Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   HiJack- Search Settings exe und dll (https://www.trojaner-board.de/92512-hijack-search-settings-exe-dll.html)

Speedcuber 04.11.2010 15:04
HiJack- Search Settings exe und dll
 
Hey

Da ich in letzter Zeit vermeht Probleme mit meinem Pc hab poste ich hier mal mein Anliegen.

Erstmal hatte ich heute ne Fehlermeldung bei Kaspersky mit heur trojan.win32.generic
Auch immer wenn ich Virendurchsuch findet er immer Malware, verschiedener Art. nach neustarten und erneutem Suchen findet er immer wieder was. Das verunsichert mich auch, weil er ja normal mir sagt er hat das gelöscht?

Könnt ihr mir da auch unter die Arme greifen?


und 10 min später nen Bluescreen mit BAD_POOL_CALLER
Auch hab ich in letzter Zeit oft Bluescreens mit den verschiedensten Meldungen, die kommen bei großer belastung bei kleiner Belastung, ihc versteh das einfach nicht :(

Dann bin ich auf HiJack gestoßen und dies gleich angewand. Hier der Log.

Denn URLSearchHook hab ich schon fixen lassen, da ich hier und bei anderen Seiten gelesen habe das dieser schädlich ist.

Sry wenn ich jetz mit 2 Verschiedenen Themen komme wovon eins nciht in das Unterforum passt, wollte aber nicht gleich 2 Threads eröffnen!

Danke schon mal an alle!!!


V:\Program Files\Search Settings\SearchSettings.exe
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - V:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
O4 - HKLM\..\Run: [SearchSettings] V:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq

Die Sachen trau ich mich nicht zu fixen. Da ich schon gelsen hab das manche nachher probleme damit hatten nachdem sie die Sarsch Setting exe und dll gelöscht haben. Und bei den andreen bin ich mir unsicher.



HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:49:11, on 04.11.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
V:\Windows\system32\Dwm.exe
V:\Windows\Explorer.EXE
V:\Windows\system32\taskeng.exe
V:\Program Files\Windows Defender\MSASCui.exe
V:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
V:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
V:\Program Files\Java\jre6\bin\jusched.exe
V:\Program Files\Search Settings\SearchSettings.exe
V:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
V:\Program Files\Windows Sidebar\sidebar.exe
V:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
V:\Program Files\Internet Explorer\iexplore.exe
V:\Program Files\Internet Explorer\iexplore.exe
V:\Program Files\Internet Explorer\iexplore.exe
V:\Program Files\Internet Explorer\iexplore.exe
V:\Program Files\Internet Explorer\iexplore.exe
V:\Program Files\Internet Explorer\iexplore.exe
V:\Users\Johannes\Desktop\USB_STICK\Programme\SkypePortable4\Phone\Skype.exe
V:\Program Files\Steam\Steam.exe
V:\Users\Johannes\Desktop\HiJackThis204.exe
V:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - V:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - V:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - V:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - V:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - V:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - V:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroCheck] V:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "V:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] V:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] V:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "V:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "V:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] V:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [avp] "V:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [StartCCC] "V:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "V:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "V:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "V:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
O4 - HKCU\..\Run: [Sidebar] V:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] V:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-263418322-3040167929-2030940443-1004\..\Run: [Sidebar] V:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Johannes')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = V:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: UltimateZip Quick Start.lnk = V:\Program Files\UltimateZip\uzqkst.exe
O8 - Extra context menu item: Google Sidewiki... - res://V:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://V:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://V:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - V:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - V:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - V:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - V:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - V:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - V:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: V:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,V:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - V:\Windows\system32\browseui.dll
O23 - Service: AMD External Events Utility - AMD - V:\Windows\system32\atiesrxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - V:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - V:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - V:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PnkBstrA - Unknown owner - V:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - V:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 7669 bytes
--- --- ---

cosinus 04.11.2010 21:37
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Speedcuber 05.11.2010 16:50
So erst mal das OTL am malwaredings bin ich schon über 2 stunden am suchen kommt wenns fertig ist, und schon mal danke für die hilfe!!

das erste :OTL Logfile:
Code:
OTL logfile created on: 05.11.2010 16:45:06 - Run 1
OTL by OldTimer - Version 3.2.17.2    Folder = V:\Users\Johannes\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = V: | %SystemRoot% = V:\Windows | %ProgramFiles% = V:\Program Files
Drive C: | 49,00 Gb Total Space | 11,67 Gb Free Space | 23,82% Space Free | Partition Type: NTFS
Drive D: | 140,00 Gb Total Space | 114,03 Gb Free Space | 81,45% Space Free | Partition Type: NTFS
Drive V: | 100,00 Gb Total Space | 19,36 Gb Free Space | 19,36% Space Free | Partition Type: NTFS
 
Computer Name: PLAYER-PC | User Name: Player | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - V:\Users\Johannes\Desktop\OTL.exe (OldTimer Tools)
PRC - V:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - V:\Windows\System32\atieclxx.exe (AMD)
PRC - V:\Windows\System32\atiesrxx.exe (AMD)
PRC - V:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - V:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
PRC - V:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
PRC - V:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - V:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - V:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab)
PRC - V:\Windows\explorer.exe (Microsoft Corporation)
PRC - V:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - V:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - V:\Users\Johannes\Desktop\USB_STICK\Programme\SkypePortable4\Phone\Skype.exe (Skype Technologies S.A.)
PRC - V:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - V:\Users\Johannes\Desktop\OTL.exe (OldTimer Tools)
MOD - V:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- V:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AMD External Events Utility) -- V:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AVP) -- V:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (getPlusHelper) getPlus(R) -- V:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (WPFFontCache_v0400) -- V:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- V:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- V:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinDefend) -- V:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- V:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- V:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- V:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (atikmdag) -- V:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- V:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiHDAudioService) -- V:\Windows\System32\drivers\AtihdLH3.sys (ATI Technologies, Inc.)
DRV - (amdkmdap) -- V:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (KLIF) -- V:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (klbg) -- V:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- V:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- V:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (kl1) -- V:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- V:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- V:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- V:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- V:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- V:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (megasas) -- V:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpahci) -- V:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m) -- V:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- V:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- V:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- V:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- V:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (vsmraid) -- V:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (LSI_FC) -- V:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- V:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iaStorV) -- V:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (ulsata2) -- V:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- V:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (elxstor) -- V:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- V:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- V:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (nvraid) -- V:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- V:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (viaide) -- V:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- V:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- V:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql40xx) -- V:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- V:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- V:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- V:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- V:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- V:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- V:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- V:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- V:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- V:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- V:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- V:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- V:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- V:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- V:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- V:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- V:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- V:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- V:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: V:\Program Files\Mozilla Firefox\components [2010.04.01 19:55:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: V:\Program Files\Mozilla Firefox\plugins [2010.10.26 09:15:44 | 000,000,000 | ---D | M]
 
