Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten

svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten


Plagegeister aller Art und deren Bekämpfung: svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.03.2010, 17:10   #1
sos_lurchi
 
svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten - Standard

svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten


Hallo liebe Trojaner-Board-Gemeinde, ich hoffe mir kann jemand helfen.

Folgendes Problem:
Habe vor kurzem Software installiert, die wohl nicht ganz so sauber war, es handelte sich dabei um einen Torrent der Testversion von Cubase 5, der Installationsvorgang wurde mir zu bunt (Lizenz-Kontrolle-Software etc, viele Sachen die mir komisch erschienen, ich brach die Installation ab.

Nun erhalte ich in regelmäßigen Abständen (etwa alle 2-5 Minuten) die Meldung über den Trojaner: SHeur3.MVL, der sich in der svchost.exe unter C:\Windows\Temp\ubtl.tmp\svchost.exe befindet, wobei sich diese Buchstabenkombination bei jeder neuen Meldung ändert.
Will ich die .exe löschen ist sie schon wieder verschwunden bis zur nächsten Meldung. So sind auch die ganzen vom Trojaner angelegten Ordner wieder leer!
Des weiteren öffnet Firefox manchmal komische Werbelinks und leitet mich bei meinen Google-Ergebnissen zu verschiedensten Suchseiten oder Gewinnspielen weiter.

Die Suche mit Google und der Boardsuche brachten soviele unterschiedliche Ansätze, dass wohl auch bei mir eine individuelle Lösung in Frage kommt.



mbam findet nix, deswegen spar ich mir den Logfile.

Hijackthis-Log hab ich auch als Anhang gepostet.
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:29, on 28.03.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\vVX1000.exe
C:\Windows\System32\ico.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\System32\FSRremoS.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Users\MaxMustermann\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: 312.041.121.19 thepiratebay.org
O1 - Hosts: 312.041.121.19 www.thepiratebay.org
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\ocx\ocxup.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\System32\ocx\ocxup.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = MaxMustermann\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: r_line - C:\Windows\SYSTEM32\r_line.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Scramby Server (ScrambyServer) - RapidSolution Software AG - C:\Program Files\RapidSolution\Scramby\ScrambyServer.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 8282 bytes


Ich hab eure Regeln nach bestem Wissen und Gewissen befolgt undhoffe auf eine schnelle Antwort, da seit Beginn dieses Beitrags ungefähr 10 neue Meldungen kamen.
Geändert von sos_lurchi (28.03.2010 um 17:15 Uhr)

Alt 28.03.2010, 17:31   #2
StLB
/// Helfer-Team
 
svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten - Standard

svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten


Hallo und !

das MBAM-Logfile bitte noch nachreichen.
Dann:

1.) Systemscan mit mit OTL von Oldtimer:
  • Lade Dir OTL.exe herunter und speichere sie auf dem Desktop.
  • Führe OTL.exe mit einem Doppelklick aus (Vista User: Rechtsklick -> "Als Administrator ausführen")
  • Wähle bitte im Block "Extra Registry" die Möglichkeit "Use SafeList" aus.
  • Zusätzlich bitte noch "LOP Check" und "Purity Check" anhaken.
  • Nun bitte mit "Run Scan" einen Systemscan durchführen.
  • Nach dem Scan werden zwei Logfiles erstellt (OTL.txt und Extras.txt).
  • Diese bitte hier posten.
2.) Rootkitscan mit GMER.

Alle .exe mit Adminrechten ausführen! (Rechtsklick -> "Als Administrator ausführen")

Bitte poste in Deiner nächsten Antwort:
* MBAM-Logfile
* OTL.txt und Extras.txt (OTL)
* GMER-Logfile
__________________

__________________
Alt 28.03.2010, 17:51   #3
sos_lurchi
 
svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten - Standard

svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten


mbam-Log wie bereits erwähnt, findet nix.
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3922
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.03.2010 17:57:15
mbam-log-2010-03-28 (17-57-15).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 113105
Laufzeit: 3 minute(s), 29 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL.txt

Code:
ATTFilter
OTL logfile created on: 28.03.2010 18:42:03 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Users\MaxMustermann\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 11,58 Gb Free Space | 11,58% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 24,41 Gb Free Space | 16,38% Space Free | Partition Type: NTFS
Drive E: | 365,75 Gb Total Space | 55,65 Gb Free Space | 15,21% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1,88 Gb Total Space | 1,36 Gb Free Space | 72,51% Space Free | Partition Type: FAT
 
Computer Name: MaxMustermann-PC
Current User Name: MaxMustermann
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.03.28 18:38:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\MaxMustermann\Desktop\OTL.exe
PRC - [2010.03.24 11:27:09 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.03.17 11:00:43 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgtray.exe
PRC - [2010.03.17 11:00:42 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgrsx.exe
PRC - [2010.03.17 11:00:41 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgwdsvc.exe
PRC - [2010.03.17 11:00:22 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgchsvx.exe
PRC - [2010.03.17 11:00:22 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgemc.exe
PRC - [2010.03.17 11:00:22 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgcsrvx.exe
PRC - [2010.02.26 07:10:20 | 021,979,992 | ---- | M] () -- C:\Users\MaxMustermann\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009.11.25 15:24:14 | 004,009,592 | ---- | M] (Almico Software (www.almico.com)) -- C:\Programme\SpeedFan\speedfan.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2009.09.27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.08.19 09:53:30 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.08.19 09:52:28 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2009.07.24 15:05:24 | 000,762,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2009.07.24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2009.07.17 15:32:00 | 003,576,320 | ---- | M] (Native Instruments GmbH) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.25 12:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.10.25 09:18:50 | 000,098,696 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2007.09.14 14:50:20 | 000,344,064 | ---- | M] (RapidSolution Software AG) -- C:\Programme\RapidSolution\Scramby\ScrambyServer.exe
PRC - [2007.03.23 19:04:54 | 004,423,680 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2004.07.14 16:36:54 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe
PRC - [2003.11.06 16:51:32 | 000,020,480 | ---- | M] () -- C:\Windows\System32\FSRremoS.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.03.28 18:38:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\MaxMustermann\Desktop\OTL.exe
MOD - [2010.03.17 11:00:42 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.03.17 11:00:41 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.03.17 11:00:22 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009.11.30 21:08:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.09.27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.07.24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.07.17 15:32:00 | 003,576,320 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.09.14 14:50:20 | 000,344,064 | ---- | M] (RapidSolution Software AG) [Auto | Running] -- C:\Program Files\RapidSolution\Scramby\ScrambyServer.exe -- (ScrambyServer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.03.17 11:00:43 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.03.17 11:00:42 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010.03.17 11:00:22 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009.12.03 12:34:31 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009.11.25 22:04:59 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.09.27 16:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.24 15:05:24 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.07.14 00:02:46 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2008.01.14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007.08.08 09:31:16 | 000,023,840 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\scramby_out.sys -- (scramby_out)
DRV - [2007.03.23 22:21:24 | 001,761,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.02.13 18:41:26 | 000,025,896 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\scramby.sys -- (scramby)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003.02.11 14:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2003.01.10 14:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F CE 11 E1 03 CA CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {7C9AE782-DB21-4e40-81FB-AD8A53A6233A}:1.83
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {A154CEEC-79EA-48a8-AD27-BEC22AF360F8}:0.5.8
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.5
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.24 11:27:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.24 11:27:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.10.19 14:07:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.11.25 22:19:48 | 000,000,000 | ---D | M]
 
