Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
BKA Trojaner Ukash

BKA Trojaner Ukash


Log-Analyse und Auswertung: BKA Trojaner Ukash

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 11.10.2012, 22:53   #1
Mantonio
 
BKA Trojaner Ukash - Standard

BKA Trojaner Ukash


Hallo zusammen,

mich hat der BKA Trojaner auch erwischt.
Habe nach Anleitung die 3 Logfiles erstellt, s.u. bzw. im Anhang. Habe den Maleware scan noch nicht gemacht, wollte erstmal eure Antwort abwarten.

Ganz herzlichen Dank im Voraus.

Grüße Antonio

OTL logfile created on: 11.10.2012 22:44:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Inna\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,87 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 85,27% Memory free
5,74 Gb Paging File | 5,34 Gb Available in Paging File | 92,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 97,98 Gb Free Space | 65,81% Space Free | Partition Type: NTFS
Drive E: | 147,73 Gb Total Space | 16,66 Gb Free Space | 11,28% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 260,45 Gb Free Space | 55,92% Space Free | Partition Type: NTFS

Computer Name: INNA-PC | User Name: Inna | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.11 22:31:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Inna\Desktop\OTL.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2009.12.12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [1997.10.18 01:00:00 | 000,022,016 | ---- | M] () -- C:\Windows\System32\DOCOBJ.DLL


========== Services (SafeList) ==========

SRV - [2012.09.08 21:56:09 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.14 15:14:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.14 15:14:32 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.05.14 15:14:32 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.14 15:14:32 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 15:14:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.14 14:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.10.07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.08.21 10:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009.08.10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.27 19:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008.09.08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.08.25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008.04.16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VcommMgr.sys -- (VcommMgr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VComm.sys -- (VComm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\vbtenum.sys -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcusb.sys -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btcombus.sys -- (BTCOMBUS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btcomport.sys -- (BTCOM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btnetdrv.sys -- (BT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\blueletaudio.sys -- (BlueletAudio)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.14 15:14:34 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.14 15:14:34 | 000,112,032 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012.05.14 15:14:34 | 000,091,968 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012.05.14 15:14:34 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:52:55 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.06 18:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2010.04.06 18:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2010.04.06 18:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2009.10.07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.09.21 18:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.30 18:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009.07.22 10:30:54 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009.07.21 15:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.07 09:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009.05.01 01:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.05.01 00:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2009.05.01 00:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.26 16:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.15 19:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008.04.28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008.04.15 10:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.01.26 02:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.01.26 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005.02.11 12:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=4.0003002
IE - HKLM\..\SearchScopes,DefaultScope = {E1E3A3AD-6BC1-4733-8617-75A2D9306109}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{E1E3A3AD-6BC1-4733-8617-75A2D9306109}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0003002

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=4.0003002
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{377C03AB-F363-4547-BCAC-CE0DCE5C3CE5}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7TSEA_deDE344&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{B035B634-DB4B-40E6-9CFD-7EFA10D13F33}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=9B86D809-FCB4-4DA5-BEB4-004606748A7F&apn_sauid=1BFA7993-F19E-49D3-AB4F-3FAD338ACF9A
IE - HKCU\..\SearchScopes\{E1E3A3AD-6BC1-4733-8617-75A2D9306109}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_deDE344
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0003002
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com/?crg=4.0003002"
FF - prefs.js..extensions.enabledAddons: pdfforge@mybrowserbar.com:4.9
FF - prefs.js..extensions.enabledAddons: {e18845dc-387b-4fa5-b6d5-c6cfeb9ea640}:2.1.1
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.4.1
FF - prefs.js..extensions.enabledItems: {e18845dc-387b-4fa5-b6d5-c6cfeb9ea640}:2.0.1
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=9B86D809-FCB4-4DA5-BEB4-004606748A7F&apn_ptnrs=&apn_sauid=1BFA7993-F19E-49D3-AB4F-3FAD338ACF9A&apn_dtid=OSJ000&&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Inna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Inna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 21:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.12 21:28:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.07 00:37:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 21:56:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.12 21:28:40 | 000,000,000 | ---D | M]