[2010.06.22 08:36:32 | 000,000,000 | ---D | M] -- V:\Users\Player\AppData\Roaming\mozilla\Extensions
[2010.08.02 18:57:02 | 000,000,000 | ---D | M] -- V:\Users\Player\AppData\Roaming\mozilla\Firefox\Profiles\s3s5o981.default\extensions
[2010.08.02 18:57:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- V:\Users\Player\AppData\Roaming\mozilla\Firefox\Profiles\s3s5o981.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.05 20:44:38 | 000,000,000 | ---D | M] -- V:\Program Files\Mozilla Firefox\extensions
[2010.05.05 20:44:38 | 000,000,000 | ---D | M] -- V:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.03.16 19:28:04 | 000,001,392 | ---- | M] () -- V:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.16 19:28:04 | 000,002,344 | ---- | M] () -- V:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.16 19:28:04 | 000,006,805 | ---- | M] () -- V:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.16 19:28:04 | 000,001,178 | ---- | M] () -- V:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.16 19:28:04 | 000,001,105 | ---- | M] () -- V:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - V:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - V:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - V:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - V:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O4 - HKLM..\Run: [ATICustomerCare] V:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avp] V:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [NeroCheck] V:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RtHDVCpl] V:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] V:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Skytel] V:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] V:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] V:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [*WerKernelReporting] V:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] V:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: V:\Users\Player\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UltimateZip Quick Start.lnk = V:\Program Files\UltimateZip\uzqkst.exe (SWE von Schleusen)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - V:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - V:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.198 192.168.0.1
O20 - AppInit_DLLs: (V:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - V:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (V:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - V:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - V:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: V:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: V:\Windows\Web\Wallpaper\img34.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.13 09:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.12.24 14:07:41 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - V:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{92dd25e1-be56-11de-a416-0021850a941b}\Shell\AutoRun\command - "" = E:\Menu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.05 14:13:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- V:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.05 14:13:48 | 000,000,000 | ---D | C] -- V:\ProgramData\Malwarebytes
[2010.11.05 14:13:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- V:\Windows\System32\drivers\mbam.sys
[2010.11.05 14:13:47 | 000,000,000 | ---D | C] -- V:\Program Files\Malwarebytes' Anti-Malware
[2010.11.04 07:56:39 | 004,240,384 | ---- | C] (Microsoft) -- V:\Windows\System32\GameUXLegacyGDFs.dll
[2010.11.04 07:56:39 | 001,696,256 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\gameux.dll
[2010.11.04 07:56:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\Apphlpdm.dll
[2010.10.26 09:15:41 | 000,000,000 | ---D | C] -- V:\Program Files\Adobe
[2010.10.26 09:15:28 | 000,000,000 | -HSD | C] -- V:\Config.Msi
[2010.10.20 19:44:34 | 000,000,000 | ---D | C] -- V:\ProgramData\ATI
[2010.10.20 16:53:51 | 006,380,032 | ---- | C] (ATI Technologies Inc.) -- V:\Windows\System32\drivers\atikmdag.sys
[2010.10.20 16:53:48 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- V:\Windows\System32\atiglpxx.dll
[2010.10.20 16:53:44 | 004,375,552 | ---- | C] (Advanced Micro Devices Inc.) -- V:\Windows\System32\aticaldd.dll
[2010.10.20 16:53:44 | 000,099,344 | ---- | C] (ATI Technologies, Inc.) -- V:\Windows\System32\drivers\AtihdLH3.sys
[2010.10.20 16:53:37 | 000,011,776 | ---- | C] (AMD) -- V:\Windows\System32\atimuixx.dll
[2010.10.20 16:53:36 | 000,019,968 | ---- | C] (Advanced Micro Devices, Inc. ) -- V:\Windows\System32\atigktxx.dll
[2010.10.20 16:53:31 | 000,241,664 | ---- | C] (Advanced Micro Devices, Inc.) -- V:\Windows\System32\atiadlxx.dll
[2010.10.20 16:53:30 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- V:\Windows\System32\aticalrt.dll
[2010.10.20 16:53:21 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- V:\Windows\System32\atiapfxx.exe
[2010.10.20 16:53:14 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- V:\Windows\System32\aticalcl.dll
[2010.10.20 16:53:06 | 003,914,240 | ---- | C] (ATI Technologies Inc. ) -- V:\Windows\System32\atidxx32.dll
[2010.10.20 16:52:55 | 000,065,536 | ---- | C] (AMD) -- V:\Windows\System32\coinst.dll
[2010.10.20 16:52:54 | 015,830,016 | ---- | C] (Advanced Micro Devices, Inc.) -- V:\Windows\System32\atioglxx.dll
[2010.10.20 16:52:53 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- V:\Windows\System32\atimpc32.dll
[2010.10.20 16:52:53 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- V:\Windows\System32\amdpcom32.dll
[2010.10.20 16:52:52 | 000,380,928 | ---- | C] (AMD) -- V:\Windows\System32\atieclxx.exe
[2010.10.20 16:52:48 | 000,528,384 | ---- | C] (ATI Technologies Inc. ) -- V:\Windows\System32\aticfx32.dll
[2010.10.20 16:52:43 | 000,030,208 | ---- | C] (Advanced Micro Devices, Inc. ) -- V:\Windows\System32\atiuxpag.dll
[2010.10.20 16:52:41 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- V:\Windows\System32\atibtmon.exe
[2010.10.20 16:52:41 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- V:\Windows\System32\drivers\ati2erec.dll
[2010.10.20 16:52:40 | 000,319,456 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\Difxapi.dll
[2010.10.20 16:52:34 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- V:\Windows\System32\Oemdspif.dll
[2010.10.20 16:52:32 | 000,221,696 | ---- | C] (Advanced Micro Devices, Inc.) -- V:\Windows\System32\drivers\atikmpag.sys
[2010.10.20 16:52:29 | 000,450,560 | ---- | C] (Advanced Micro Devices, Inc.) -- V:\Windows\System32\ATIDEMGX.dll
[2010.10.20 16:52:29 | 000,176,128 | ---- | C] (AMD) -- V:\Windows\System32\atiesrxx.exe
[2010.10.20 16:52:28 | 000,028,160 | ---- | C] (Advanced Micro Devices, Inc. ) -- V:\Windows\System32\atiu9pag.dll
[2010.10.19 19:03:44 | 000,157,184 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\t2embed.dll
[2010.10.19 19:03:34 | 008,147,456 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\wmploc.DLL
[2010.10.19 19:03:23 | 000,602,112 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\msfeeds.dll
[2010.10.19 19:03:23 | 000,385,024 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\html.iec
[2010.10.19 19:03:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\licmgr10.dll
[2010.10.19 19:03:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\mshtml.tlb
[2010.10.19 19:03:22 | 001,469,440 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\inetcpl.cpl
[2010.10.19 19:03:22 | 000,611,840 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\mstime.dll
[2010.10.19 19:03:22 | 000,387,584 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\iedkcs32.dll
[2010.10.19 19:03:22 | 000,184,320 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\iepeers.dll
[2010.10.19 19:03:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\ie4uinit.exe
[2010.10.19 19:03:22 | 000,164,352 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\ieui.dll