[2009.10.15 22:25:51 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Extensions
[2010.03.27 22:39:52 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\s3du2ors.default\extensions
[2009.10.19 18:41:24 | 000,000,000 | ---D | M] (Fetch Text URL) -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\s3du2ors.default\extensions\{5B700FEA-FF2A-4746-BB2D-9D26A8EB056D}
[2009.10.19 00:49:22 | 000,000,000 | ---D | M] (Live IP Address) -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\s3du2ors.default\extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}
[2010.01.04 19:55:14 | 000,000,000 | ---D | M] (Quitomzilla) -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\s3du2ors.default\extensions\{A154CEEC-79EA-48a8-AD27-BEC22AF360F8}
[2010.01.07 02:06:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\s3du2ors.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.01.21 13:13:50 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\s3du2ors.default\extensions\firebug@software.joehewitt.com
[2009.10.31 15:07:59 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\s3du2ors.default\extensions\moveplayer@movenetworks.com
[2009.12.03 13:42:28 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\s3du2ors.default\extensions\youtube2mp3@mondayx.de
[2009.10.16 20:06:49 | 000,001,720 | ---- | M] () -- C:\Users\MaxMustermann\AppData\Roaming\Mozilla\FireFox\Profiles\s3du2ors.default\searchplugins\youtube-videosuche.xml
[2010.02.09 19:49:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.03.27 14:26:46 | 000,001,095 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 312.041.121.19 thepiratebay.org
O1 - Hosts: 312.041.121.19 www.thepiratebay.org
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, Inc.)
O4 - Startup: C:\Users\MaxMustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MaxMustermann\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\MaxMustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\MaxMustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\System32\ocx\ocxup.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\System32\ocx\ocxup.exe File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\r_line: DllName - r_line.dll - C:\Windows\System32\r_line.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9cc3d8cd-f5af-11de-9c4b-001e8c1b7aab}\Shell - "" = AutoRun
O33 - MountPoints2\{9cc3d8cd-f5af-11de-9c4b-001e8c1b7aab}\Shell\AutoRun\command - "" = M:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.03.28 18:38:35 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\MaxMustermann\Desktop\OTL.exe
[2010.03.28 17:21:30 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\AppData\Local\MigWiz
[2010.03.27 14:03:22 | 000,016,896 | ---- | C] (Syncrosoft GmbH) -- C:\Windows\System32\drivers\synasUSB.sys
[2010.03.27 14:03:20 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.000
[2010.03.27 14:03:20 | 000,045,056 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\System32\Synsopos.exe
[2010.03.27 14:03:19 | 000,704,512 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\System32\SYNSOACC.dll
[2010.03.27 14:03:19 | 000,147,456 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\System32\SynsoLChk.dll
[2010.03.20 21:42:18 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\AppData\Local\AOL
[2010.03.20 21:42:09 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.0
[2010.03.20 18:46:49 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\Desktop\Neuer Ordner (2)
[2010.03.20 18:46:41 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\Desktop\final
[2010.03.20 18:46:12 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\Desktop\fin
[2010.03.20 17:04:11 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\Desktop\test
[2010.03.20 17:03:54 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\Desktop\web
[2010.03.20 17:01:07 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\Desktop\Neuer Ordner
[2010.03.17 23:39:47 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.03.17 11:00:42 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010.03.12 11:48:02 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\Desktop\slideshow
[2010.03.09 23:21:57 | 000,000,000 | ---D | C] -- C:\Programme\ManyCam 2.4
[2010.03.09 23:21:57 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\AppData\Roaming\ManyCam
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.03.28 18:42:56 | 003,932,160 | -HS- | M] () -- C:\Users\MaxMustermann\NTUSER.DAT
[2010.03.28 18:38:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\MaxMustermann\Desktop\OTL.exe
[2010.03.28 18:08:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.28 17:48:52 | 000,001,934 | ---- | M] () -- C:\Users\MaxMustermann\Documents\cc_20100328_174848.reg
[2010.03.28 17:25:05 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.28 17:25:05 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.28 17:23:52 | 001,480,602 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.03.28 17:23:52 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.03.28 17:23:52 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.03.28 17:23:52 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.03.28 17:23:52 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.03.28 17:17:58 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.28 17:17:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.28 17:17:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.28 17:17:36 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.28 15:37:02 | 001,802,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.03.28 12:21:44 | 000,056,786 | ---- | M] () -- C:\Users\MaxMustermann\Documents\cc_20100328_122134.reg
[2010.03.28 12:20:20 | 000,001,835 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\CCleaner.lnk
[2010.03.28 11:10:14 | 058,110,411 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.03.28 00:40:56 | 000,000,095 | ---- | M] () -- C:\Windows\wininit.ini
[2010.03.27 23:17:42 | 000,005,136 | ---- | M] () -- C:\Windows\System32\r_line.dll
[2010.03.27 14:53:52 | 000,132,288 | ---- | M] () -- C:\Users\MaxMustermann\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.03.27 12:10:06 | 010,230,272 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\6816328751.avi
[2010.03.27 12:06:56 | 046,622,839 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\4240667219.flv
[2010.03.27 12:06:47 | 036,917,918 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\4070777209.avi
[2010.03.24 16:06:10 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2010.03.24 10:36:32 | 000,011,573 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\boxover.js
[2010.03.23 22:38:47 | 026,274,304 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\3865420243.avi
[2010.03.23 20:34:17 | 000,000,425 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\params.ini
[2010.03.23 00:53:48 | 000,000,335 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\7202330232.avi
[2010.03.22 23:15:48 | 000,015,360 | ---- | M] () -- C:\Users\MaxMustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.22 01:07:41 | 000,046,969 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\facebook_kuendigung.jpg
[2010.03.22 00:43:28 | 005,118,819 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\090806_SapphireUserGuide_Ger.pdf
[2010.03.21 18:45:53 | 000,033,285 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Untitled-1.jpg
[2010.03.21 18:23:18 | 004,422,904 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\MaxMustermann.jpg
[2010.03.21 18:23:18 | 004,422,904 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\MaxMustermann (2).jpg
[2010.03.21 18:20:48 | 004,182,677 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Stolzenberger_14.jpg
[2010.03.21 15:10:27 | 029,705,168 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\5497379323.avi
[2010.03.21 14:11:43 | 040,946,688 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\4336013563.avi
[2010.03.20 18:51:08 | 000,041,472 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Homepage-1.doc
[2010.03.20 15:36:29 | 000,008,248 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\gross.jpg
[2010.03.20 15:28:52 | 000,009,017 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\stolzenberger.jpg
[2010.03.20 15:27:19 | 000,009,887 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\sturm.jpg
[2010.03.20 13:40:57 | 046,505,095 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Stolzenberger_Fotos_Farbvariante.zip
[2010.03.20 13:40:56 | 048,427,967 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Stolzenberger_Fotos_Farbe1.zip
[2010.03.18 23:51:19 | 000,687,340 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\hannes_bier.jpg
[2010.03.18 23:48:40 | 000,320,520 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\hannes_leichtblauabernichtbesoffen.jpg
[2010.03.18 23:46:55 | 000,266,602 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\hannes_sw.jpg
[2010.03.18 23:46:19 | 000,480,691 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\hannes.jpg
[2010.03.18 23:14:04 | 000,915,187 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Kopie von DSC02460.JPG
[2010.03.17 11:00:43 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010.03.17 11:00:42 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010.03.17 11:00:42 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010.03.17 11:00:22 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010.03.16 23:51:31 | 000,133,385 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\render.nike.com.jpg
[2010.03.14 05:47:02 | 001,092,936 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\6974579124.avi
[2010.03.13 20:06:49 | 000,037,020 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\312DE174d01.pdf
[2010.03.13 00:15:36 | 000,001,384 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\ManyCam.exe - Verknüpfung.lnk
[2010.03.12 14:50:33 | 000,141,798 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\2722442937_432af07a24.jpg
[2010.03.12 11:35:16 | 000,003,233 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\stolzenberger.vcf
[2010.03.12 11:15:13 | 000,076,374 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\googlemaps-screenshot.jpg
[2010.03.10 20:44:58 | 000,328,958 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Untitled-1 copy.jpg
[2010.03.10 15:14:52 | 000,002,454 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Untitled-1.html
[2010.03.10 13:28:49 | 000,003,046 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\slideshow.css
[2010.03.08 01:17:59 | 000,010,945 | ---- | M] () -- C:\Users\MaxMustermann\Documents\Bewerbungen 2010.docx
