Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Facebook-Trojaner (https://www.trojaner-board.de/122508-facebook-trojaner.html)

Triboon108 20.08.2012 21:17
Facebook-Trojaner
 
Hallo, mir wurde gestern Abend ein Trojaner zum Verhängnis, der auf Facebook im Anhang einer dubiose Nachrichten mit dem ungefähren Wortlaut "Weerrrrrr ist daaassssss?" verschickt wird - leider habe ich diesen Anhang herunter geladen und versucht zu öffnen, da dieser sich nicht öffnen lies, habe ich die Datei zunächst gelöscht. Dieser Trojaner verschickt sich laut meinen Informationen vom eigenen FB-Account von selbst, sobald man ihn geöffnet hat.
Ein Freund empfahl, sich hier zu registrieren und einen Thread zu erstellen, was ich hiermit getan habe. Die weitere Vorgehensweise, die er mir und den anderen "Opfern" gab, lautet wie folgt:

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
- Poste die Resultate hier in den Thread.

2. Schritt

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden) - Doppelklick auf die OTL.exe

- Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Wähle Scanne Alle Benutzer
- Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
- Unter Extra Registrierung, wähle bitte Benutze SafeList
- Klicke nun auf Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.

Dies werde ich zunächst erst einmal tun.

Hat sonst noch jemand ein paar Ratschläge gegen diesen und ähnliche Schädlinge?

t'john 20.08.2012 21:45
:hallo:

Hast du die Logs schon?

Triboon108 21.08.2012 22:05
Hier der erste Log, hat ne Weile gedauert, weil sich mein Rechner andauernd aufgehangen hat -.-
Ich hoffe, dass ist das richtige. Der Log von OTL wird auch noch kommen.

