] -- C:\Users\Franzi & Falko\AppData\Roaming\Utherverse

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2009.10.28 18:42:32 | 000,000,000 | ---D | M] -- C:\$AVG8.VAULT$
[2011.12.17 21:38:54 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.08.10 18:34:11 | 000,000,000 | ---D | M] -- C:\Acer
[2009.09.27 19:36:29 | 000,000,000 | ---D | M] -- C:\Boot
[2011.12.17 21:38:52 | 000,000,000 | ---D | M] -- C:\ComboFix
[2013.09.30 11:09:07 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009.08.10 18:32:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.06.22 20:47:01 | 000,000,000 | -HSD | M] -- C:\found.000
[2009.02.11 22:12:45 | 000,000,000 | ---D | M] -- C:\Intel
[2009.03.12 05:11:16 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.08.10 18:38:00 | 000,000,000 | ---D | M] -- C:\MyWinLockerData
[2013.09.29 20:35:17 | 000,000,000 | ---D | M] -- C:\Program Files
[2013.09.29 20:35:17 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.08.10 18:32:55 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.11.16 18:06:32 | 000,000,000 | ---D | M] -- C:\Qoobox
[2013.09.30 11:56:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.09.23 08:15:30 | 000,000,000 | ---D | M] -- C:\User Data
[2009.08.10 18:33:41 | 000,000,000 | R--D | M] -- C:\Users
[2013.09.30 11:16:38 | 000,000,000 | ---D | M] -- C:\Windows
[2012.01.16 12:19:00 | 000,000,000 | ---D | M] -- C:\_OTL

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< C:\Windows\system32\*.tsp >
[2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,584 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.08.11 18:36:52 | 000,000,436 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AF2CD976-D037-4616-97C4-4BF40B1B55DC}.job
[2011.06.23 19:24:33 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.06.23 19:24:34 | 000,001,114 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.04.02 11:42:39 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013.06.12 10:31:27 | 000,000,310 | ---- | C] () -- C:\Windows\Tasks\DSite.job
[2013.09.23 08:15:39 | 000,001,828 | ---- | C] () -- C:\Windows\Tasks\LyriXeeker-1-firefoxinstaller.job
[2013.09.23 08:16:32 | 000,001,206 | ---- | C] () -- C:\Windows\Tasks\LyriXeeker-1-codedownloader.job
[2013.09.23 08:16:45 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\LyriXeeker-1-enabler.job
[2013.09.23 08:16:53 | 000,001,302 | ---- | C] () -- C:\Windows\Tasks\LyriXeeker-1-updater.job

< MD5 for: AGP440.SYS >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2009.07.19 20:45:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.07.19 20:45:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.07.19 20:45:34 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.07.19 20:45:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTOR.SYS >
[2009.02.12 03:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Acer\Preload\Autorun\DRV\AHCI\Driver64\IaStor.sys
[2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Acer\Preload\Autorun\DRV\AHCI\Driver\IaStor.sys
[2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
[2009.02.12 03:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_c491546e\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USER32.DLL >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

< MD5 for: USERINIT.EXE >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %USERPROFILE%\*.* >
[2013.09.30 11:53:17 | 006,291,456 | -HS- | M] () -- C:\Users\Franzi & Falko\ntuser.dat
[2013.09.30 11:53:17 | 000,262,144 | -H-- | M] () -- C:\Users\Franzi & Falko\ntuser.dat.LOG1
[2009.08.10 18:33:42 | 000,000,000 | -H-- | M] () -- C:\Users\Franzi & Falko\ntuser.dat.LOG2
[2013.09.29 22:24:38 | 000,065,536 | -HS- | M] () -- C:\Users\Franzi & Falko\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012.01.16 09:39:41 | 000,524,288 | -HS- | M] () -- C:\Users\Franzi & Falko\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2013.09.29 22:24:38 | 000,524,288 | -HS- | M] () -- C:\Users\Franzi & Falko\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.08.10 18:33:42 | 000,000,020 | -HS- | M] () -- C:\Users\Franzi & Falko\ntuser.ini

< %USERPROFILE%\Local Settings\Temp\*.exe >

< %USERPROFILE%\Local Settings\Temp\*.dll >

< %USERPROFILE%\Application Data\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< >

========== Files - Unicode (All) ==========
[2013.09.30 11:12:44 | 098,488,992 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\唠Ḭ‘
[2013.09.30 11:12:44 | 000,000,000 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\唠Ḭ‘
[2013.09.24 12:41:55 | 097,525,606 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\豨ၣḬŒ
[2013.09.24 11:44:03 | 097,525,606 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\豨ၣḬŒ

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TempCAF903C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:798A3728

< End of report >

 

Themen zu seth.avazutracking.net
.vault, adobe, autorun, avira, bonjour, defender, explorer, firefox, flash player, format, helper, installation, intranet, js/adware.yontoo.c, object, plug-in, realtek, required, rundll, senden, seth.avazutracking.net, software, spyhunter, spyhunter entfernen, temp, virus, vista, win32/adware.yontoo.b


« Weißer Bildschirm (Win XP) | Antivirenprogramm findet 18 Viren - nach Upgrade des Programms wird jedoch kein Virus mehr gefunden »


Ähnliche Themen: seth.avazutracking.net


  1. Avazutracking
    Plagegeister aller Art und deren Bekämpfung - 12.01.2014 (17)
  2. Seth.avazutracking.net
    Plagegeister aller Art und deren Bekämpfung - 08.12.2013 (11)
  3. Pop-Up von seth.avazurtracking und weiteren URL's
    Plagegeister aller Art und deren Bekämpfung - 11.11.2013 (23)
  4. Seth.avazutracking.net
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (12)
  5. Seth.avazutracking.net - Problem
    Log-Analyse und Auswertung - 14.10.2013 (7)
  6. Avazutracking entfernen?
    Plagegeister aller Art und deren Bekämpfung - 06.09.2013 (17)
  7. seth.avazutracking.net Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.08.2013 (9)
  8. Windows 7: ca. 1 mal pro Woche öffnet sich seth.avazutracking von alleine
    Log-Analyse und Auswertung - 15.08.2013 (12)
  9. Seth.Avazutracking.net - Firefox öffnet selbstständig Werbetabs
    Log-Analyse und Auswertung - 14.08.2013 (15)
  10. Seth Avazutracking.net
    Log-Analyse und Auswertung - 02.08.2013 (13)
  11. Seth.avazutracking.net
    Log-Analyse und Auswertung - 25.06.2013 (4)
  12. Avazutracking Virus
    Plagegeister aller Art und deren Bekämpfung - 22.06.2013 (9)
  13. http://seth.avazutracking.net/tracking/redirect/
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (1)
  14. Seth. avazutracking.net
    Log-Analyse und Auswertung - 12.04.2013 (20)
  15. Seth Avazutracking.net und ad.yieldmanager.com entfernen?
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (26)
  16. Seth. avazutracking.net
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (36)
  17. Seth.avazutrackingnet Virus entfernen?
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema seth.avazutracking.net - Hi, ich habe auch den Seth.avazutracking virus und noch dazu qvo6.com Einen quickscan mit otl habe ich schon gemacht. otl hat mir nur die otl.txt ausgegeben. Die Extra.txt nicht, bzw - seth.avazutracking.net...
Archiv
Du betrachtest: seth.avazutracking.net auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131