[2010.03.08 01:17:59 | 000,000,162 | -H-- | M] () -- C:\Users\MaxMustermann\Documents\~$werbungen 2010.docx
[2010.03.07 22:39:20 | 000,002,593 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\bewtest.rtf
[2010.03.04 11:50:10 | 000,004,832 | R--- | M] () -- C:\Users\MaxMustermann\Desktop\plgTitleManager101.zip
[2010.03.04 11:31:15 | 000,009,913 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\6.jpg
[2010.03.04 11:29:51 | 000,021,077 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\5.jpg
[2010.03.04 11:29:01 | 000,025,947 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\4.jpg
[2010.03.04 11:27:26 | 000,024,250 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\3.jpg
[2010.03.04 11:07:04 | 000,002,454 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\style.css
[2010.03.03 16:04:35 | 005,979,444 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\FigaroMariangela60x15.psd
[2010.03.03 16:01:08 | 006,464,038 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Untitled-3.psd
[2010.03.03 15:52:53 | 000,003,856 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\mariangela_3.jpg
[2010.03.03 15:51:13 | 000,005,482 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\mariangela_2.jpg
[2010.03.03 15:50:52 | 008,785,699 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\VarianteZwei60x15.psd
[2010.03.03 15:48:41 | 000,006,509 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\mariangela_1.jpg
[2010.03.03 15:47:30 | 010,728,915 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Untitled-1.psd
[2010.03.02 10:03:04 | 000,108,227 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Lebenslauf mit Vorkenntnissen - MaxMustermann.pdf
[2010.03.01 21:16:52 | 000,293,888 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\test.doc
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.03.28 17:48:50 | 000,001,934 | ---- | C] () -- C:\Users\MaxMustermann\Documents\cc_20100328_174848.reg
[2010.03.28 12:21:38 | 000,056,786 | ---- | C] () -- C:\Users\MaxMustermann\Documents\cc_20100328_122134.reg
[2010.03.28 12:20:20 | 000,001,835 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\CCleaner.lnk
[2010.03.28 00:40:56 | 000,000,095 | ---- | C] () -- C:\Windows\wininit.ini
[2010.03.27 23:17:42 | 000,005,136 | ---- | C] () -- C:\Windows\System32\r_line.dll
[2010.03.27 14:03:37 | 000,147,425 | ---- | C] () -- C:\Windows\System32\SYNSOACC-Aide.chm
[2010.03.27 14:03:37 | 000,120,468 | ---- | C] () -- C:\Windows\System32\SYNSOACC-Hilfe.chm
[2010.03.27 14:03:37 | 000,114,279 | ---- | C] () -- C:\Windows\System32\SYNSOACC-Help.chm
[2010.03.27 12:09:57 | 010,230,272 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\6816328751.avi
[2010.03.27 12:06:09 | 046,622,839 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\4240667219.flv
[2010.03.27 12:05:46 | 036,917,918 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\4070777209.avi
[2010.03.24 10:34:43 | 000,011,573 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\boxover.js
[2010.03.23 22:38:20 | 026,274,304 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\3865420243.avi
[2010.03.23 20:34:16 | 000,000,425 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\params.ini
[2010.03.23 00:53:39 | 000,000,335 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\7202330232.avi
[2010.03.22 01:07:40 | 000,046,969 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\facebook_kuendigung.jpg
[2010.03.22 00:43:15 | 005,118,819 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\090806_SapphireUserGuide_Ger.pdf
[2010.03.21 18:45:53 | 000,033,285 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Untitled-1.jpg
[2010.03.21 18:34:32 | 004,182,677 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Stolzenberger_14.jpg
[2010.03.21 18:34:31 | 004,422,904 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\MaxMustermann.jpg
[2010.03.21 18:34:04 | 004,422,904 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\MaxMustermann (2).jpg
[2010.03.21 15:10:01 | 029,705,168 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\5497379323.avi
[2010.03.21 14:10:48 | 040,946,688 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\4336013563.avi
[2010.03.20 18:51:06 | 000,041,472 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Homepage-1.doc
[2010.03.20 15:36:29 | 000,008,248 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\gross.jpg
[2010.03.20 15:28:52 | 000,009,017 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\stolzenberger.jpg
[2010.03.20 15:27:19 | 000,009,887 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\sturm.jpg
[2010.03.20 13:39:44 | 046,505,095 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Stolzenberger_Fotos_Farbvariante.zip
[2010.03.20 13:39:40 | 048,427,967 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Stolzenberger_Fotos_Farbe1.zip
[2010.03.18 23:51:19 | 000,687,340 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\hannes_bier.jpg
[2010.03.18 23:48:40 | 000,320,520 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\hannes_leichtblauabernichtbesoffen.jpg
[2010.03.18 23:46:55 | 000,266,602 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\hannes_sw.jpg
[2010.03.18 23:46:19 | 000,480,691 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\hannes.jpg
[2010.03.18 23:14:03 | 000,915,187 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Kopie von DSC02460.JPG
[2010.03.16 23:51:28 | 000,133,385 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\render.nike.com.jpg
[2010.03.14 05:46:52 | 001,092,936 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\6974579124.avi
[2010.03.13 20:06:49 | 000,037,020 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\312DE174d01.pdf
[2010.03.13 00:15:36 | 000,001,384 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\ManyCam.exe - Verknüpfung.lnk
[2010.03.12 14:50:33 | 000,141,798 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\2722442937_432af07a24.jpg
[2010.03.12 11:20:03 | 000,003,233 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\stolzenberger.vcf
[2010.03.12 11:15:13 | 000,076,374 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\googlemaps-screenshot.jpg
[2010.03.10 20:44:56 | 000,328,958 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Untitled-1 copy.jpg
[2010.03.10 15:14:51 | 000,002,454 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Untitled-1.html
[2010.03.10 13:28:27 | 000,003,046 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\slideshow.css
[2010.03.10 12:41:57 | 000,044,423 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\mod_gk_news_highlighter.zip
[2010.03.08 01:17:59 | 000,010,945 | ---- | C] () -- C:\Users\MaxMustermann\Documents\Bewerbungen 2010.docx
[2010.03.08 01:17:59 | 000,000,162 | -H-- | C] () -- C:\Users\MaxMustermann\Documents\~$werbungen 2010.docx
[2010.03.07 22:39:20 | 000,002,593 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\bewtest.rtf
[2010.03.04 11:50:12 | 000,004,832 | R--- | C] () -- C:\Users\MaxMustermann\Desktop\plgTitleManager101.zip
[2010.03.04 11:31:15 | 000,009,913 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\6.jpg
[2010.03.04 11:29:51 | 000,021,077 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\5.jpg
[2010.03.04 11:29:01 | 000,025,947 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\4.jpg
[2010.03.04 11:27:26 | 000,024,250 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\3.jpg
[2010.03.03 16:04:33 | 005,979,444 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\FigaroMariangela60x15.psd
[2010.03.03 15:52:53 | 000,003,856 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\mariangela_3.jpg
[2010.03.03 15:52:25 | 006,464,038 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Untitled-3.psd
[2010.03.03 15:51:13 | 000,005,482 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\mariangela_2.jpg
[2010.03.03 15:50:51 | 008,785,699 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\VarianteZwei60x15.psd
[2010.03.03 15:48:41 | 000,006,509 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\mariangela_1.jpg
[2010.03.02 10:48:19 | 000,002,454 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\style.css
[2010.03.02 10:03:03 | 000,108,227 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Lebenslauf mit Vorkenntnissen - MaxMustermann.pdf
[2010.03.01 21:16:48 | 000,293,888 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\test.doc
[2009.12.13 04:29:56 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2009.12.09 00:37:52 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2009.12.06 13:52:48 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2009.11.29 18:21:31 | 000,004,096 | -H-- | C] () -- C:\Users\MaxMustermann\AppData\Local\keyfile3.drm
[2009.11.29 02:14:23 | 000,037,051 | ---- | C] () -- C:\Users\MaxMustermann\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.10.30 01:29:10 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.10.29 02:24:03 | 000,024,576 | ---- | C] () -- C:\Windows\System32\FSRremoC.DLL
[2009.10.24 16:21:37 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009.10.23 00:06:18 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2009.10.23 00:04:56 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.10.23 00:04:29 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.10.17 02:03:49 | 000,015,360 | ---- | C] () -- C:\Users\MaxMustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.07.24 15:05:24 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008.12.11 12:27:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
[2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2009.11.25 22:10:14 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\DAEMON Tools Lite
[2010.03.28 17:18:21 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\Dropbox
[2010.03.24 11:26:20 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\FileZilla
[2010.03.28 12:52:53 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\ICQ
[2009.10.29 13:49:51 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\KeePass
[2009.10.26 15:23:53 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\MAGIX
[2010.03.09 23:23:23 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\ManyCam
[2009.10.21 11:54:20 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\OpenOffice.org
[2009.10.16 00:03:00 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\Thunderbird
[2009.12.16 01:26:27 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\TrueCrypt
[2010.03.27 22:00:16 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\uTorrent
[2010.02.13 00:29:40 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\VOWSoft
[2010.03.04 18:23:11 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
und Extras als *.txt Anlage.