[2010.10.19 19:03:22 | 000,133,632 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\ieUnatt.exe
[2010.10.19 19:03:22 | 000,109,056 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\iesysprep.dll
[2010.10.19 19:03:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\iesetup.dll
[2010.10.19 19:03:22 | 000,055,808 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\iernonce.dll
[2010.10.19 19:03:22 | 000,055,296 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\msfeedsbs.dll
[2010.10.19 19:03:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\jsproxy.dll
[2010.10.19 19:03:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\msfeedssync.exe
[2010.10.19 19:03:19 | 000,017,920 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\netevent.dll
[2010.10.19 19:03:16 | 000,954,752 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\mfc40.dll
[2010.10.19 19:03:16 | 000,954,288 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\mfc40u.dll
[2010.10.19 19:02:25 | 002,038,272 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\win32k.sys
[2010.10.19 19:02:22 | 000,867,328 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\wmpmde.dll
[2010.10.19 19:02:22 | 000,231,424 | ---- | C] (Microsoft Corporation) -- V:\Windows\System32\msshsq.dll
[2010.10.06 19:07:49 | 000,000,000 | ---D | C] -- V:\Program Files\Steam
[2009.06.16 13:03:56 | 000,126,976 | ---- | C] ( ) -- V:\Windows\System32\Interop.SHDocVw.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.05 16:46:00 | 000,000,420 | -H-- | M] () -- V:\Windows\tasks\User_Feed_Synchronization-{FE7B88E3-1920-42ED-A022-AFA6236E8E0E}.job
[2010.11.05 16:42:01 | 000,001,092 | ---- | M] () -- V:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.05 16:42:00 | 000,001,096 | ---- | M] () -- V:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.05 16:38:01 | 000,000,298 | -H-- | M] () -- V:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.11.05 16:15:50 | 000,003,616 | -H-- | M] () -- V:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.05 16:15:50 | 000,003,616 | -H-- | M] () -- V:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.05 16:09:01 | 000,000,298 | -H-- | M] () -- V:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.11.05 15:57:01 | 000,000,298 | -H-- | M] () -- V:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.11.05 14:22:26 | 001,682,526 | ---- | M] () -- V:\Windows\System32\perfh007.dat
[2010.11.05 14:22:26 | 000,914,280 | ---- | M] () -- V:\Windows\System32\perfh009.dat
[2010.11.05 14:22:26 | 000,460,738 | ---- | M] () -- V:\Windows\System32\perfc007.dat
[2010.11.05 14:22:26 | 000,409,106 | ---- | M] () -- V:\Windows\System32\perfc009.dat
[2010.11.05 14:15:48 | 000,067,584 | --S- | M] () -- V:\Windows\bootstat.dat
[2010.11.05 14:15:46 | 3488,931,840 | -HS- | M] () -- V:\hiberfil.sys
[2010.11.05 14:15:45 | 333,507,471 | ---- | M] () -- V:\Windows\MEMORY.DMP
[2010.11.05 14:13:51 | 000,000,790 | ---- | M] () -- V:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.04 21:24:35 | 000,000,398 | -H-- | M] () -- V:\Windows\tasks\User_Feed_Synchronization-{0357BBCE-B1A7-49BD-A373-E4367145CB97}.job
[2010.11.04 19:18:45 | 000,000,424 | -H-- | M] () -- V:\Windows\tasks\User_Feed_Synchronization-{468539CC-E129-4744-B451-ED3F1C19F743}.job
[2010.11.04 08:32:12 | 000,011,719 | ---- | M] () -- V:\Users\Player\Documents\200 200 200.xlsx
[2010.10.26 09:15:44 | 000,001,859 | ---- | M] () -- V:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.20 16:54:01 | 006,380,032 | ---- | M] (ATI Technologies Inc.) -- V:\Windows\System32\drivers\atikmdag.sys
[2010.10.20 16:53:51 | 000,002,857 | ---- | M] () -- V:\Windows\System32\atipblag.dat
[2010.10.20 16:53:50 | 004,375,552 | ---- | M] (Advanced Micro Devices Inc.) -- V:\Windows\System32\aticaldd.dll
[2010.10.20 16:53:50 | 000,021,866 | ---- | M] () -- V:\Windows\atiogl.xml
[2010.10.20 16:53:49 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- V:\Windows\System32\atiglpxx.dll
[2010.10.20 16:53:47 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- V:\Windows\System32\ati2edxx.dll
[2010.10.20 16:53:44 | 000,099,344 | ---- | M] (ATI Technologies, Inc.) -- V:\Windows\System32\drivers\AtihdLH3.sys
[2010.10.20 16:53:42 | 000,076,216 | ---- | M] () -- V:\Windows\System32\atiapfxx.blb
[2010.10.20 16:53:40 | 000,011,776 | ---- | M] (AMD) -- V:\Windows\System32\atimuixx.dll
[2010.10.20 16:53:39 | 000,219,348 | ---- | M] () -- V:\Windows\System32\atiicdxx.dat
[2010.10.20 16:53:36 | 000,019,968 | ---- | M] (Advanced Micro Devices, Inc. ) -- V:\Windows\System32\atigktxx.dll
[2010.10.20 16:53:35 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- V:\Windows\System32\atipdlxx.dll
[2010.10.20 16:53:33 | 000,241,664 | ---- | M] (Advanced Micro Devices, Inc.) -- V:\Windows\System32\atiadlxx.dll
[2010.10.20 16:53:31 | 000,046,080 | ---- | M] (Advanced Micro Devices Inc.) -- V:\Windows\System32\aticalrt.dll
[2010.10.20 16:53:30 | 015,830,016 | ---- | M] (Advanced Micro Devices, Inc.) -- V:\Windows\System32\atioglxx.dll
[2010.10.20 16:53:23 | 000,143,360 | ---- | M] (Advanced Micro Devices, Inc.) -- V:\Windows\System32\atiapfxx.exe
[2010.10.20 16:53:20 | 003,914,240 | ---- | M] (ATI Technologies Inc. ) -- V:\Windows\System32\atidxx32.dll
[2010.10.20 16:53:18 | 000,044,032 | ---- | M] (Advanced Micro Devices Inc.) -- V:\Windows\System32\aticalcl.dll
[2010.10.20 16:53:09 | 000,045,056 | ---- | M] () -- V:\Windows\System32\ATIODCLI.exe
[2010.10.20 16:53:02 | 000,023,040 | ---- | M] () -- V:\Windows\System32\atitmpxx.dll
[2010.10.20 16:52:58 | 000,065,536 | ---- | M] (AMD) -- V:\Windows\System32\coinst.dll
[2010.10.20 16:52:54 | 000,380,928 | ---- | M] (AMD) -- V:\Windows\System32\atieclxx.exe
[2010.10.20 16:52:54 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- V:\Windows\System32\atimpc32.dll
[2010.10.20 16:52:54 | 000,052,736 | ---- | M] (Advanced Micro Devices, Inc. ) -- V:\Windows\System32\amdpcom32.dll
[2010.10.20 16:52:51 | 000,528,384 | ---- | M] (ATI Technologies Inc. ) -- V:\Windows\System32\aticfx32.dll
[2010.10.20 16:52:49 | 000,583,888 | ---- | M] () -- V:\Windows\System32\atiumdva.cap
[2010.10.20 16:52:48 | 000,294,912 | ---- | M] () -- V:\Windows\System32\ATIODE.exe
[2010.10.20 16:52:45 | 000,030,208 | ---- | M] (Advanced Micro Devices, Inc. ) -- V:\Windows\System32\atiuxpag.dll
[2010.10.20 16:52:43 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- V:\Windows\System32\drivers\ati2erec.dll
[2010.10.20 16:52:42 | 000,118,784 | ---- | M] (Advanced Micro Devices, Inc.) -- V:\Windows\System32\atibtmon.exe
[2010.10.20 16:52:41 | 000,319,456 | ---- | M] (Microsoft Corporation) -- V:\Windows\System32\Difxapi.dll
[2010.10.20 16:52:38 | 004,032,512 | ---- | M] (ATI Technologies Inc. ) -- V:\Windows\System32\atiumdag.dll
[2010.10.20 16:52:36 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- V:\Windows\System32\Oemdspif.dll
[2010.10.20 16:52:36 | 000,159,744 | ---- | M] (AMD) -- V:\Windows\System32\atitmmxx.dll
[2010.10.20 16:52:32 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) -- V:\Windows\System32\drivers\atikmpag.sys
[2010.10.20 16:52:32 | 000,176,128 | ---- | M] (AMD) -- V:\Windows\System32\atiesrxx.exe
[2010.10.20 16:52:31 | 000,450,560 | ---- | M] (Advanced Micro Devices, Inc.) -- V:\Windows\System32\ATIDEMGX.dll
[2010.10.20 16:52:29 | 000,028,160 | ---- | M] (Advanced Micro Devices, Inc. ) -- V:\Windows\System32\atiu9pag.dll
[2010.10.20 16:52:27 | 003,392,000 | ---- | M] (Advanced Micro Devices, Inc. ) -- V:\Windows\System32\atiumdva.dll
[2010.10.20 10:12:22 | 000,001,585 | ---- | M] () -- V:\Users\Player\Desktop\Counter-Strike Source.lnk
[2010.10.19 19:10:28 | 000,383,312 | ---- | M] () -- V:\Windows\System32\FNTCACHE.DAT
[2010.10.19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- V:\Windows\System32\MpSigStub.exe
[2010.10.06 19:51:59 | 000,000,758 | ---- | M] () -- V:\Users\Public\Desktop\Steam.lnk
 