2012/08/21 07:05:58 +0200 CHRISTIAN-PC Christian MESSAGE Starting protection
2012/08/21 07:06:02 +0200 CHRISTIAN-PC Christian MESSAGE Protection started successfully
2012/08/21 07:06:05 +0200 CHRISTIAN-PC Christian MESSAGE Starting IP protection
2012/08/21 07:06:05 +0200 CHRISTIAN-PC Christian ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/08/21 07:10:26 +0200 CHRISTIAN-PC Christian DETECTION C:\Users\Christian\AppData\Local\Temp\1460559547.exe Trojan.Agent QUARANTINE
2012/08/21 07:11:43 +0200 CHRISTIAN-PC Christian MESSAGE Starting database refresh
2012/08/21 07:11:46 +0200 CHRISTIAN-PC Christian MESSAGE Database refreshed successfully
2012/08/21 07:47:21 +0200 CHRISTIAN-PC Christian MESSAGE Starting protection
2012/08/21 07:47:24 +0200 CHRISTIAN-PC Christian MESSAGE Protection started successfully
2012/08/21 07:47:27 +0200 CHRISTIAN-PC Christian MESSAGE Starting IP protection
2012/08/21 07:47:27 +0200 CHRISTIAN-PC Christian ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/08/21 18:50:59 +0200 CHRISTIAN-PC Christian MESSAGE Starting protection
2012/08/21 18:51:02 +0200 CHRISTIAN-PC Christian MESSAGE Protection started successfully
2012/08/21 18:51:05 +0200 CHRISTIAN-PC Christian MESSAGE Starting IP protection
2012/08/21 18:51:05 +0200 CHRISTIAN-PC Christian ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/08/21 20:03:39 +0200 CHRISTIAN-PC Christian DETECTION C:\Users\Christian\AppData\Local\{e6f27182-82d5-296e-9e48-e4de32ae6ad3}\U\80000032.@ Rootkit.0Access QUARANTINE
2012/08/21 20:08:44 +0200 CHRISTIAN-PC Christian MESSAGE Starting protection
2012/08/21 20:08:47 +0200 CHRISTIAN-PC Christian MESSAGE Protection started successfully
2012/08/21 20:08:50 +0200 CHRISTIAN-PC Christian MESSAGE Starting IP protection
2012/08/21 20:08:50 +0200 CHRISTIAN-PC Christian ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/08/21 20:08:54 +0200 CHRISTIAN-PC Christian MESSAGE Starting database refresh
2012/08/21 20:08:57 +0200 CHRISTIAN-PC Christian MESSAGE Database refreshed successfully
2012/08/21 22:05:13 +0200 CHRISTIAN-PC Christian MESSAGE Starting protection
2012/08/21 22:05:16 +0200 CHRISTIAN-PC Christian MESSAGE Protection started successfully
2012/08/21 22:05:19 +0200 CHRISTIAN-PC Christian MESSAGE Starting IP protection
2012/08/21 22:05:19 +0200 CHRISTIAN-PC Christian ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753
2012/08/21 22:19:43 +0200 CHRISTIAN-PC Christian DETECTION C:\Users\Christian\AppData\Local\{e6f27182-82d5-296e-9e48-e4de32ae6ad3}\U\80000000.@ Rootkit.0Access QUARANTINE
2012/08/21 22:20:48 +0200 CHRISTIAN-PC Christian DETECTION C:\Users\Christian\AppData\Local\{e6f27182-82d5-296e-9e48-e4de32ae6ad3}\U\80000032.@ Rootkit.0Access QUARANTINE
2012/08/21 22:21:12 +0200 CHRISTIAN-PC Christian DETECTION C:\Users\Christian\AppData\Local\{e6f27182-82d5-296e-9e48-e4de32ae6ad3}\U\80000032.@ Rootkit.0Access DENY
2012/08/21 22:21:37 +0200 CHRISTIAN-PC Christian DETECTION C:\Users\Christian\AppData\Local\{e6f27182-82d5-296e-9e48-e4de32ae6ad3}\U\80000000.@ Rootkit.0Access DENY
2012/08/21 22:21:38 +0200 CHRISTIAN-PC Christian DETECTION C:\Users\Christian\AppData\Local\{e6f27182-82d5-296e-9e48-e4de32ae6ad3}\U\80000032.@ Rootkit.0Access DENY
2012/08/21 22:56:37 +0200 CHRISTIAN-PC Christian MESSAGE Starting protection
2012/08/21 22:56:39 +0200 CHRISTIAN-PC Christian MESSAGE Protection started successfully

t'john 21.08.2012 23:56
Bitte das Malwarebytes Logfile posten!
(Reiter Logberichte)

Triboon108 22.08.2012 11:49
Okay, muss ich den Scan dazu wiederholen, oder ist das abgespeichert?

t'john 22.08.2012 18:18
Gespeichert

Triboon108 22.08.2012 18:42
Erm, da gibts keinen Reiter, der so heißt, dass was ich gepostet habe war unter Logdateien als .txt Datei gespeichert.