[2011.04.07 21:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\Extensions
[2010.08.31 23:13:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.07 21:51:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.07.13 16:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\Firefox\Profiles\xxpwgdpd.default\extensions
[2012.07.13 16:55:14 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Inna\AppData\Roaming\mozilla\Firefox\Profiles\xxpwgdpd.default\extensions\toolbar@ask.com
[2012.02.03 21:23:30 | 000,126,766 | ---- | M] () (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\firefox\profiles\xxpwgdpd.default\extensions\{e18845dc-387b-4fa5-b6d5-c6cfeb9ea640}.xpi
[2012.03.24 01:10:56 | 000,162,686 | ---- | M] () (No name found) -- C:\Users\Inna\AppData\Roaming\mozilla\firefox\profiles\xxpwgdpd.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.07.13 16:55:14 | 000,002,299 | ---- | M] () -- C:\Users\Inna\AppData\Roaming\mozilla\firefox\profiles\xxpwgdpd.default\searchplugins\askcom.xml
[2012.03.24 01:11:01 | 000,003,934 | ---- | M] () -- C:\Users\Inna\AppData\Roaming\mozilla\firefox\profiles\xxpwgdpd.default\searchplugins\sweetim.xml
[2012.07.12 21:28:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.03.18 01:11:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.12 21:28:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011.12.23 02:02:30 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2012.09.08 21:56:10 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.10 18:17:39 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.08 21:56:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.10 18:17:39 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.10 18:17:39 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.10 18:17:39 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.10 18:17:39 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://home.sweetim.com/?crg=4.0003002&barid={6DBCDDD8-753D-11E1-83C3-001E33F1BA5B}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Inna\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Inna\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Inna\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Mail = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: YouTube = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Mail = C:\Users\Inna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [dradio-RecorderTimer] C:\Program Files\dradio-Recorder\phonostarTimer.exe ()
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [uxqbetchwjjmzcu] C:\ProgramData\uxqbetch.exe ()
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Inna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Mister Wong - hxxp://www.mister-wong.de/_stuff/toolbar_ie/de/2.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2834B0E8-3989-4CDD-BCE4-E1F06CEA76A1}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{11fa7305-0dd3-11e1-9496-001e33f1ba5b}\Shell - "" = AutoRun
O33 - MountPoints2\{11fa7305-0dd3-11e1-9496-001e33f1ba5b}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.11 22:41:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Inna\Desktop\OTL.exe
[2012.10.11 22:26:57 | 000,000,000 | ---D | C] -- C:\Users\Inna\AppData\Roaming\Malwarebytes
[2012.10.11 22:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.11 22:26:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.11 22:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.11 22:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.11 22:20:39 | 000,000,000 | ---D | C] -- C:\Users\Inna\Desktop\Mateo-Antivirus
[2012.10.10 22:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\paobssgtwycdmex
[2012.10.08 21:58:41 | 000,000,000 | ---D | C] -- C:\Users\Inna\Desktop\Haus-Oma
[2012.09.30 20:57:31 | 000,000,000 | ---D | C] -- C:\Users\Inna\Desktop\Fotki
[2012.09.29 14:28:18 | 000,000,000 | ---D | C] -- C:\Users\Inna\AppData\Local\Downloaded Installations
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Inna\Documents\*.tmp files -> C:\Users\Inna\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.10.11 22:44:50 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.11 22:44:50 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.11 22:44:50 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.11 22:44:50 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.11 22:42:53 | 000,000,000 | ---- | M] () -- C:\Users\Inna\defogger_reenable
[2012.10.11 22:35:10 | 000,302,592 | ---- | M] () -- C:\Users\Inna\Desktop\mx572gjh.exe
[2012.10.11 22:31:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Inna\Desktop\OTL.exe
[2012.10.11 22:30:56 | 000,050,477 | ---- | M] () -- C:\Users\Inna\Desktop\Defogger.exe
[2012.10.11 22:26:47 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.11 22:19:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.11 22:19:05 | 2312,101,888 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.11 22:08:07 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc069ac8abd2d4.job
[2012.10.11 22:08:07 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.10 23:10:08 | 000,015,348 | ---- | M] () -- C:\Windows\Inna.acl
[2012.10.10 22:36:58 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 22:36:58 | 000,010,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 22:25:37 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.10.10 22:23:38 | 000,076,346 | ---- | M] () -- C:\ProgramData\qooejtoegnrwtlb
[2012.10.10 22:23:30 | 000,105,472 | ---- | M] () -- C:\ProgramData\uxqbetch.exe
[2012.10.10 22:23:30 | 000,105,472 | ---- | M] () -- C:\Users\Inna\ms.exe
[2012.10.10 22:12:02 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3320414776-3498377191-3367406728-1000UA.job