Danke für die schnelle Antwort.


GMER kommt sofort!
__________________
Alt 28.03.2010, 17:56   #4
StLB
/// Helfer-Team
 
svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten - Standard

svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten


Zitat:
Scan-Methode: Quick-Scan
Deswegen wollte ich das Logfile sehen
Bei einem Quick-Scan wird mehr oder weniger nur oberflächlich gescannt.
Ein VollScan schürft tiefer. Also bitte den MBAM-Scan als VollScan wiederholen.

GMER bitte jetzt abbrechen ("Stop") und zuerst ein MBAM-Vollscan durchführen.
Dann ein neues OTL-Log erstellen, posten und danach einmal GMER durchlaufen lassen.
__________________
Gruß, Julian

Kein Support per PM!
Spendemöglichkeit: Make a Donation

Alt 28.03.2010, 21:20   #5
sos_lurchi
 
svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten - Standard

svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten


So, nach 3 Stunden Scan findet mbam wirklich nix.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3922
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.03.2010 21:42:49
mbam-log-2010-03-28 (21-42-49).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 402604
Laufzeit: 2 hour(s), 39 minute(s), 5 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL

Code:
ATTFilter
OTL logfile created on: 28.03.2010 21:51:58 - Run 2
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Users\MaxMustermann\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 11,57 Gb Free Space | 11,57% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 24,41 Gb Free Space | 16,38% Space Free | Partition Type: NTFS
Drive E: | 365,75 Gb Total Space | 55,65 Gb Free Space | 15,21% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 1,88 Gb Total Space | 1,36 Gb Free Space | 72,51% Space Free | Partition Type: FAT
 