========== Files Created - No Company Name ==========
 
[2010.11.05 14:13:51 | 000,000,790 | ---- | C] () -- V:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.04 08:26:59 | 000,011,719 | ---- | C] () -- V:\Users\Player\Documents\200 200 200.xlsx
[2010.11.02 15:42:58 | 000,000,298 | -H-- | C] () -- V:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.10.26 09:15:44 | 000,001,859 | ---- | C] () -- V:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.20 16:53:50 | 000,002,857 | ---- | C] () -- V:\Windows\System32\atipblag.dat
[2010.10.20 16:53:49 | 000,021,866 | ---- | C] () -- V:\Windows\atiogl.xml
[2010.10.20 16:53:39 | 000,076,216 | ---- | C] () -- V:\Windows\System32\atiapfxx.blb
[2010.10.20 16:53:38 | 000,219,348 | ---- | C] () -- V:\Windows\System32\atiicdxx.dat
[2010.10.20 16:53:07 | 000,045,056 | ---- | C] () -- V:\Windows\System32\ATIODCLI.exe
[2010.10.20 16:52:58 | 000,023,040 | ---- | C] () -- V:\Windows\System32\atitmpxx.dll
[2010.10.20 16:52:45 | 000,294,912 | ---- | C] () -- V:\Windows\System32\ATIODE.exe
[2010.10.20 16:52:43 | 000,583,888 | ---- | C] () -- V:\Windows\System32\atiumdva.cap
[2010.10.20 10:12:22 | 000,001,585 | ---- | C] () -- V:\Users\Player\Desktop\Counter-Strike Source.lnk
[2010.10.06 19:07:49 | 000,000,758 | ---- | C] () -- V:\Users\Public\Desktop\Steam.lnk
[2009.12.17 16:22:22 | 000,000,056 | -H-- | C] () -- V:\ProgramData\ezsidmv.dat
[2009.10.19 06:27:46 | 000,117,248 | ---- | C] () -- V:\Windows\System32\EhStorAuthn.dll
[2009.08.19 07:54:27 | 000,027,648 | ---- | C] () -- V:\Windows\System32\AVSredirect.dll
[2009.06.19 19:06:22 | 000,197,912 | ---- | C] () -- V:\Windows\System32\physxcudart_20.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelSwedish.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelSpanish.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelPortugese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelKorean.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelJapanese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelGerman.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- V:\Windows\System32\AgCPanelFrench.dll
[2009.06.16 13:03:58 | 000,053,248 | ---- | C] () -- V:\Windows\System32\dossec.dll
[2009.05.24 07:05:02 | 000,005,019 | ---- | C] () -- V:\ProgramData\cbkxtjjv.ukg
[2008.10.28 15:21:01 | 000,022,328 | ---- | C] () -- V:\Windows\System32\drivers\PnkBstrK.sys
[2008.10.23 04:42:17 | 000,013,312 | ---- | C] () -- V:\Users\Player\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.22 17:51:07 | 000,000,317 | ---- | C] () -- V:\ProgramData\hpzinstall.log
[2008.10.22 17:11:01 | 000,000,802 | ---- | C] () -- V:\Users\Player\AppData\Roaming\dm.ini
[2008.10.22 17:11:01 | 000,000,520 | ---- | C] () -- V:\Users\Player\AppData\Roaming\AdobeDLM.log
[2008.10.22 17:00:36 | 000,000,400 | ---- | C] () -- V:\Windows\ODBC.INI
[2008.10.02 12:26:10 | 000,000,680 | ---- | C] () -- V:\Users\Player\AppData\Local\d3d9caps.dat
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- V:\Windows\System32\pacerprf.ini
[2004.09.01 16:49:17 | 003,375,104 | ---- | C] () -- V:\Windows\System32\qt-mt331.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> V:\ProgramData\TEMP:CB0AACC9