[2012.10.10 22:11:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc069acb52e0e6.job
[2012.10.09 22:25:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.09 14:12:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3320414776-3498377191-3367406728-1000Core.job
[2012.09.17 22:53:27 | 000,889,224 | ---- | M] () -- C:\Users\Inna\IMG_0094.JPG
[2012.09.17 22:53:13 | 000,825,285 | ---- | M] () -- C:\Users\Inna\IMG_0087.JPG
[2012.09.17 22:53:02 | 000,912,229 | ---- | M] () -- C:\Users\Inna\IMG_0092.JPG
[2012.09.17 22:52:57 | 000,816,157 | ---- | M] () -- C:\Users\Inna\IMG_0089.JPG
[2012.09.17 22:52:48 | 000,906,141 | ---- | M] () -- C:\Users\Inna\IMG_0091.JPG
[2012.09.17 22:52:47 | 000,893,625 | ---- | M] () -- C:\Users\Inna\IMG_0093.JPG
[2012.09.17 22:52:42 | 000,748,791 | ---- | M] () -- C:\Users\Inna\IMG_0090.JPG
[2012.09.17 22:52:22 | 000,793,845 | ---- | M] () -- C:\Users\Inna\IMG_0088.JPG
[2012.09.17 22:49:04 | 001,566,376 | ---- | M] () -- C:\Users\Inna\IMG_0073.JPG
[2012.09.17 22:48:57 | 000,938,695 | ---- | M] () -- C:\Users\Inna\IMG_0086.JPG
[2012.09.17 22:48:57 | 000,872,923 | ---- | M] () -- C:\Users\Inna\IMG_0075.JPG
[2012.09.17 22:48:54 | 000,808,528 | ---- | M] () -- C:\Users\Inna\IMG_0077.JPG
[2012.09.17 22:48:54 | 000,786,460 | ---- | M] () -- C:\Users\Inna\IMG_0080.JPG
[2012.09.17 22:48:51 | 000,792,810 | ---- | M] () -- C:\Users\Inna\IMG_0085.JPG
[2012.09.17 22:48:49 | 000,789,402 | ---- | M] () -- C:\Users\Inna\IMG_0083.JPG
[2012.09.17 22:48:46 | 000,724,196 | ---- | M] () -- C:\Users\Inna\IMG_0081.JPG
[2012.09.17 22:48:41 | 000,863,450 | ---- | M] () -- C:\Users\Inna\IMG_0074.JPG
[2012.09.17 22:48:40 | 000,816,485 | ---- | M] () -- C:\Users\Inna\IMG_0079.JPG
[2012.09.17 22:47:51 | 000,703,846 | ---- | M] () -- C:\Users\Inna\IMG_0076.JPG
[2012.09.17 22:47:46 | 000,660,239 | ---- | M] () -- C:\Users\Inna\IMG_0084.JPG
[2012.09.17 22:47:44 | 000,738,110 | ---- | M] () -- C:\Users\Inna\IMG_0082.JPG
[2012.09.17 22:47:26 | 000,683,518 | ---- | M] () -- C:\Users\Inna\IMG_0078.JPG
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Inna\Documents\*.tmp files -> C:\Users\Inna\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.10.11 22:42:53 | 000,000,000 | ---- | C] () -- C:\Users\Inna\defogger_reenable
[2012.10.11 22:41:58 | 000,302,592 | ---- | C] () -- C:\Users\Inna\Desktop\mx572gjh.exe
[2012.10.11 22:41:58 | 000,050,477 | ---- | C] () -- C:\Users\Inna\Desktop\Defogger.exe
[2012.10.11 22:26:47 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.10 23:10:08 | 000,015,348 | ---- | C] () -- C:\Windows\Inna.acl
[2012.10.10 22:23:37 | 000,105,472 | ---- | C] () -- C:\ProgramData\uxqbetch.exe
[2012.10.10 22:23:33 | 000,076,346 | ---- | C] () -- C:\ProgramData\qooejtoegnrwtlb
[2012.10.10 22:23:30 | 000,105,472 | ---- | C] () -- C:\Users\Inna\ms.exe
[2012.09.17 22:51:10 | 000,889,224 | ---- | C] () -- C:\Users\Inna\IMG_0094.JPG
[2012.09.17 22:50:46 | 000,912,229 | ---- | C] () -- C:\Users\Inna\IMG_0092.JPG
[2012.09.17 22:50:46 | 000,906,141 | ---- | C] () -- C:\Users\Inna\IMG_0091.JPG
[2012.09.17 22:50:46 | 000,893,625 | ---- | C] () -- C:\Users\Inna\IMG_0093.JPG
[2012.09.17 22:50:46 | 000,816,157 | ---- | C] () -- C:\Users\Inna\IMG_0089.JPG
[2012.09.17 22:50:46 | 000,793,845 | ---- | C] () -- C:\Users\Inna\IMG_0088.JPG
[2012.09.17 22:50:46 | 000,748,791 | ---- | C] () -- C:\Users\Inna\IMG_0090.JPG
[2012.09.17 22:45:04 | 001,566,376 | ---- | C] () -- C:\Users\Inna\IMG_0073.JPG
[2012.09.17 22:45:04 | 000,938,695 | ---- | C] () -- C:\Users\Inna\IMG_0086.JPG
[2012.09.17 22:45:04 | 000,872,923 | ---- | C] () -- C:\Users\Inna\IMG_0075.JPG
[2012.09.17 22:45:04 | 000,863,450 | ---- | C] () -- C:\Users\Inna\IMG_0074.JPG
[2012.09.17 22:45:04 | 000,825,285 | ---- | C] () -- C:\Users\Inna\IMG_0087.JPG
[2012.09.17 22:45:04 | 000,816,485 | ---- | C] () -- C:\Users\Inna\IMG_0079.JPG
[2012.09.17 22:45:04 | 000,808,528 | ---- | C] () -- C:\Users\Inna\IMG_0077.JPG
[2012.09.17 22:45:04 | 000,792,810 | ---- | C] () -- C:\Users\Inna\IMG_0085.JPG
[2012.09.17 22:45:04 | 000,789,402 | ---- | C] () -- C:\Users\Inna\IMG_0083.JPG
[2012.09.17 22:45:04 | 000,786,460 | ---- | C] () -- C:\Users\Inna\IMG_0080.JPG
[2012.09.17 22:45:04 | 000,738,110 | ---- | C] () -- C:\Users\Inna\IMG_0082.JPG
[2012.09.17 22:45:04 | 000,724,196 | ---- | C] () -- C:\Users\Inna\IMG_0081.JPG
[2012.09.17 22:45:04 | 000,703,846 | ---- | C] () -- C:\Users\Inna\IMG_0076.JPG
[2012.09.17 22:45:04 | 000,683,518 | ---- | C] () -- C:\Users\Inna\IMG_0078.JPG
[2012.09.17 22:45:04 | 000,660,239 | ---- | C] () -- C:\Users\Inna\IMG_0084.JPG
[2011.11.14 19:15:27 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2011.07.03 19:27:40 | 000,000,033 | ---- | C] () -- C:\Windows\System32\bscs.ini
[2011.06.02 19:13:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\imwords.dat
[2011.06.02 19:13:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\im_markovian.dat
[2011.01.23 21:15:48 | 000,000,438 | ---- | C] () -- C:\Users\Inna\AppData\Roaming\wklnhst.dat
[2011.01.15 23:43:54 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010.12.29 00:59:37 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.12.29 00:50:39 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2010.12.29 00:28:34 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.09.30 13:50:21 | 000,528,580 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010.01.20 21:38:11 | 000,015,360 | ---- | C] () -- C:\Users\Inna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.15 02:01:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.15 01:59:56 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.11.04 22:40:29 | 000,000,868 | ---- | C] () -- C:\Users\Inna\.recently-used.xbel