Computer Name: MaxMustermann-PC
Current User Name: MaxMustermann
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.03.28 18:38:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\MaxMustermann\Desktop\OTL.exe
PRC - [2010.03.17 11:00:42 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgrsx.exe
PRC - [2010.03.17 11:00:41 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgwdsvc.exe
PRC - [2010.03.17 11:00:22 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgchsvx.exe
PRC - [2010.03.17 11:00:22 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgemc.exe
PRC - [2010.03.17 11:00:22 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgcsrvx.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2009.09.27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.08.19 09:53:30 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.08.19 09:52:28 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2009.07.24 15:05:24 | 000,762,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2009.07.24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2009.07.17 15:32:00 | 003,576,320 | ---- | M] (Native Instruments GmbH) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.25 12:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.10.25 09:18:50 | 000,098,696 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2007.09.14 14:50:20 | 000,344,064 | ---- | M] (RapidSolution Software AG) -- C:\Programme\RapidSolution\Scramby\ScrambyServer.exe
PRC - [2007.03.23 19:04:54 | 004,423,680 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2004.07.14 16:36:54 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\Windows\System32\ico.exe
PRC - [2003.11.06 16:51:32 | 000,020,480 | ---- | M] () -- C:\Windows\System32\FSRremoS.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.03.28 18:38:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\MaxMustermann\Desktop\OTL.exe
MOD - [2010.03.17 11:00:42 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.03.17 11:00:41 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.03.17 11:00:22 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009.11.30 21:08:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.09.27 16:48:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.07.24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.07.17 15:32:00 | 003,576,320 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.09.14 14:50:20 | 000,344,064 | ---- | M] (RapidSolution Software AG) [Auto | Running] -- C:\Program Files\RapidSolution\Scramby\ScrambyServer.exe -- (ScrambyServer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.03.17 11:00:43 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.03.17 11:00:42 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010.03.17 11:00:22 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009.12.03 12:34:31 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009.11.25 22:04:59 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.09.27 16:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.24 15:05:24 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.07.14 00:02:46 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2008.01.14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007.08.08 09:31:16 | 000,023,840 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\scramby_out.sys -- (scramby_out)
DRV - [2007.03.23 22:21:24 | 001,761,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.02.13 18:41:26 | 000,025,896 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\scramby.sys -- (scramby)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003.02.11 14:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pelusblf.sys -- (pelusblf)
DRV - [2003.01.10 14:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PELMOUSE.SYS -- (pelmouse)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F CE 11 E1 03 CA CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {7C9AE782-DB21-4e40-81FB-AD8A53A6233A}:1.83
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {A154CEEC-79EA-48a8-AD27-BEC22AF360F8}:0.5.8
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.5
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.24 11:27:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.24 11:27:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.10.19 14:07:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009.11.25 22:19:48 | 000,000,000 | ---D | M]
 