Hier der OTL-LogOTL Logfile:
Code:
OTL logfile created on: 22.08.2012 19:47:05 - Run 1
OTL by OldTimer - Version 3.2.58.1    Folder = C:\Users\Christian\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 62,81% Memory free
5,99 Gb Paging File | 4,72 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,99 Gb Total Space | 401,84 Gb Free Space | 88,71% Space Free | Partition Type: NTFS
Drive D: | 678,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christian\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\Christian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Programme\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Programme\Lexmark 5600-6600 Series\lxdumsdmon.exe ()
PRC - C:\Programme\Lexmark 5600-6600 Series\lxdumon.exe ()
PRC - C:\Windows\System32\lxducoms.exe ( )
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Unlocker\UnlockerHook.dll ()
MOD - C:\Programme\Unlocker\UnlockerAssistant.exe ()
MOD - C:\Programme\Lexmark 5600-6600 Series\lxdumsdmon.exe ()
MOD - C:\Programme\Lexmark 5600-6600 Series\lxdumon.exe ()
MOD - C:\Programme\Lexmark 5600-6600 Series\lxducaps.dll ()
MOD - C:\Programme\Lexmark 5600-6600 Series\lxduscw.dll ()
MOD - C:\Programme\Lexmark 5600-6600 Series\lxdudrs.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\lxdudatr.dll ()
MOD - C:\Programme\Lexmark 5600-6600 Series\lxducnv4.dll ()
MOD - C:\Programme\Lexmark 5600-6600 Series\app4r.monitor.core.dll ()
MOD - C:\Programme\Lexmark 5600-6600 Series\app4r.monitor.common.dll ()
MOD - C:\Programme\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll ()
MOD - C:\Programme\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll ()
MOD - C:\Programme\McAfee\Common Framework\ccme_base.dll ()
MOD - C:\Programme\McAfee\Common Framework\cryptocme2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WajamUpdater) -- C:\Programme\Wajam\Updater\WajamUpdater.exe (Wajam)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (lxdu_device) -- C:\Windows\System32\lxducoms.exe ( )
SRV - (lxduCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (mfeavfk01) --  File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Win 7 DDK provider)
DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10016&barid={1FC4B1B8-65F6-40C0-86C5-4182B1EFB120}
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10016&barid={1FC4B1B8-65F6-40C0-86C5-4182B1EFB120}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10016&barid={1FC4B1B8-65F6-40C0-86C5-4182B1EFB120}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 99 A9 41 58 D9 7F CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=060612_6_&babsrc=SP_ss&mntrId=4c3b4708000000000000001e65930ea7
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=20120430DCED4B468390F60AAE6F5A0F&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92541611053227392
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10016&barid={1FC4B1B8-65F6-40C0-86C5-4182B1EFB120}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..keyword.URL: "hxxp://blekko.com/?source=c3348dd4&tbp=url&toolbarid=blekkotb&u=___userid___&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Blekko"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.03 16:22:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.03 16:22:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.30 19:23:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 03:59:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.18 13:00:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.30 19:23:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 03:59:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.18 13:00:25 | 000,000,000 | ---D | M]
 
