Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Gefälschter Virus attackiert meinen PC!

Gefälschter Virus attackiert meinen PC!


Log-Analyse und Auswertung: Gefälschter Virus attackiert meinen PC!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 24.05.2011, 20:24   #1
Virus123Hilf
 
Gefälschter Virus attackiert meinen PC! - Unglücklich

Gefälschter Virus attackiert meinen PC!


"Als ich gestern mit meinem Goolge Chrome im Internet unterwegs war,downloadete ich den Adobe Flash player 10.
In der Folge poppten Fenster von angeblicher Antiviren-Software auf [WIN7 Internet Security], die mich zur Installation und zum Kauf derselben verleiten wollten. Diesen Aufforderungen bin ich nicht nachgekommen.

Ich habe dann auf einer Seite herausgefunden ->
Das dieser ''Virus''(Trojan-BNK.Win32.Keylogger.gen)
eigentlich garkein Virus ist,und nur zur täuschung Dient um eben das Antivirus Programm win7 internet security zu downloaden.
Der eigentliche Virus soll/sollen eben diese Fenster sein,die immer zum Vorschein kommen.

Auch ins Web kann ich nicht mehr egal,mit welchem Browser. Da kommt immer die Meldung: Ein sehr gefährlicher Virus..blabla, installieren sie sofort WIN7 Internet Security um die Viren zu löschen.
Ich lasse den PC gerade mit Avira Antivir Personal - Free Antivirus scanen.
(Mache ich zum ersten mal jetzt,da wir den Laptop erst frisch gekauft haben)

Ich weiss,eigentlich sollte ich alle Schritte befolgen,aber ich habe wirklich keine Zeit und brauche sehr schnell eure Hilfe.
Ich binn erst 14 (!) Jahre alt,und wenn meine Eltern diesen ''Virus'' entdecken..dann gibts riesigen ärger.

Für Infos über diesen ''Virus'' -> Trojan-BNK.Win32.Keylogger.gen Entfernen | Faster, PC! Clean! Clean! in deutscher Sprache

Wenn der Link nicht gezeigt wird einfach Trojan-BNK.Win32.Keylogger.gen in Google eingeben,ist der allererste Link.

Bitte,hilft mir. Ich muss diesen ''Virus'' unbedingt weg kriegen bevor meine Eltern kommen.
Wenn ihr mir nicht helfen könnt muss ich wohl WIN7 von neu Installieren.

Es folgt der Log

[SPOILER]

OTL logfile created on: 5/24/2011 9:02:04 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Burcu\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.86 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 45.80% Memory free
7.73 Gb Paging File | 5.35 Gb Available in Paging File | 69.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 138.94 Gb Free Space | 77.62% Space Free | Partition Type: NTFS
Drive D: | 266.66 Gb Total Space | 266.37 Gb Free Space | 99.89% Space Free | Partition Type: NTFS

Computer Name: BURCU-PC | User Name: Burcu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/24 20:58:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Burcu\Desktop\OTL.exe
PRC - [2011/05/24 20:08:29 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Burcu\Desktop\HiJackThis204.exe
PRC - [2011/05/24 18:39:08 | 000,339,968 | -HS- | M] () -- C:\Users\Burcu\AppData\Local\ikx.exe
PRC - [2011/05/02 12:25:56 | 000,724,536 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2011/04/01 17:07:08 | 000,442,024 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2011/04/01 17:07:05 | 000,389,288 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
PRC - [2011/03/31 16:48:36 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2011/03/31 14:38:26 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011/03/28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/21 13:21:24 | 000,632,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsGui.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
PRC - [2010/06/08 09:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/05/06 08:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe


========== Modules (SafeList) ==========

MOD - [2011/05/24 20:58:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Burcu\Desktop\OTL.exe
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/08/04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Security\pctgmhk.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/16 16:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2011/03/28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/21 13:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/01 17:07:25 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/04/01 17:07:25 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/10 13:24:50 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/12/02 15:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010/12/02 15:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/12/02 15:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010/12/02 15:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/09/02 19:06:00 | 001,577,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010/05/21 06:02:40 | 001,377,840 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/04/16 16:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/27 16:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2011/01/30 01:09:56 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010/10/25 09:58:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/10/25 09:58:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/25 09:59:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/05/07 10:59:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/05/07 10:59:23 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Users\Burcu\AppData\Local\ikx.exe" -a "%1" %* ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Users\Burcu\AppData\Local\ikx.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2011/05/24 20:58:35 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Burcu\Desktop\OTL.exe
[2011/05/24 20:08:33 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Burcu\Desktop\HiJackThis204.exe
[2011/05/24 20:03:53 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{77CB79F7-FE81-4C8E-830B-4D2C2FD36E00}
[2011/05/24 19:20:06 | 000,816,016 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctEFA64.sys
[2011/05/24 19:20:06 | 000,452,872 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctDS64.sys
[2011/05/24 19:20:06 | 000,334,976 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctgntdi64.sys
[2011/05/24 19:20:06 | 000,137,704 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctwfpfilter64.sys
[2011/05/24 19:20:05 | 000,257,232 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\PCTCore64.sys
[2011/05/24 19:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/05/24 19:19:56 | 000,092,896 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\pctplsg64.sys
[2011/05/24 19:19:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011/05/24 19:19:30 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\PC Tools
[2011/05/24 19:19:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/05/24 19:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/05/23 08:37:14 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{3C27C661-AFE5-4D08-877D-8900F07BBA83}
[2011/05/22 08:56:37 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{5A5E2BCB-75C4-48F5-ACF9-CAAFE0C0DB59}
[2011/05/21 09:27:47 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{75DACF3D-FE30-49F3-A7FD-01E0AF2C6620}
[2011/05/20 17:57:10 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\PhotoScape
[2011/05/20 17:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
[2011/05/20 14:33:17 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{47CA2DB1-287B-4F8D-90EE-834D3EC0A8D5}
[2011/05/19 22:29:29 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{6FC39032-4416-4ADE-8832-EB8FB79F4030}
[2011/05/19 08:17:45 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{0D76E411-2E09-4C06-BE57-0A4543F2BAA1}
[2011/05/18 09:31:37 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{02F12435-AA79-4067-B962-1A886681D118}
[2011/05/17 20:35:01 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{E1A1DD95-4F79-4419-9FB1-32903F45ED9C}
[2011/05/16 13:06:05 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{D17D436B-3B47-4CED-BF7A-BA187F6F4F7A}
[2011/05/16 13:06:05 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{91E79AFD-4D95-4E91-8E29-72C1B266F9CB}
[2011/05/15 20:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokemon Online
[2011/05/15 20:48:10 | 000,000,000 | ---D | C] -- C:\Users\Burcu\Pokemon Online
[2011/05/14 10:39:06 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{9346AE6D-161C-43D9-93CE-7BDCA1C7D2CC}
[2011/05/13 20:23:29 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{E2CAC261-EFD5-4172-A6A5-8E059E099238}
[2011/05/13 08:08:31 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{12BCA7DE-EE89-440F-AE20-6C6B812472D1}
[2011/05/12 18:08:41 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\picpick
[2011/05/12 13:01:22 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{03D6C9BE-0E7A-4AD4-AE8F-48805190770F}
[2011/05/11 21:26:45 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\WinRAR
[2011/05/11 21:26:45 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/11 21:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/11 21:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/05/11 21:24:38 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{E7D6D0B0-06CB-4051-85DC-0680E6A34DF6}
[2011/05/11 09:23:40 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{BAC5AD80-F214-4C44-A56C-1183A0C50BE2}
[2011/05/10 20:55:30 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{811C68D5-D5C0-450C-B8D5-93BEA6702487}
[2011/05/10 17:35:46 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\skypePM
[2011/05/10 17:35:20 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Skype
[2011/05/10 08:53:50 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{81D432E2-59BE-4E4D-920F-706BA973C4C7}
[2011/05/09 16:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2011/05/09 16:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2011/05/09 14:04:48 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\SoftGrid Client
[2011/05/09 14:04:44 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\SoftGrid Client
[2011/05/09 10:17:13 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\{F6CE127B-3DBC-4D68-8519-5E65C27486E4}
[2011/05/09 10:11:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/05/08 18:47:16 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/05/08 18:46:36 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\Deployment
[2011/05/08 18:46:36 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\Apps
[2011/05/08 18:39:53 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\Windows Live
[2011/05/08 11:22:59 | 000,000,000 | ---D | C] -- C:\Users\Burcu\Tracing