[2009.10.15 22:25:51 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Extensions
[2010.03.27 22:39:52 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\s3du2ors.default\extensions
[2009.10.19 18:41:24 | 000,000,000 | ---D | M] (Fetch Text URL) -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\s3du2ors.default\extensions\{5B700FEA-FF2A-4746-BB2D-9D26A8EB056D}
[2009.10.19 00:49:22 | 000,000,000 | ---D | M] (Live IP Address) -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\s3du2ors.default\extensions\{7C9AE782-DB21-4e40-81FB-AD8A53A6233A}
[2010.01.04 19:55:14 | 000,000,000 | ---D | M] (Quitomzilla) -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\s3du2ors.default\extensions\{A154CEEC-79EA-48a8-AD27-BEC22AF360F8}
[2010.01.07 02:06:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\s3du2ors.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.01.21 13:13:50 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\s3du2ors.default\extensions\firebug@software.joehewitt.com
[2009.10.31 15:07:59 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\s3du2ors.default\extensions\moveplayer@movenetworks.com
[2009.12.03 13:42:28 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\mozilla\Firefox\Profiles\s3du2ors.default\extensions\youtube2mp3@mondayx.de
[2009.10.16 20:06:49 | 000,001,720 | ---- | M] () -- C:\Users\MaxMustermann\AppData\Roaming\Mozilla\FireFox\Profiles\s3du2ors.default\searchplugins\youtube-videosuche.xml
[2010.02.09 19:49:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.03.27 14:26:46 | 000,001,095 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 312.041.121.19 thepiratebay.org
O1 - Hosts: 312.041.121.19 www.thepiratebay.org
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, Inc.)
O4 - Startup: C:\Users\MaxMustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MaxMustermann\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\MaxMustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\MaxMustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\System32\ocx\ocxup.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\System32\ocx\ocxup.exe File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\r_line: DllName - r_line.dll - C:\Windows\System32\r_line.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9cc3d8cd-f5af-11de-9c4b-001e8c1b7aab}\Shell - "" = AutoRun
O33 - MountPoints2\{9cc3d8cd-f5af-11de-9c4b-001e8c1b7aab}\Shell\AutoRun\command - "" = M:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.03.28 18:38:35 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\MaxMustermann\Desktop\OTL.exe
[2010.03.28 17:21:30 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\AppData\Local\MigWiz
[2010.03.27 14:03:22 | 000,016,896 | ---- | C] (Syncrosoft GmbH) -- C:\Windows\System32\drivers\synasUSB.sys
[2010.03.27 14:03:20 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.000
[2010.03.27 14:03:20 | 000,045,056 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\System32\Synsopos.exe
[2010.03.27 14:03:19 | 000,704,512 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\System32\SYNSOACC.dll
[2010.03.27 14:03:19 | 000,147,456 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\System32\SynsoLChk.dll
[2010.03.20 21:42:18 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\AppData\Local\AOL
[2010.03.20 21:42:09 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.0
[2010.03.20 18:46:49 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\Desktop\Neuer Ordner (2)
[2010.03.20 18:46:41 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\Desktop\final
[2010.03.20 18:46:12 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\Desktop\fin
[2010.03.20 17:04:11 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\Desktop\test
[2010.03.20 17:03:54 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\Desktop\web
[2010.03.20 17:01:07 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\Desktop\Neuer Ordner
[2010.03.17 23:39:47 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.03.17 11:00:42 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010.03.12 11:48:02 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\Desktop\slideshow
[2010.03.09 23:21:57 | 000,000,000 | ---D | C] -- C:\Programme\ManyCam 2.4
[2010.03.09 23:21:57 | 000,000,000 | ---D | C] -- C:\Users\MaxMustermann\AppData\Roaming\ManyCam
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.03.28 21:51:59 | 003,932,160 | -HS- | M] () -- C:\Users\MaxMustermann\NTUSER.DAT
[2010.03.28 21:08:38 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.28 19:08:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.28 18:53:42 | 000,293,376 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\69r8nk1o.exe
[2010.03.28 18:38:38 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\MaxMustermann\Desktop\OTL.exe
[2010.03.28 17:48:52 | 000,001,934 | ---- | M] () -- C:\Users\MaxMustermann\Documents\cc_20100328_174848.reg
[2010.03.28 17:25:05 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.28 17:25:05 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.28 17:23:52 | 001,480,602 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.03.28 17:23:52 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.03.28 17:23:52 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.03.28 17:23:52 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.03.28 17:23:52 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.03.28 17:17:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.28 17:17:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.28 17:17:36 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.28 15:37:02 | 001,802,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.03.28 12:21:44 | 000,056,786 | ---- | M] () -- C:\Users\MaxMustermann\Documents\cc_20100328_122134.reg
[2010.03.28 12:20:20 | 000,001,835 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\CCleaner.lnk
[2010.03.28 11:10:14 | 058,110,411 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.03.28 00:40:56 | 000,000,095 | ---- | M] () -- C:\Windows\wininit.ini
[2010.03.27 23:17:42 | 000,005,136 | ---- | M] () -- C:\Windows\System32\r_line.dll
[2010.03.27 14:53:52 | 000,132,288 | ---- | M] () -- C:\Users\MaxMustermann\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.03.27 12:10:06 | 010,230,272 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\6816328751.avi
[2010.03.27 12:06:56 | 046,622,839 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\4240667219.flv
[2010.03.27 12:06:47 | 036,917,918 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\4070777209.avi
[2010.03.24 16:06:10 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2010.03.24 10:36:32 | 000,011,573 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\boxover.js
[2010.03.23 22:38:47 | 026,274,304 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\3865420243.avi
[2010.03.23 20:34:17 | 000,000,425 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\params.ini
[2010.03.23 00:53:48 | 000,000,335 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\7202330232.avi
[2010.03.22 23:15:48 | 000,015,360 | ---- | M] () -- C:\Users\MaxMustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.22 01:07:41 | 000,046,969 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\facebook_kuendigung.jpg
[2010.03.22 00:43:28 | 005,118,819 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\090806_SapphireUserGuide_Ger.pdf
[2010.03.21 18:45:53 | 000,033,285 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Untitled-1.jpg
[2010.03.21 18:23:18 | 004,422,904 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\MaxMustermann.jpg
[2010.03.21 18:23:18 | 004,422,904 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\MaxMustermann (2).jpg
[2010.03.21 18:20:48 | 004,182,677 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Stolzenberger_14.jpg
[2010.03.21 15:10:27 | 029,705,168 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\5497379323.avi
[2010.03.21 14:11:43 | 040,946,688 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\4336013563.avi
[2010.03.20 18:51:08 | 000,041,472 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Homepage-1.doc
[2010.03.20 15:36:29 | 000,008,248 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\gross.jpg
[2010.03.20 15:28:52 | 000,009,017 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\stolzenberger.jpg
[2010.03.20 15:27:19 | 000,009,887 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\sturm.jpg
[2010.03.20 13:40:57 | 046,505,095 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Stolzenberger_Fotos_Farbvariante.zip
[2010.03.20 13:40:56 | 048,427,967 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Stolzenberger_Fotos_Farbe1.zip
[2010.03.18 23:51:19 | 000,687,340 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\hannes_bier.jpg
[2010.03.18 23:48:40 | 000,320,520 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\hannes_leichtblauabernichtbesoffen.jpg
[2010.03.18 23:46:55 | 000,266,602 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\hannes_sw.jpg
[2010.03.18 23:46:19 | 000,480,691 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\hannes.jpg
[2010.03.18 23:14:04 | 000,915,187 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Kopie von DSC02460.JPG
[2010.03.17 11:00:43 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010.03.17 11:00:42 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010.03.17 11:00:42 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010.03.17 11:00:22 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010.03.16 23:51:31 | 000,133,385 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\render.nike.com.jpg
[2010.03.14 05:47:02 | 001,092,936 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\6974579124.avi
[2010.03.13 20:06:49 | 000,037,020 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\312DE174d01.pdf
[2010.03.13 00:15:36 | 000,001,384 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\ManyCam.exe - Verknüpfung.lnk
[2010.03.12 14:50:33 | 000,141,798 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\2722442937_432af07a24.jpg
[2010.03.12 11:35:16 | 000,003,233 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\stolzenberger.vcf
[2010.03.12 11:15:13 | 000,076,374 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\googlemaps-screenshot.jpg
[2010.03.10 20:44:58 | 000,328,958 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Untitled-1 copy.jpg
[2010.03.10 15:14:52 | 000,002,454 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Untitled-1.html
[2010.03.10 13:28:49 | 000,003,046 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\slideshow.css
[2010.03.08 01:17:59 | 000,010,945 | ---- | M] () -- C:\Users\MaxMustermann\Documents\Bewerbungen 2010.docx