< End of report >
--- --- ---


Das Zweite:OTL Logfile:
Code:
OTL Extras logfile created on: 05.11.2010 16:45:06 - Run 1
OTL by OldTimer - Version 3.2.17.2    Folder = V:\Users\Johannes\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = V: | %SystemRoot% = V:\Windows | %ProgramFiles% = V:\Program Files
Drive C: | 49,00 Gb Total Space | 11,67 Gb Free Space | 23,82% Space Free | Partition Type: NTFS
Drive D: | 140,00 Gb Total Space | 114,03 Gb Free Space | 81,45% Space Free | Partition Type: NTFS
Drive V: | 100,00 Gb Total Space | 19,36 Gb Free Space | 19,36% Space Free | Partition Type: NTFS
 
Computer Name: PLAYER-PC | User Name: Player | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- V:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- V:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5D8D833A-A047-4247-932C-09E8CA8B7F5D}" = lport=6004 | protocol=17 | dir=in | app=v:\program files\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001B9684-FD51-4DA1-9A81-2F9A5B2F67E6}" = protocol=17 | dir=in | app=v:\program files\microsoft office\office12\groove.exe |
"{05D5CE70-C43D-4913-8801-407F33EA9CE4}" = protocol=6 | dir=in | app=v:\windows\system32\pnkbstra.exe |
"{0F262A4D-41A5-4F67-A06A-D35B9CADA63A}" = protocol=6 | dir=in | app=v:\program files\steam\steam.exe |
"{25FAC949-FE3E-4E5F-A273-4748492A643D}" = protocol=17 | dir=in | app=v:\windows\system32\pnkbstra.exe |
"{27466AA1-4C9E-4016-9270-D8419EEB5A76}" = protocol=6 | dir=in | app=v:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe |
"{2EEBBCE7-55F6-45EE-9944-7169CDAD8C46}" = protocol=17 | dir=in | app=v:\windows\system32\pnkbstrb.exe |
"{32E13B9E-6612-43A4-85C6-8FD8B3BBD7BD}" = protocol=6 | dir=in | app=v:\windows\system32\pnkbstrb.exe |
"{616BDABE-27C0-4C4C-8700-FA61EE3B20D6}" = protocol=6 | dir=in | app=v:\program files\microsoft office\office12\groove.exe |
"{82D89F29-6498-4EDB-BCDE-D91A87211509}" = protocol=17 | dir=in | app=v:\program files\microsoft office\office12\onenote.exe |
"{9AD5BCFC-F12B-426A-BDEF-5C8AD0D23B04}" = protocol=17 | dir=in | app=v:\program files\steam\steam.exe |
"{A21FA7F0-B8A6-407B-BC52-786C7FF44C04}" = protocol=6 | dir=in | app=v:\program files\steam\steamapps\fischka793\counter-strike source\hl2.exe |
"{B3F58FA5-6083-4A63-BA08-4E2B59593BE3}" = protocol=17 | dir=in | app=v:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe |
"{B9344147-47D5-4478-A7EC-5F1002C26F79}" = protocol=6 | dir=in | app=v:\program files\microsoft office\office12\onenote.exe |
"{FFF0E699-BBFC-4F89-B085-5E68B078A294}" = protocol=17 | dir=in | app=v:\program files\steam\steamapps\fischka793\counter-strike source\hl2.exe |
"TCP Query User{11704060-75B7-4FEA-BF93-F82F8B1CF177}V:\users\johannes\desktop\usb_stick\programme\skypeportable4\phone\skype.exe" = protocol=6 | dir=in | app=v:\users\johannes\desktop\usb_stick\programme\skypeportable4\phone\skype.exe |
"TCP Query User{4DEA0049-992E-4919-A309-D83627B3636D}V:\users\johannes\desktop\spiele\cod6 modern warfar 2\iw4mp.exe" = protocol=6 | dir=in | app=v:\users\johannes\desktop\spiele\cod6 modern warfar 2\iw4mp.exe |
"TCP Query User{71B71127-37B6-4104-AB62-078B2F9CC29D}V:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=v:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{8A109B78-AB73-4C0A-9AF9-95B15206463C}V:\program files\ea games\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=v:\program files\ea games\need for speed most wanted\speed.exe |
"TCP Query User{9FC086E5-E3A7-4832-8AD8-1145EA315187}V:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=v:\program files\java\jre6\bin\java.exe |
"TCP Query User{A1EACC3D-75DD-485E-9C57-0401337C5850}V:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=v:\program files\internet explorer\iexplore.exe |
"TCP Query User{AACA321D-BA4C-4B73-BF12-EBF79AA4DEC0}E:\programme\skypeportable4\phone\skype.exe" = protocol=6 | dir=in | app=e:\programme\skypeportable4\phone\skype.exe |
"TCP Query User{D04732D6-4ABC-430E-9C36-CF0A3046604B}C:0\programme\skypeportable4\phone\skype.exe" = protocol=6 | dir=in | app=c:0\programme\skypeportable4\phone\skype.exe |
"TCP Query User{E063EF9A-9B05-45D7-A41F-D9AA09D25E36}H:\programme\skypeportable4\phone\skype.exe" = protocol=6 | dir=in | app=h:\programme\skypeportable4\phone\skype.exe |
"TCP Query User{F5C6500B-FB4B-465B-972A-E91C50DD8A1D}V:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=v:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{35CD47B5-E450-49F8-AA76-2881BD4247D5}V:\program files\ea games\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=v:\program files\ea games\need for speed most wanted\speed.exe |
"UDP Query User{3D350D8D-0E86-430D-AD01-E0F6158DEF33}V:\users\johannes\desktop\usb_stick\programme\skypeportable4\phone\skype.exe" = protocol=17 | dir=in | app=v:\users\johannes\desktop\usb_stick\programme\skypeportable4\phone\skype.exe |
"UDP Query User{4A22E2AD-40AC-45AC-A5B3-D280D19D74D5}V:\users\johannes\desktop\spiele\cod6 modern warfar 2\iw4mp.exe" = protocol=17 | dir=in | app=v:\users\johannes\desktop\spiele\cod6 modern warfar 2\iw4mp.exe |
"UDP Query User{53299CB3-2840-4744-AE02-D6537BF18BAC}V:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=v:\program files\java\jre6\bin\java.exe |
"UDP Query User{5C41C631-8927-42C8-98C2-C269721801CD}C:0\programme\skypeportable4\phone\skype.exe" = protocol=17 | dir=in | app=c:0\programme\skypeportable4\phone\skype.exe |
"UDP Query User{6B2F9418-F10E-48E9-9B37-0FA9E63F19DA}V:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=v:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{C52CF82C-A800-479B-B61D-DAD8BEB4DC30}H:\programme\skypeportable4\phone\skype.exe" = protocol=17 | dir=in | app=h:\programme\skypeportable4\phone\skype.exe |
"UDP Query User{CB23102B-C1E5-4D1B-89CB-BDBC29C085E2}V:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=v:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{F2A4EF8D-203E-47BF-AD9B-16521B275F9B}V:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=v:\program files\internet explorer\iexplore.exe |
"UDP Query User{FEBB7415-3D17-4936-8AF2-3675FBB13A09}E:\programme\skypeportable4\phone\skype.exe" = protocol=17 | dir=in | app=e:\programme\skypeportable4\phone\skype.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.1
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 13
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40CB0D72-3B19-9BFE-F1B9-896BC4022145}" = HydraVision
"{51DC7E02-3EEE-D01E-60D1-103A0DA2C3BF}" = Catalyst Control Center Graphics Previews Common
"{56AAE9D5-3D96-8D1D-C4C4-0290B21CE901}" = ccc-core-static
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF2E5BA0-759C-926D-6C3F-11A3751C286E}" = Catalyst Control Center Graphics Previews Vista
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C969744F-EB74-5868-719E-D4B1F3D0792F}" = ccc-utility
"{CE03D1DC-FD8D-2F5C-5FAD-02570BA0383B}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF6AE90D-05E8-4D0B-AF79-94F9E1CA5601}" = Microsoft Flight Simulator X Demo
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AdobeESD" = Adobe Download Manager 2.2 (Nur entfernen)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{CF6AE90D-05E8-4D0B-AF79-94F9E1CA5601}" = Microsoft Flight Simulator X Demo
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"MPEGTapeDeck 1.23_is1" = MPEGTapeDeck 1.23
"PunkBusterSvc" = PunkBuster Services
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"UltimateZip_is1" = UltimateZip
"WinGimp-2.0_is1" = GIMP 2.6.6
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra WebStart" = GeoGebra WebStart
"Night Squad 2" = Night Squad 2
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