[2011/05/07 19:21:26 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\PokerStars
[2011/05/07 19:21:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars
[2011/05/07 11:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaAccount
[2011/05/07 11:00:31 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\Nokia
[2011/05/07 11:00:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2011/05/07 11:00:27 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\PC Suite
[2011/05/07 11:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2011/05/07 10:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2011/05/07 10:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/05/07 10:59:19 | 000,025,600 | ---- | C] (Nokia) -- C:\windows\SysNative\drivers\pccsmcfdx64.sys
[2011/05/07 10:59:18 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2011/05/07 10:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2011/05/07 10:58:56 | 000,057,856 | ---- | C] (Nokia) -- C:\windows\SysNative\nmwcdclsX64.dll
[2011/05/07 10:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2011/05/07 10:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2011/05/06 08:51:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3SPLITTER
[2011/05/06 08:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Splitter
[2011/05/06 08:49:51 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\GetRightToGo
[2011/05/06 08:12:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/05/05 18:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/05/05 18:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2011/05/05 18:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/05/05 18:45:50 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\TP
[2011/05/04 13:16:48 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Avira
[2011/05/04 09:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/05/04 09:31:01 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2011/05/04 09:31:01 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2011/05/04 09:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/05/04 09:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/05/03 18:50:41 | 000,000,000 | ---D | C] -- C:\Users\Burcu\Desktop\Neuer Ordner
[2011/05/03 18:45:26 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PicPick
[2011/05/03 18:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PicPick
[2011/05/03 18:15:14 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\gtk-2.0
[2011/05/03 18:15:11 | 000,000,000 | ---D | C] -- C:\Users\Burcu\.thumbnails
[2011/05/03 18:12:44 | 000,000,000 | ---D | C] -- C:\Users\Burcu\Documents\gegl-0.0
[2011/05/03 18:12:44 | 000,000,000 | ---D | C] -- C:\Users\Burcu\.gimp-2.6
[2011/05/03 18:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011/05/03 18:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2011/05/03 18:09:54 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\IrfanView
[2011/05/03 18:09:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2011/05/03 16:56:42 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\InstallShield
[2011/05/03 16:14:09 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\Google
[2011/05/03 16:12:03 | 000,000,000 | ---D | C] -- C:\Users\Burcu\Documents\Youcam
[2011/05/03 16:09:11 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Macromedia
[2011/05/03 16:09:09 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Adobe
[2011/05/03 16:08:03 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\Power2Go
[2011/05/03 16:07:34 | 000,000,000 | R--D | C] -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/05/03 16:07:34 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Searches
[2011/05/03 16:07:34 | 000,000,000 | R--D | C] -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/05/03 16:07:25 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Identities
[2011/05/03 16:07:21 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Contacts
[2011/05/03 16:05:46 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\VirtualStore
[2011/05/03 16:03:58 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2011/05/03 16:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\OberonGameConsole
[2011/05/03 16:02:26 | 000,000,000 | ---D | C] -- C:\Users\Burcu\Documents\My Pictures
[2011/05/03 15:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Pack
[2011/05/03 15:57:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media
[2011/05/03 15:57:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Game Pack
[2011/05/03 15:57:19 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\Adobe
[2011/05/03 15:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/05/03 15:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/05/03 15:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/05/03 15:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/03 15:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/05/03 15:56:48 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/05/03 15:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Vorlagen
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\AppData\Local\Verlauf
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\AppData\Local\Temporary Internet Files
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Startmenü
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\SendTo
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Recent
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Netzwerkumgebung
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Lokale Einstellungen
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Documents\Eigene Videos
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Documents\Eigene Musik
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Eigene Dateien
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Documents\Eigene Bilder
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Druckumgebung
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Cookies
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\AppData\Local\Anwendungsdaten
[2011/05/03 15:56:09 | 000,000,000 | -HSD | C] -- C:\Users\Burcu\Anwendungsdaten
[2011/05/03 15:56:08 | 000,000,000 | --SD | C] -- C:\Users\Burcu\AppData\Roaming\Microsoft
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Videos
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Saved Games
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Pictures
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Music
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Links
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Favorites
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Downloads
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Documents
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\Desktop
[2011/05/03 15:56:08 | 000,000,000 | R--D | C] -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/05/03 15:56:08 | 000,000,000 | -H-D | C] -- C:\Users\Burcu\AppData