[2010.03.08 01:17:59 | 000,000,162 | -H-- | M] () -- C:\Users\MaxMustermann\Documents\~$werbungen 2010.docx
[2010.03.07 22:39:20 | 000,002,593 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\bewtest.rtf
[2010.03.04 11:50:10 | 000,004,832 | R--- | M] () -- C:\Users\MaxMustermann\Desktop\plgTitleManager101.zip
[2010.03.04 11:31:15 | 000,009,913 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\6.jpg
[2010.03.04 11:29:51 | 000,021,077 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\5.jpg
[2010.03.04 11:29:01 | 000,025,947 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\4.jpg
[2010.03.04 11:27:26 | 000,024,250 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\3.jpg
[2010.03.04 11:07:04 | 000,002,454 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\style.css
[2010.03.03 16:04:35 | 005,979,444 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\FigaroMariangela60x15.psd
[2010.03.03 16:01:08 | 006,464,038 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Untitled-3.psd
[2010.03.03 15:52:53 | 000,003,856 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\mariangela_3.jpg
[2010.03.03 15:51:13 | 000,005,482 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\mariangela_2.jpg
[2010.03.03 15:50:52 | 008,785,699 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\VarianteZwei60x15.psd
[2010.03.03 15:48:41 | 000,006,509 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\mariangela_1.jpg
[2010.03.03 15:47:30 | 010,728,915 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Untitled-1.psd
[2010.03.02 10:03:04 | 000,108,227 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\Lebenslauf mit Vorkenntnissen - MaxMustermann.pdf
[2010.03.01 21:16:52 | 000,293,888 | ---- | M] () -- C:\Users\MaxMustermann\Desktop\ot.doc
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.03.28 18:53:42 | 000,293,376 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\69r8nk1o.exe
[2010.03.28 17:48:50 | 000,001,934 | ---- | C] () -- C:\Users\MaxMustermann\Documents\cc_20100328_174848.reg
[2010.03.28 12:21:38 | 000,056,786 | ---- | C] () -- C:\Users\MaxMustermann\Documents\cc_20100328_122134.reg
[2010.03.28 12:20:20 | 000,001,835 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\CCleaner.lnk
[2010.03.28 00:40:56 | 000,000,095 | ---- | C] () -- C:\Windows\wininit.ini
[2010.03.27 23:17:42 | 000,005,136 | ---- | C] () -- C:\Windows\System32\r_line.dll
[2010.03.27 14:03:37 | 000,147,425 | ---- | C] () -- C:\Windows\System32\SYNSOACC-Aide.chm
[2010.03.27 14:03:37 | 000,120,468 | ---- | C] () -- C:\Windows\System32\SYNSOACC-Hilfe.chm
[2010.03.27 14:03:37 | 000,114,279 | ---- | C] () -- C:\Windows\System32\SYNSOACC-Help.chm
[2010.03.27 12:09:57 | 010,230,272 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\6816328751.avi
[2010.03.27 12:06:09 | 046,622,839 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\4240667219.flv
[2010.03.27 12:05:46 | 036,917,918 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\4070777209.avi
[2010.03.24 10:34:43 | 000,011,573 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\boxover.js
[2010.03.23 22:38:20 | 026,274,304 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\3865420243.avi
[2010.03.23 20:34:16 | 000,000,425 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\params.ini
[2010.03.23 00:53:39 | 000,000,335 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\7202330232.avi
[2010.03.22 01:07:40 | 000,046,969 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\facebook_kuendigung.jpg
[2010.03.22 00:43:15 | 005,118,819 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\090806_SapphireUserGuide_Ger.pdf
[2010.03.21 18:45:53 | 000,033,285 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Untitled-1.jpg
[2010.03.21 18:34:32 | 004,182,677 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Stolzenberger_14.jpg
[2010.03.21 18:34:31 | 004,422,904 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\MaxMustermann.jpg
[2010.03.21 18:34:04 | 004,422,904 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\MaxMustermann (2).jpg
[2010.03.21 15:10:01 | 029,705,168 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\5497379323.avi
[2010.03.21 14:10:48 | 040,946,688 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\4336013563.avi
[2010.03.20 18:51:06 | 000,041,472 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Homepage-1.doc
[2010.03.20 15:36:29 | 000,008,248 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\gross.jpg
[2010.03.20 15:28:52 | 000,009,017 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\stolzenberger.jpg
[2010.03.20 15:27:19 | 000,009,887 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\sturm.jpg
[2010.03.20 13:39:44 | 046,505,095 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Stolzenberger_Fotos_Farbvariante.zip
[2010.03.20 13:39:40 | 048,427,967 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Stolzenberger_Fotos_Farbe1.zip
[2010.03.18 23:51:19 | 000,687,340 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\hannes_bier.jpg
[2010.03.18 23:48:40 | 000,320,520 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\hannes_leichtblauabernichtbesoffen.jpg
[2010.03.18 23:46:55 | 000,266,602 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\hannes_sw.jpg
[2010.03.18 23:46:19 | 000,480,691 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\hannes.jpg
[2010.03.18 23:14:03 | 000,915,187 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Kopie von DSC02460.JPG
[2010.03.16 23:51:28 | 000,133,385 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\render.nike.com.jpg
[2010.03.14 05:46:52 | 001,092,936 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\6974579124.avi
[2010.03.13 20:06:49 | 000,037,020 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\312DE174d01.pdf
[2010.03.13 00:15:36 | 000,001,384 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\ManyCam.exe - Verknüpfung.lnk
[2010.03.12 14:50:33 | 000,141,798 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\2722442937_432af07a24.jpg
[2010.03.12 11:20:03 | 000,003,233 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\stolzenberger.vcf
[2010.03.12 11:15:13 | 000,076,374 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\googlemaps-screenshot.jpg
[2010.03.10 20:44:56 | 000,328,958 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Untitled-1 copy.jpg
[2010.03.10 15:14:51 | 000,002,454 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Untitled-1.html
[2010.03.10 13:28:27 | 000,003,046 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\slideshow.css
[2010.03.10 12:41:57 | 000,044,423 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\mod_gk_news_highlighter.zip
[2010.03.08 01:17:59 | 000,010,945 | ---- | C] () -- C:\Users\MaxMustermann\Documents\Bewerbungen 2010.docx
[2010.03.08 01:17:59 | 000,000,162 | -H-- | C] () -- C:\Users\MaxMustermann\Documents\~$werbungen 2010.docx
[2010.03.07 22:39:20 | 000,002,593 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\bewtest.rtf
[2010.03.04 11:50:12 | 000,004,832 | R--- | C] () -- C:\Users\MaxMustermann\Desktop\plgTitleManager101.zip
[2010.03.04 11:31:15 | 000,009,913 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\6.jpg
[2010.03.04 11:29:51 | 000,021,077 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\5.jpg
[2010.03.04 11:29:01 | 000,025,947 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\4.jpg
[2010.03.04 11:27:26 | 000,024,250 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\3.jpg
[2010.03.03 16:04:33 | 005,979,444 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\FigaroMariangela60x15.psd
[2010.03.03 15:52:53 | 000,003,856 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\mariangela_3.jpg
[2010.03.03 15:52:25 | 006,464,038 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Untitled-3.psd
[2010.03.03 15:51:13 | 000,005,482 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\mariangela_2.jpg
[2010.03.03 15:50:51 | 008,785,699 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\VarianteZwei60x15.psd
[2010.03.03 15:48:41 | 000,006,509 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\mariangela_1.jpg
[2010.03.02 10:48:19 | 000,002,454 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\style.css
[2010.03.02 10:03:03 | 000,108,227 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\Lebenslauf mit Vorkenntnissen - MaxMustermann.pdf
[2010.03.01 21:16:48 | 000,293,888 | ---- | C] () -- C:\Users\MaxMustermann\Desktop\ot.doc
[2009.12.13 04:29:56 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2009.12.09 00:37:52 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2009.12.06 13:52:48 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2009.11.29 18:21:31 | 000,004,096 | -H-- | C] () -- C:\Users\MaxMustermann\AppData\Local\keyfile3.drm
[2009.11.29 02:14:23 | 000,037,051 | ---- | C] () -- C:\Users\MaxMustermann\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.10.30 01:29:10 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.10.29 02:24:03 | 000,024,576 | ---- | C] () -- C:\Windows\System32\FSRremoC.DLL
[2009.10.24 16:21:37 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009.10.23 00:06:18 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2009.10.23 00:04:56 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.10.23 00:04:29 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.10.17 02:03:49 | 000,015,360 | ---- | C] () -- C:\Users\MaxMustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.07.24 15:05:24 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008.12.11 12:27:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
[2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2009.11.25 22:10:14 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\DAEMON Tools Lite
[2010.03.28 17:18:21 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\Dropbox
[2010.03.24 11:26:20 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\FileZilla
[2010.03.28 12:52:53 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\ICQ
[2009.10.29 13:49:51 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\KeePass
[2009.10.26 15:23:53 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\MAGIX
[2010.03.09 23:23:23 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\ManyCam
[2009.10.21 11:54:20 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\OpenOffice.org
[2009.10.16 00:03:00 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\Thunderbird
[2009.12.16 01:26:27 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\TrueCrypt
[2010.03.27 22:00:16 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\uTorrent
[2010.02.13 00:29:40 | 000,000,000 | ---D | M] -- C:\Users\MaxMustermann\AppData\Roaming\VOWSoft
[2010.03.04 18:23:11 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