[2012.02.25 01:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2012.08.22 07:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\kbsuejye.default\extensions
[2012.04.30 19:32:39 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\kbsuejye.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
[2012.02.25 01:05:49 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\kbsuejye.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012.08.22 07:36:20 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\kbsuejye.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2011.01.25 20:11:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\kbsuejye.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.08.02 09:25:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\kbsuejye.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.10.02 22:33:55 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\kbsuejye.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012.06.12 23:54:23 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\kbsuejye.default\extensions\ffxtlbr@babylon.com
[2011.05.02 11:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\kbsuejye.default\extensions\nostmp
[2011.03.24 01:58:35 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\kbsuejye.default\extensions\personas@christopher.beard
[2012.04.30 19:32:36 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\kbsuejye.default\extensions\plugin@yontoo.com
[2011.10.02 22:33:45 | 000,002,207 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\kbsuejye.default\searchplugins\MyStart Search.xml
[2012.02.25 01:05:44 | 000,002,519 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\kbsuejye.default\searchplugins\Search_Results.xml
[2012.06.19 23:18:46 | 000,003,998 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\kbsuejye.default\searchplugins\sweetim.xml
[2012.05.03 14:12:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.01.25 22:59:15 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2011.01.25 22:59:13 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2012.05.03 14:12:44 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2012.06.19 23:18:35 | 000,172,310 | ---- | M] () (No name found) -- C:\USERS\CHRISTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KBSUEJYE.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012.07.19 03:59:18 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.25 09:43:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.12 23:54:21 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.25 09:43:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.30 19:32:45 | 000,002,127 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
[2012.06.25 09:43:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 09:43:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.25 01:05:44 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.06.25 09:43:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 09:43:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Updater For Spam Free Search Bar) - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Programme\blekkotb\auxi\blekkoAu.dll (Visicom Media)
O2 - BHO: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Programme\blekkotb\blekkoDx.dll ()
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120126001635.dll (McAfee, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Programme\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Spam Free Search Bar) - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Programme\blekkotb\blekkoDx.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll̀ File not found
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Programme\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Programme\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe ()
O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Christian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5742C245-BD8B-4221-91E2-F1B81F5247CA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9b3e4420-4423-11e0-94da-001e65930ea6}\Shell - "" = AutoRun
O33 - MountPoints2\{9b3e4420-4423-11e0-94da-001e65930ea6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a914c79d-44fe-11e0-94d8-001e65930ea6}\Shell - "" = AutoRun
O33 - MountPoints2\{a914c79d-44fe-11e0-94d8-001e65930ea6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b174c4b2-42aa-11e0-94dd-d1a56bcb0aa8}\Shell - "" = AutoRun
O33 - MountPoints2\{b174c4b2-42aa-11e0-94dd-d1a56bcb0aa8}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b9d9d326-4bb9-11e0-94df-e6c4b019f8a6}\Shell - "" = AutoRun
O33 - MountPoints2\{b9d9d326-4bb9-11e0-94df-e6c4b019f8a6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.21 22:03:58 | 000,000,000 | RHSD | C] -- C:\Users\Christian\M-0-5778-6436-2457
[2012.08.20 22:36:17 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2012.08.20 22:36:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.20 22:36:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.20 22:36:04 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.20 22:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.19 22:51:52 | 000,000,000 | RHSD | C] -- C:\Users\Christian\M-10-6897-8685-3464
[2012.08.17 01:38:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.17 01:38:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.17 01:38:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.17 01:38:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.17 01:38:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.17 01:38:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.17 01:38:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.16 11:04:49 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.16 11:04:46 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.22 19:34:18 | 000,668,888 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.22 19:34:18 | 000,620,400 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.22 19:34:18 | 000,134,672 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.22 19:34:18 | 000,110,588 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.22 19:30:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.22 19:29:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.22 19:29:40 | 2411,859,968 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.22 08:04:05 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.22 08:04:05 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.22 07:35:31 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.21 20:07:16 | 000,000,000 | -H-- | M] () -- C:\Users\Christian\AppData\Roaming\winbras.sys
[2012.08.21 01:29:18 | 324,277,274 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.20 22:36:11 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.20 21:37:08 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.08.17 11:21:44 | 000,413,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.16 18:00:00 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
 
========== Files Created - No Company Name ==========
 
[2012.08.20 23:42:01 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{e6f27182-82d5-296e-9e48-e4de32ae6ad3}\L\00000004.@
[2012.08.20 22:36:11 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.20 21:57:07 | 000,000,000 | -H-- | C] () -- C:\Users\Christian\AppData\Roaming\winbras.sys
[2012.05.03 22:17:50 | 000,003,584 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.02 18:55:14 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ4809N.DAT
[2012.03.12 11:24:57 | 000,001,672 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2012.01.28 13:51:43 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.01.28 13:51:28 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.01.11 20:40:18 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{e6f27182-82d5-296e-9e48-e4de32ae6ad3}\@
[2012.01.11 20:40:18 | 000,002,048 | -HS- | C] () -- C:\Users\Christian\AppData\Local\{e6f27182-82d5-296e-9e48-e4de32ae6ad3}\@
[2011.11.17 18:38:23 | 000,000,068 | ---- | C] () -- C:\Windows\Q-PLUS.INI
[2011.10.30 19:08:48 | 000,238,988 | ---- | C] () -- C:\Windows\hpwins26.dat
[2011.07.08 14:20:37 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.07.08 14:20:36 | 000,644,608 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.07.08 14:20:36 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.07.08 14:20:36 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011.07.08 14:20:35 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.03.04 13:25:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll
[2011.03.04 13:25:15 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxduih.exe
[2011.03.04 13:25:15 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll
[2011.03.04 13:25:14 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll
[2011.03.04 13:25:14 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll
[2011.03.04 13:25:14 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll
[2011.03.04 13:25:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll
[2011.03.04 13:25:14 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll
[2011.03.04 13:25:14 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll
[2011.03.04 13:25:14 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll
[2011.03.04 13:25:14 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxducfg.exe
[2011.03.04 13:25:14 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll
[2011.03.04 13:24:11 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll
[2011.03.04 13:24:11 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll
[2011.03.04 13:24:11 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll
[2011.03.04 13:22:33 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxducoms.exe
[2011.03.04 13:22:33 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll
[2011.03.04 13:22:33 | 000,446,464 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll
[2011.03.04 13:22:33 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll
[2011.03.04 13:20:17 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxducoin.dll
[2010.09.27 12:03:08 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll

< End of report >
--- --- ---

Und den gabs auch noch von OTL:

TL Extras logfile created on: 22.08.2012 19:47:05 - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Christian\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 62,81% Memory free
5,99 Gb Paging File | 4,72 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,99 Gb Total Space | 401,84 Gb Free Space | 88,71% Space Free | Partition Type: NTFS
Drive D: | 678,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq4809" = CanoScan LiDE 210 Scanner Driver
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1CE60928-8325-49A8-8B06-633E48DD2B67}" = Cisco Systems VPN Client 5.0.07.0410
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4183178B-4D4E-48A7-9257-454BA90A760E}" = SweetPacks Toolbar for Internet Explorer 4.6
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92975DF9-EA36-4F36-A9AC-D412BC1D709E}" = Nuvoton EC Generic HID Driver
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help
"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Album Art Downloader XUI" = Album Art Downloader XUI 0.43
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"BabylonToolbar" = Babylon toolbar on IE
"blekkotb" = Spam Free Search Bar
"conduitEngine" = Conduit Engine
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DealPly" = DealPly
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Guitar Explorer 1.0" = Guitar Explorer 1.0
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hardware Helper_is1" = Hardware Helper
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"iLivid" = iLivid
"IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar
"Jack Orlando - Demo Episode I" = Jack Orlando - Demo Episode I
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.2.0 (Full)
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"Shop for HP Supplies" = Shop for HP Supplies
"Unlocker" = Unlocker 1.9.1
"Video Downloader" = Video Downloader
"VLC media player" = VLC media player 2.0.1
"Wajam" = Wajam
"Windows Searchqu Toolbar" = Windows iLivid Toolbar
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"FLV Player" = FLV Player
"FoxTab FLV Player" = FoxTab FLV Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20.08.2012 19:13:51 | Computer Name = Christian-PC | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
brauchte länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet.
Thread-ID:
4028 (0xfbc) Thread-Adresse: 0x770F7094 Thread-Nachricht: Build VSCORE.14.3.0.464
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\87036db917b1e8a9aca571d7b48d66af\System.Data.SqlXml.ni.dll

by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 21.08.2012 01:28:16 | Computer Name = Christian-PC | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
brauchte länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet.
Thread-ID:
2440 (0x988) Thread-Adresse: 0x774A7094 Thread-Nachricht: Build VSCORE.14.3.0.464
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 21.08.2012 13:43:00 | Computer Name = Christian-PC | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
brauchte länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet.
Thread-ID:
2720 (0xaa0) Thread-Adresse: 0x777F7094 Thread-Nachricht: Build VSCORE.14.3.0.464
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\87036db917b1e8a9aca571d7b48d66af\System.Data.SqlXml.ni.dll

by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 21.08.2012 14:59:28 | Computer Name = Christian-PC | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
brauchte länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet.
Thread-ID:
1308 (0x51c) Thread-Adresse: 0x76F07094 Thread-Nachricht: Build VSCORE.14.3.0.464
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\87036db917b1e8a9aca571d7b48d66af\System.Data.SqlXml.ni.dll