[2011/05/03 15:56:08 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\Temp
[2011/05/03 15:56:08 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Local\Microsoft
[2011/05/03 15:56:08 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Media Center Programs
[2011/05/03 15:56:08 | 000,000,000 | ---D | C] -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
[2011/05/03 15:53:59 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2011/05/24 21:06:56 | 000,011,448 | -HS- | M] () -- C:\Users\Burcu\AppData\Local\m6nm8l04a0467wlw85784my6158l8irl783u13ni
[2011/05/24 20:58:40 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Burcu\Desktop\OTL.exe
[2011/05/24 20:51:03 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1125036280-3562319748-3601731155-1001UA.job
[2011/05/24 20:11:42 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/24 20:11:42 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/24 20:08:29 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Burcu\Desktop\HiJackThis204.exe
[2011/05/24 20:02:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/05/24 20:02:23 | 4148,744,192 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/24 19:41:47 | 000,011,448 | -HS- | M] () -- C:\ProgramData\m6nm8l04a0467wlw85784my6158l8irl783u13ni
[2011/05/24 19:20:27 | 001,311,236 | ---- | M] () -- C:\windows\SysNative\drivers\Cat.DB
[2011/05/24 19:20:03 | 000,002,064 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/05/24 19:14:01 | 000,512,992 | ---- | M] () -- C:\Users\Burcu\Desktop\sdasetup_revwire207.exe
[2011/05/24 18:51:00 | 000,001,068 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1125036280-3562319748-3601731155-1001Core.job
[2011/05/24 18:39:08 | 000,339,968 | -HS- | M] () -- C:\Users\Burcu\AppData\Local\ikx.exe
[2011/05/24 18:39:07 | 000,339,968 | -HS- | M] () -- C:\Users\Burcu\AppData\Local\byq.exe
[2011/05/20 21:19:14 | 000,026,486 | ---- | M] () -- C:\Users\Burcu\.recently-used.xbel
[2011/05/15 21:52:10 | 000,002,401 | ---- | M] () -- C:\Users\Burcu\Desktop\Google Chrome.lnk
[2011/05/11 22:03:19 | 001,513,694 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/05/11 22:03:19 | 000,659,448 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2011/05/11 22:03:19 | 000,620,594 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/05/11 22:03:19 | 000,132,728 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2011/05/11 22:03:19 | 000,108,518 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/05/10 17:35:46 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011/05/09 10:11:17 | 001,540,624 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/08 22:40:46 | 000,002,534 | ---- | M] () -- C:\Users\Burcu\Desktop\Windows Live Messenger.lnk
[2011/05/08 20:52:49 | 000,012,526 | ---- | M] () -- C:\Users\Burcu\Desktop\Burcu.lnk
[2011/05/07 11:03:30 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/05/07 11:03:24 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2011/05/04 13:04:38 | 000,276,976 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/05/04 09:31:03 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/03 16:08:18 | 000,001,172 | ---- | M] () -- C:\Users\Burcu\Desktop\CyberLink DVD Suite.lnk
[2011/05/03 16:08:14 | 000,001,121 | ---- | M] () -- C:\Users\Burcu\Desktop\CyberLink YouCam.lnk
[2011/05/03 16:02:45 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\Game Pack.lnk
[2011/05/03 16:02:45 | 000,000,033 | ---- | M] () -- C:\windows\0
[2011/05/03 15:57:09 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/05/03 15:56:49 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/03 15:56:32 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_R530_04KQ.mrk
[2011/05/03 14:52:40 | 000,052,870 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2011/05/03 14:52:40 | 000,052,870 | ---- | M] () -- C:\windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2011/05/24 19:20:07 | 001,311,236 | ---- | C] () -- C:\windows\SysNative\drivers\Cat.DB
[2011/05/24 19:20:03 | 000,002,064 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/05/24 19:14:02 | 000,512,992 | ---- | C] () -- C:\Users\Burcu\Desktop\sdasetup_revwire207.exe
[2011/05/24 18:39:13 | 000,011,448 | -HS- | C] () -- C:\ProgramData\m6nm8l04a0467wlw85784my6158l8irl783u13ni
[2011/05/24 18:39:13 | 000,011,444 | -HS- | C] () -- C:\Users\Burcu\AppData\Local\m6nm8l04a0467wlw85784my6158l8irl783u13ni
[2011/05/24 18:39:08 | 000,339,968 | -HS- | C] () -- C:\Users\Burcu\AppData\Local\ikx.exe
[2011/05/24 18:39:07 | 000,339,968 | -HS- | C] () -- C:\Users\Burcu\AppData\Local\byq.exe
[2011/05/20 21:19:14 | 000,026,486 | ---- | C] () -- C:\Users\Burcu\.recently-used.xbel
[2011/05/10 17:35:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/08 20:52:49 | 000,012,526 | ---- | C] () -- C:\Users\Burcu\Desktop\Burcu.lnk
[2011/05/08 18:47:17 | 000,002,401 | ---- | C] () -- C:\Users\Burcu\Desktop\Google Chrome.lnk
[2011/05/08 18:46:59 | 000,001,120 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1125036280-3562319748-3601731155-1001UA.job
[2011/05/08 18:46:59 | 000,001,068 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1125036280-3562319748-3601731155-1001Core.job
[2011/05/07 11:03:30 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/05/07 11:03:24 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2011/05/05 18:46:28 | 001,540,624 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/04 09:31:03 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/05/03 16:07:50 | 000,001,409 | ---- | C] () -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/05/03 16:07:44 | 000,001,443 | ---- | C] () -- C:\Users\Burcu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/03 16:03:58 | 000,001,121 | ---- | C] () -- C:\Users\Burcu\Desktop\CyberLink YouCam.lnk
[2011/05/03 16:02:45 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\Game Pack.lnk
[2011/05/03 16:02:45 | 000,000,033 | ---- | C] () -- C:\windows\0
[2011/05/03 15:57:45 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011/05/03 15:57:09 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/05/03 15:57:09 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/05/03 15:56:49 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/03 15:56:32 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_R530_04KQ.mrk
[2011/05/03 15:56:08 | 000,001,172 | ---- | C] () -- C:\Users\Burcu\Desktop\CyberLink DVD Suite.lnk
[2010/10/25 09:59:18 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/10/25 08:55:15 | 000,001,238 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/10/25 08:27:26 | 000,311,296 | ---- | C] () -- C:\windows\SysWow64\Rezip.exe
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 23:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 23:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 23:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2006/10/08 19:33:54 | 000,000,000 | ---- | C] () -- C:\windows\R-series.ini