Habe die ganzen Checks (natürlich nach Aktualisierung) offline durchgeführt, Dabei hat mich svchost.exe in Ruhe gelassen, is viellt nicht ganz uninteressant.

danke für die hoffentlich wirksame hilfe


Alt 30.03.2010, 13:06   #6
sos_lurchi
 
svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten - Standard

svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten


Keiner eine Idee?
AVG hat beim automatischen scannen gerade Dropper.Bravix.S gefunden ist viellt ganz wissenswert.

Ich bin gespannt.

Alt 30.03.2010, 17:46   #7
StLB
/// Helfer-Team
 
svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten - Standard

svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten


Versuch mal das:

Systemscan mit HitmanPro
__________________
Gruß, Julian

Kein Support per PM!
Spendemöglichkeit: Make a Donation

Alt 07.04.2010, 18:39   #8
sos_lurchi
 
svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten - Reden

svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten


Die letzte Antwort ist irgendwie nicht in meinem E-Mail-Fach gelandet, drum jetzt erst die Ergebnisse.

Nach einem (sehr schnellen Scan) *daumen hoch* fand Hitman das Rootkit (atapi.sys) und einen Trojaner (r_line.dll)
beide in C:\Windows\system32...

Hitman hat die beiden offensichtlich richtig schön nass gemacht und sie an den Lüfter zum Trocknen gehängt. Good Job Hitman.

Seither gab es keine Vorkommnisse .

Vielen vielen Dank Julian!

Alt 07.04.2010, 19:26   #9
StLB
/// Helfer-Team
 
svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten - Standard

svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten


Ok, so weit, so gut.
Das muss aber nicht heißen, dass Dein System schon sauber ist.

Bitte noch einen Rootkit-Scan mit GMER machen und neue OTL-Logfiles erstellen und posten.
__________________
Gruß, Julian

Kein Support per PM!
Spendemöglichkeit: Make a Donation

Antwort

Themen zu svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten
avg, avg free, c:\windows, c:\windows\temp, cubase, dropbox, firefox, frage, gupdate, hijack, hijackthis-log, leer, leitet, löschen, lösung, magix, malwarebytes' anti-malware, meldung, neue, ordner, plug-in, problem, regeln, safer networking, sheur3.mvl, software, spiele, spielen, suche, svchost, svchost.exe, temp, trojaner, verschwunden, version, werbelinks, windows, öffnet


« Trojaner downloader, wie sicher löschen? | Virus: Win32/Alureon.G »


Ähnliche Themen: svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten


  1. Firefox öffnet immer einen neue Tab mit "month.com".
    Plagegeister aller Art und deren Bekämpfung - 18.08.2015 (6)
  2. Trojaner "c:\windows\system32\svchost.exe "Avast - Infektion geblockt"
    Log-Analyse und Auswertung - 07.06.2015 (16)
  3. Arbeitsspeicher voll / Firefox wird geschlossen / große "svchost.exe"
    Log-Analyse und Auswertung - 11.05.2015 (17)
  4. Firefox öffnet bei klicken Werbung & und Programm "lomrdjhy" im Hintergrund
    Plagegeister aller Art und deren Bekämpfung - 12.04.2015 (3)
  5. Malware? "Firefox öffnet aufgrund aktuellen Beschränkungen nicht"
    Plagegeister aller Art und deren Bekämpfung - 24.07.2014 (7)
  6. Mozilla Firefox öffnet neue Tabs, die mit "123srv" beginnen
    Log-Analyse und Auswertung - 13.04.2014 (13)
  7. Windows 7(64 bit): Firefox öffnet von allein Werbe Tabs "ads by remarkit"
    Log-Analyse und Auswertung - 07.01.2014 (4)
  8. Windows 7 (64 bit): Firefox öffnet selbstständig "Werbe-Tabs"
    Log-Analyse und Auswertung - 24.11.2013 (7)
  9. Windows XP: Firefox öffnet immer als Startseite "u-search.net/?a=1&e=1"
    Log-Analyse und Auswertung - 06.09.2013 (13)
  10. Browser/Werbe popup, "AppsHat", MBAM Funde, nach "Schrift-Download"
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (31)
  11. Firefox Version 22.0 öffnet unaufgefordert Tab "Sponsorship"
    Plagegeister aller Art und deren Bekämpfung - 03.08.2013 (9)
  12. Bundespolizei Ukash Trojaner ; "Xubuntu 12.04" findet Laufwerk "C" nicht.
    Plagegeister aller Art und deren Bekämpfung - 15.06.2012 (1)
  13. Firefox öffnet nicht mit Google sondern mit "search.com/406"
    Plagegeister aller Art und deren Bekämpfung - 09.11.2011 (25)
  14. ungefragte Werbetabs in firefox, svchost.exe Fehler "read"
    Plagegeister aller Art und deren Bekämpfung - 27.07.2010 (27)
  15. Firefox öffnet dubiose "Antismalwar" und "Werbeseiten"
    Log-Analyse und Auswertung - 06.05.2010 (4)
  16. Firefox findet nicht ins Internet und "Ihr System wird in 59 s heruntergefahren"
    Log-Analyse und Auswertung - 15.09.2009 (6)
  17. Firefox öffnet neue Fenster. "trojan.win32.generic"
    Log-Analyse und Auswertung - 17.12.2008 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten - Hallo liebe Trojaner-Board-Gemeinde, ich hoffe mir kann jemand helfen. Folgendes Problem: Habe vor kurzem Software installiert, die wohl nicht ganz so sauber war, es handelte sich dabei um einen Torrent - svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten...
Archiv
Du betrachtest: svchost.exe - AVG findet Trojaner "SHeur3.MVL" + Firefox öffnet Werbe- und Suchseiten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131