Speedcuber 05.11.2010 17:16
so nun den maleware... Vielleich sollte ich erwähnen das in dieser anfangszeit mein Kaspersky auch 2 malware angezeigt hat und diese dann aber "angeblich gelöscht hat"

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 5050

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

05.11.2010 17:15:02
mbam-log-2010-11-05 (17-15-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|V:\|)
Durchsuchte Objekte: 451273
Laufzeit: 2 Stunde(n), 51 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\65MWRMP54G (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
V:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
V:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> No action taken.
V:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.

cosinus 05.11.2010 23:11
Du musst alle Funde von malwarbytes entfernen. Bitte nachholen, was nicht gemacht.

Speedcuber 06.11.2010 12:36
Okay hab ich was soll ich mit den Funden von HiJack machen?

hier hab ich nochmal durchsucht..

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5055

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

06.11.2010 12:35:45
mbam-log-2010-11-06 (12-35-45).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 140972
Laufzeit: 6 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 06.11.2010 16:52
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - AutoRun File - [2009.12.24 14:07:41 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - V:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{92dd25e1-be56-11de-a416-0021850a941b}\Shell\AutoRun\command - "" = E:\Menu.exe -- File not found
[2010.11.02 15:42:58 | 000,000,298 | -H-- | C] () -- V:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2009.05.24 07:05:02 | 000,005,019 | ---- | C] () -- V:\ProgramData\cbkxtjjv.ukg
@Alternate Data Stream - 120 bytes -> V:\ProgramData\TEMP:CB0AACC9
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Speedcuber 06.11.2010 23:08
Ich hab jetzt ausversehen auf "Bereinigen" gedrückt da ich das feld zum eingeben ncith gefunden habe, obwohl es ja so eindeutig ist :fpme:

Wenn ich jetz dein Text eingeben will kommt ne fehlermeldung und die Taskleiste sowie alle deskoptadeiten sind nicht mehr da. Dann muss ich mich abmelden und alles erscheint wieder.

cosinus 06.11.2010 23:47
Starte den Rechner neu und probier es nochmal.

Speedcuber 07.11.2010 16:06
Dann kommt in nem kleinen Anzeigefeld folgender Fehler:

Cannot create file: V:\\Windows\System32\drivers\etc\Hosts

Zudem kann ich Trackmania nichtmehr starten, man kann zwar starten aber es passiert nichts, habs shcon neu runtergeladen und neu installiert immer noch das selbe problem.

cosinus 07.11.2010 23:19
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Speedcuber 10.11.2010 14:00
so hier:
Combofix Logfile:
Code:
ComboFix 10-11-09.02 - Player 10.11.2010  13:45:22.1.2 - x86
Microsoft® Windows Vista™ Business  6.0.6002.2.1252.49.1031.18.3327.2039 [GMT 1:00]
ausgeführt von:: v:\users\Johannes\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\install.exe
v:\program files\Search Settings
v:\program files\Search Settings\kb128\SearchSettings.dll
v:\program files\Search Settings\kb128\SearchSettingsRes409.dll
v:\program files\Search Settings\SearchSettings.exe

.
(((((((((((((((((((((((  Dateien erstellt von 2010-10-10 bis 2010-11-10  ))))))))))))))))))))))))))))))
.