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.02.16 23:24:20 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Canneverbe Limited
[2010.11.12 00:02:11 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Canon
[2012.10.06 00:13:23 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Dropbox
[2011.06.03 21:34:51 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\elsterformular
[2010.01.15 01:39:26 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Leadertech
[2010.01.15 01:39:35 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\OpenOffice.org
[2010.01.20 20:59:45 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Panasonic
[2010.01.15 01:39:38 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\PeaZip
[2011.04.16 10:02:19 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\phonostar GmbH
[2010.09.30 14:02:37 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\QuickScan
[2010.12.29 00:40:07 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\ScanSoft
[2011.01.23 21:15:52 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Template
[2010.08.31 23:13:11 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Thunderbird
[2011.04.07 21:51:39 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\TomTom
[2010.01.16 20:56:22 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\toshiba
[2011.02.20 16:27:48 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Ulead Systems
[2011.08.29 20:18:54 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Usability Studio
[2012.10.08 22:08:42 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\VSO
[2010.01.15 01:39:42 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\WinBatch
[2011.07.08 21:29:50 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\winxarj
[2010.12.29 00:40:13 | 000,000,000 | ---D | M] -- C:\Users\Inna\AppData\Roaming\Zeon

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011.07.08 17:13:25 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2011.01.31 01:03:58 | 004,602,044 | ---- | M] ()(C:\Users\Inna\Documents\??????????? 062.jpg) -- C:\Users\Inna\Documents\Изображение 062.jpg
[2011.01.31 00:59:38 | 004,602,044 | ---- | C] ()(C:\Users\Inna\Documents\??????????? 062.jpg) -- C:\Users\Inna\Documents\Изображение 062.jpg
[2010.09.30 14:24:06 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