by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 21.08.2012 16:16:29 | Computer Name = Christian-PC | Source = McLogEvent | ID = 5051
Description = Ein Thread in Vorgang C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
brauchte länger als 90000 ms, um eine Anfrage auszuführen. Der Vorgang wird beendet.
Thread-ID:
2820 (0xb04) Thread-Adresse: 0x77207094 Thread-Nachricht: Build VSCORE.14.3.0.464
/ 5400.1158 Object being scanned = \Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe

by C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

[ Media Center Events ]
Error - 06.08.2011 03:50:00 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 09:50:00 - Fehler beim Herstellen der Internetverbindung. 09:50:00
- Serververbindung konnte nicht hergestellt werden..

Error - 06.08.2011 05:51:44 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 11:51:44 - Fehler beim Herstellen der Internetverbindung. 11:51:44
- Serververbindung konnte nicht hergestellt werden..

Error - 07.08.2011 14:07:38 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 20:07:38 - Fehler beim Herstellen der Internetverbindung. 20:07:38
- Serververbindung konnte nicht hergestellt werden..

Error - 07.08.2011 18:01:43 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 00:01:43 - Fehler beim Herstellen der Internetverbindung. 00:01:43
- Serververbindung konnte nicht hergestellt werden..

Error - 19.09.2011 16:28:21 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 22:28:21 - Fehler beim Herstellen der Internetverbindung. 22:28:21
- Serververbindung konnte nicht hergestellt werden..

Error - 19.09.2011 16:28:35 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 22:28:26 - Fehler beim Herstellen der Internetverbindung. 22:28:26
- Serververbindung konnte nicht hergestellt werden..

Error - 22.09.2011 13:49:55 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 19:49:55 - Fehler beim Herstellen der Internetverbindung. 19:49:55
- Serververbindung konnte nicht hergestellt werden..

Error - 22.09.2011 13:50:08 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 19:50:00 - Fehler beim Herstellen der Internetverbindung. 19:50:00
- Serververbindung konnte nicht hergestellt werden..

Error - 26.09.2011 17:23:37 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 23:23:36 - Fehler beim Herstellen der Internetverbindung. 23:23:36
- Serververbindung konnte nicht hergestellt werden..

Error - 26.09.2011 17:23:56 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 23:23:42 - Fehler beim Herstellen der Internetverbindung. 23:23:42
- Serververbindung konnte nicht hergestellt werden..

[ OSession Events ]
Error - 15.06.2012 16:29:56 | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 350
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15.06.2012 17:15:31 | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1577
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 22.08.2012 13:29:53 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060

Error - 22.08.2012 13:29:53 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.

Error - 22.08.2012 13:29:53 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxduCATSCustConnectService erreicht.

Error - 22.08.2012 13:29:53 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxduCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 22.08.2012 13:29:53 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.

Error - 22.08.2012 13:45:13 | Computer Name = Christian-PC | Source = DCOM | ID = 10005
Description =

Error - 22.08.2012 13:45:14 | Computer Name = Christian-PC | Source = DCOM | ID = 10005
Description =

Error - 22.08.2012 13:45:13 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Funktionssuchanbieter-Host" ist von folgendem Dienst abhängig:
http. Dieser Dienst ist eventuell nicht installiert.

Error - 22.08.2012 13:45:14 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Funktionssuchanbieter-Host" ist von folgendem Dienst abhängig:
http. Dieser Dienst ist eventuell nicht installiert.

Error - 22.08.2012 13:45:14 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "SSDP-Suche" ist von folgendem Dienst abhängig: http. Dieser
Dienst ist eventuell nicht installiert.


< End of report >

t'john 22.08.2012 22:28
Zitat:
Erm, da gibts keinen Reiter, der so heißt,
oeffne Malwarebytes und schaue nochmal nach.

t'john 05.10.2012 23:58
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:42 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131