2010-11-10 12:51 . 2010-11-10 12:51        --------        d-----w-        v:\users\Default\AppData\Local\temp
2010-11-10 12:51 . 2010-11-10 12:52        --------        d-----w-        v:\users\Player\AppData\Local\temp
2010-11-10 12:51 . 2010-11-10 12:51        --------        d-----w-        v:\users\Sabina\AppData\Local\temp
2010-11-06 23:05 . 2010-11-06 23:06        --------        d-----w-        v:\program files\TmNationsForever
2010-11-06 21:50 . 2010-11-06 21:50        --------        d-----w-        V:\_OTL
2010-11-06 14:33 . 2010-11-06 14:33        --------        d-----w-        v:\users\Sabina\AppData\Roaming\Malwarebytes
2010-11-05 22:53 . 2010-04-29 11:19        38224        ----a-w-        v:\windows\system32\drivers\mbamswissarmy.sys
2010-11-05 22:53 . 2010-11-05 22:53        --------        d-----w-        v:\program files\Malwarebytes' Anti-Malware
2010-11-05 22:53 . 2010-11-05 22:53        --------        d-----w-        v:\programdata\Malwarebytes
2010-11-05 22:53 . 2010-04-29 11:19        20952        ----a-w-        v:\windows\system32\drivers\mbam.sys
2010-11-05 13:17 . 2010-11-05 13:17        --------        d-----w-        v:\users\Johannes\AppData\Roaming\Malwarebytes
2010-11-04 06:56 . 2010-08-26 16:34        1696256        ----a-w-        v:\windows\system32\gameux.dll
2010-11-04 06:56 . 2010-08-26 16:33        28672        ----a-w-        v:\windows\system32\Apphlpdm.dll
2010-11-04 06:56 . 2010-08-26 14:23        4240384        ----a-w-        v:\windows\system32\GameUXLegacyGDFs.dll
2010-11-04 06:54 . 2010-10-07 23:21        6146896        ----a-w-        v:\programdata\Microsoft\Windows Defender\Definition Updates\{58F0860E-F956-4F6F-A7EA-874137DB1881}\mpengine.dll
2010-10-24 18:16 . 2010-08-17 10:52        2409784        ----a-w-        v:\program files\Windows Mail\OESpamFilter.dat
2010-10-24 18:16 . 2010-08-26 04:23        13312        ----a-w-        v:\program files\Internet Explorer\iecompat.dll
2010-10-20 18:44 . 2010-10-20 18:44        --------        d-----w-        v:\programdata\ATI
2010-10-20 15:52 . 2010-10-20 15:52        65536        ----a-w-        v:\windows\system32\coinst.dll
2010-10-19 18:03 . 2010-08-26 16:37        157184        ----a-w-        v:\windows\system32\t2embed.dll
2010-10-19 18:02 . 2010-08-10 15:53        274944        ----a-w-        v:\windows\system32\schannel.dll
2010-10-19 18:02 . 2010-08-31 13:27        2038272        ----a-w-        v:\windows\system32\win32k.sys
2010-10-19 18:02 . 2010-06-28 17:00        1316864        ----a-w-        v:\windows\system32\ole32.dll
2010-10-19 18:02 . 2010-06-28 14:54        339968        ----a-w-        v:\program files\Windows NT\Accessories\wordpad.exe
2010-10-19 18:02 . 2010-08-20 16:05        867328        ----a-w-        v:\windows\system32\wmpmde.dll
2010-10-19 18:02 . 2010-05-04 19:13        231424        ----a-w-        v:\windows\system32\msshsq.dll
2010-10-19 18:00 . 2010-08-31 15:44        531968        ----a-w-        v:\windows\system32\comctl32.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-20 15:53 . 2008-08-21 02:12        43520        ----a-w-        v:\windows\system32\ati2edxx.dll
2010-10-20 15:53 . 2008-08-21 02:12        356352        ----a-w-        v:\windows\system32\atipdlxx.dll
2010-10-20 15:52 . 2008-08-21 01:57        4032512        ----a-w-        v:\windows\system32\atiumdag.dll
2010-10-20 15:52 . 2008-08-21 02:13        159744        ----a-w-        v:\windows\system32\atitmmxx.dll
2010-10-20 15:52 . 2008-08-21 01:36        3392000        ----a-w-        v:\windows\system32\atiumdva.dll
2010-10-19 10:41 . 2009-10-16 08:18        222080        ------w-        v:\windows\system32\MpSigStub.exe
2010-08-26 16:33 . 2010-11-04 06:56        173056        ----a-w-        v:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-11-04 06:56        542720        ----a-w-        v:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-11-04 06:56        458752        ----a-w-        v:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-11-04 06:56        2159616        ----a-w-        v:\windows\apppatch\AcGenral.dll
2010-08-18 05:58 . 2010-08-18 05:58        499712        ----a-w-        v:\windows\system32\msvcp71.dll
2010-08-18 05:58 . 2010-08-18 05:58        348160        ----a-w-        v:\windows\system32\msvcr71.dll
2010-08-17 14:11 . 2010-09-21 19:19        128000        ----a-w-        v:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="v:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="v:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="v:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="v:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RtHDVCpl"="v:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-30 7289376]
"SunJavaUpdateSched"="v:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="v:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"avp"="v:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-18 340520]
"StartCCC"="v:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"ATICustomerCare"="v:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe Reader Speed Launcher"="v:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="v:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

v:\users\Player\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - v:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
UltimateZip Quick Start.lnk - v:\program files\UltimateZip\uzqkst.exe [2008-10-22 1087488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=v:\progra~1\KASPER~1\KASPER~2\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;v:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);v:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 133104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;v:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 klbg;Kaspersky Lab Boot Guard Driver;v:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;v:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S2 AMD External Events Utility;AMD External Events Utility;v:\windows\system32\atiesrxx.exe [2010-10-20 176128]
S3 amdkmdag;amdkmdag;v:\windows\system32\DRIVERS\atikmdag.sys [2010-10-20 6380032]
S3 amdkmdap;amdkmdap;v:\windows\system32\DRIVERS\atikmpag.sys [2010-10-20 221696]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;v:\windows\system32\drivers\AtihdLH3.sys [2010-10-20 99344]
S3 klmouflt;Kaspersky Lab KLMOUFLT;v:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners

2010-11-10 v:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- v:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 16:07]

2010-11-10 v:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- v:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 16:07]

2010-11-10 v:\windows\Tasks\User_Feed_Synchronization-{0357BBCE-B1A7-49BD-A373-E4367145CB97}.job
- v:\windows\system32\msfeedssync.exe [2010-10-19 04:25]

2010-11-09 v:\windows\Tasks\User_Feed_Synchronization-{468539CC-E129-4744-B451-ED3F1C19F743}.job
- v:\windows\system32\msfeedssync.exe [2010-10-19 04:25]

2010-11-10 v:\windows\Tasks\User_Feed_Synchronization-{FE7B88E3-1920-42ED-A022-AFA6236E8E0E}.job
- v:\windows\system32\msfeedssync.exe [2010-10-19 04:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Google Sidewiki... - v:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - v:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - v:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - v:\users\Player\AppData\Roaming\Mozilla\Firefox\Profiles\s3s5o981.default\
FF - component: v:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - v:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - (no file)
HKLM-Run-SearchSettings - v:\program files\Search Settings\SearchSettings.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-11-10 13:52
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2010-11-10  13:54:49
ComboFix-quarantined-files.txt  2010-11-10 12:54

Vor Suchlauf: 11 Verzeichnis(se), 23.215.132.672 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 25.263.542.272 Bytes frei

- - End Of File - - 23C2FB7E0FF89D3B275DEEDD0E2640F2
--- --- ---

Speedcuber 10.11.2010 14:01
Combofix Logfile:
Code:
ComboFix 10-11-09.02 - Player 10.11.2010  13:45:22.1.2 - x86
Microsoft® Windows Vista™ Business  6.0.6002.2.1252.49.1031.18.3327.2039 [GMT 1:00]
ausgeführt von:: v:\users\Johannes\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\install.exe
v:\program files\Search Settings
v:\program files\Search Settings\kb128\SearchSettings.dll
v:\program files\Search Settings\kb128\SearchSettingsRes409.dll
v:\program files\Search Settings\SearchSettings.exe

.
(((((((((((((((((((((((  Dateien erstellt von 2010-10-10 bis 2010-11-10  ))))))))))))))))))))))))))))))
.