< End of report >

 

Themen zu BKA Trojaner Ukash
antivir, autorun, avira, bho, bka bundeskriminalamt trojaner, bka trojaner ukash, defender, downloader, explorer, firefox, format, home, lws.exe, maleware, malwarebytes, microsoft, mozilla, opera, pdfforge toolbar, photoshop, plug-in, realtek, registry, scan, software, stick, sweetpacks, trojaner, wallpaper, windows, winlogon


« System nun sauber? | Verschlüsselungstrojaner eingefangen (Gema 50 Euro Trojaner, Whitescreen nach Anmeldung) »


Ähnliche Themen: BKA Trojaner Ukash


  1. GVU Trojaner hat Windows 7 gesperrt - Webcam - paysafecard oder ukash - Trojaner-Board
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (3)
  2. gvu / ukash-trojaner
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (11)
  3. Ukash Trojaner
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (9)
  4. Ukash-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.11.2012 (12)
  5. Ukash GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (11)
  6. UKASH BKA-Trojaner
    Log-Analyse und Auswertung - 01.11.2012 (22)
  7. BKA/UKASH - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (1)
  8. Ukash Trojaner
    Log-Analyse und Auswertung - 28.07.2012 (25)
  9. GVU Trojaner 2.07? Ukash
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (1)
  10. Ukash Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (2)
  11. Ukash- Trojaner
    Mülltonne - 04.06.2012 (2)
  12. BKA-trojaner, ukash
    Log-Analyse und Auswertung - 20.01.2012 (10)
  13. BKA-Ukash-Trojaner
    Log-Analyse und Auswertung - 04.08.2011 (1)
  14. BKA Trojaner Ukash
    Log-Analyse und Auswertung - 14.05.2011 (1)
  15. Ukash-BKA Trojaner
    Log-Analyse und Auswertung - 06.05.2011 (68)
  16. Ukash - BKA - Trojaner
    Log-Analyse und Auswertung - 02.05.2011 (25)
  17. BKA-Ukash-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BKA Trojaner Ukash - Hallo zusammen, mich hat der BKA Trojaner auch erwischt. Habe nach Anleitung die 3 Logfiles erstellt, s.u. bzw. im Anhang. Habe den Maleware scan noch nicht gemacht, wollte erstmal eure - BKA Trojaner Ukash...
Archiv
Du betrachtest: BKA Trojaner Ukash auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132