2010-11-10 12:51 . 2010-11-10 12:51        --------        d-----w-        v:\users\Default\AppData\Local\temp
2010-11-10 12:51 . 2010-11-10 12:52        --------        d-----w-        v:\users\Player\AppData\Local\temp
2010-11-10 12:51 . 2010-11-10 12:51        --------        d-----w-        v:\users\Sabina\AppData\Local\temp
2010-11-06 23:05 . 2010-11-06 23:06        --------        d-----w-        v:\program files\TmNationsForever
2010-11-06 21:50 . 2010-11-06 21:50        --------        d-----w-        V:\_OTL
2010-11-06 14:33 . 2010-11-06 14:33        --------        d-----w-        v:\users\Sabina\AppData\Roaming\Malwarebytes
2010-11-05 22:53 . 2010-04-29 11:19        38224        ----a-w-        v:\windows\system32\drivers\mbamswissarmy.sys
2010-11-05 22:53 . 2010-11-05 22:53        --------        d-----w-        v:\program files\Malwarebytes' Anti-Malware
2010-11-05 22:53 . 2010-11-05 22:53        --------        d-----w-        v:\programdata\Malwarebytes
2010-11-05 22:53 . 2010-04-29 11:19        20952        ----a-w-        v:\windows\system32\drivers\mbam.sys
2010-11-05 13:17 . 2010-11-05 13:17        --------        d-----w-        v:\users\Johannes\AppData\Roaming\Malwarebytes
2010-11-04 06:56 . 2010-08-26 16:34        1696256        ----a-w-        v:\windows\system32\gameux.dll
2010-11-04 06:56 . 2010-08-26 16:33        28672        ----a-w-        v:\windows\system32\Apphlpdm.dll
2010-11-04 06:56 . 2010-08-26 14:23        4240384        ----a-w-        v:\windows\system32\GameUXLegacyGDFs.dll
2010-11-04 06:54 . 2010-10-07 23:21        6146896        ----a-w-        v:\programdata\Microsoft\Windows Defender\Definition Updates\{58F0860E-F956-4F6F-A7EA-874137DB1881}\mpengine.dll
2010-10-24 18:16 . 2010-08-17 10:52        2409784        ----a-w-        v:\program files\Windows Mail\OESpamFilter.dat
2010-10-24 18:16 . 2010-08-26 04:23        13312        ----a-w-        v:\program files\Internet Explorer\iecompat.dll
2010-10-20 18:44 . 2010-10-20 18:44        --------        d-----w-        v:\programdata\ATI
2010-10-20 15:52 . 2010-10-20 15:52        65536        ----a-w-        v:\windows\system32\coinst.dll
2010-10-19 18:03 . 2010-08-26 16:37        157184        ----a-w-        v:\windows\system32\t2embed.dll
2010-10-19 18:02 . 2010-08-10 15:53        274944        ----a-w-        v:\windows\system32\schannel.dll
2010-10-19 18:02 . 2010-08-31 13:27        2038272        ----a-w-        v:\windows\system32\win32k.sys
2010-10-19 18:02 . 2010-06-28 17:00        1316864        ----a-w-        v:\windows\system32\ole32.dll
2010-10-19 18:02 . 2010-06-28 14:54        339968        ----a-w-        v:\program files\Windows NT\Accessories\wordpad.exe
2010-10-19 18:02 . 2010-08-20 16:05        867328        ----a-w-        v:\windows\system32\wmpmde.dll
2010-10-19 18:02 . 2010-05-04 19:13        231424        ----a-w-        v:\windows\system32\msshsq.dll
2010-10-19 18:00 . 2010-08-31 15:44        531968        ----a-w-        v:\windows\system32\comctl32.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-20 15:53 . 2008-08-21 02:12        43520        ----a-w-        v:\windows\system32\ati2edxx.dll
2010-10-20 15:53 . 2008-08-21 02:12        356352        ----a-w-        v:\windows\system32\atipdlxx.dll
2010-10-20 15:52 . 2008-08-21 01:57        4032512        ----a-w-        v:\windows\system32\atiumdag.dll
2010-10-20 15:52 . 2008-08-21 02:13        159744        ----a-w-        v:\windows\system32\atitmmxx.dll
2010-10-20 15:52 . 2008-08-21 01:36        3392000        ----a-w-        v:\windows\system32\atiumdva.dll
2010-10-19 10:41 . 2009-10-16 08:18        222080        ------w-        v:\windows\system32\MpSigStub.exe
2010-08-26 16:33 . 2010-11-04 06:56        173056        ----a-w-        v:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-11-04 06:56        542720        ----a-w-        v:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-11-04 06:56        458752        ----a-w-        v:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-11-04 06:56        2159616        ----a-w-        v:\windows\apppatch\AcGenral.dll
2010-08-18 05:58 . 2010-08-18 05:58        499712        ----a-w-        v:\windows\system32\msvcp71.dll
2010-08-18 05:58 . 2010-08-18 05:58        348160        ----a-w-        v:\windows\system32\msvcr71.dll
2010-08-17 14:11 . 2010-09-21 19:19        128000        ----a-w-        v:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="v:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="v:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="v:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="v:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RtHDVCpl"="v:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-30 7289376]
"SunJavaUpdateSched"="v:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="v:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"avp"="v:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-18 340520]
"StartCCC"="v:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"ATICustomerCare"="v:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe Reader Speed Launcher"="v:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="v:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

v:\users\Player\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - v:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
UltimateZip Quick Start.lnk - v:\program files\UltimateZip\uzqkst.exe [2008-10-22 1087488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=v:\progra~1\KASPER~1\KASPER~2\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;v:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);v:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 133104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;v:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 klbg;Kaspersky Lab Boot Guard Driver;v:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;v:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
S2 AMD External Events Utility;AMD External Events Utility;v:\windows\system32\atiesrxx.exe [2010-10-20 176128]
S3 amdkmdag;amdkmdag;v:\windows\system32\DRIVERS\atikmdag.sys [2010-10-20 6380032]
S3 amdkmdap;amdkmdap;v:\windows\system32\DRIVERS\atikmpag.sys [2010-10-20 221696]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;v:\windows\system32\drivers\AtihdLH3.sys [2010-10-20 99344]
S3 klmouflt;Kaspersky Lab KLMOUFLT;v:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners

2010-11-10 v:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- v:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 16:07]

2010-11-10 v:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- v:\program files\Google\Update\GoogleUpdate.exe [2009-09-28 16:07]

2010-11-10 v:\windows\Tasks\User_Feed_Synchronization-{0357BBCE-B1A7-49BD-A373-E4367145CB97}.job
- v:\windows\system32\msfeedssync.exe [2010-10-19 04:25]

2010-11-09 v:\windows\Tasks\User_Feed_Synchronization-{468539CC-E129-4744-B451-ED3F1C19F743}.job
- v:\windows\system32\msfeedssync.exe [2010-10-19 04:25]

2010-11-10 v:\windows\Tasks\User_Feed_Synchronization-{FE7B88E3-1920-42ED-A022-AFA6236E8E0E}.job
- v:\windows\system32\msfeedssync.exe [2010-10-19 04:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Google Sidewiki... - v:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - v:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - v:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - v:\users\Player\AppData\Roaming\Mozilla\Firefox\Profiles\s3s5o981.default\
FF - component: v:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - v:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - (no file)
HKLM-Run-SearchSettings - v:\program files\Search Settings\SearchSettings.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-10 13:52
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2010-11-10  13:54:49
ComboFix-quarantined-files.txt  2010-11-10 12:54

Vor Suchlauf: 11 Verzeichnis(se), 23.215.132.672 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 25.263.542.272 Bytes frei

- - End Of File - - 23C2FB7E0FF89D3B275DEEDD0E2640F2
--- --- ---

cosinus 10.11.2010 14:33
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:27 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131