========== LOP Check ==========

[2011/05/06 08:50:22 | 000,000,000 | ---D | M] -- C:\Users\Burcu\AppData\Roaming\GetRightToGo
[2011/05/20 21:19:09 | 000,000,000 | ---D | M] -- C:\Users\Burcu\AppData\Roaming\gtk-2.0
[2011/05/03 18:09:54 | 000,000,000 | ---D | M] -- C:\Users\Burcu\AppData\Roaming\IrfanView
[2011/05/07 11:05:21 | 000,000,000 | ---D | M] -- C:\Users\Burcu\AppData\Roaming\PC Suite
[2011/05/21 21:14:09 | 000,000,000 | ---D | M] -- C:\Users\Burcu\AppData\Roaming\PhotoScape
[2011/05/12 18:08:41 | 000,000,000 | ---D | M] -- C:\Users\Burcu\AppData\Roaming\picpick
[2011/05/24 20:01:17 | 000,000,000 | ---D | M] -- C:\Users\Burcu\AppData\Roaming\SoftGrid Client
[2011/05/09 14:04:55 | 000,000,000 | ---D | M] -- C:\Users\Burcu\AppData\Roaming\TP
[2011/05/16 20:51:53 | 000,019,270 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TempFC5A2B2
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:268F887D

< End of report >
[/SPOILER]

Alt 25.05.2011, 12:16   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gefälschter Virus attackiert meinen PC! - Standard

Gefälschter Virus attackiert meinen PC!


Zitat:
,downloadete ich den Adobe Flash player 10.
Von welcher Seite (Quelle)?

Malwarebytes hast du schon ausgeführt? Wenn ja, wo sind die Logs?
__________________

__________________
Antwort

Themen zu Gefälschter Virus attackiert meinen PC!
64-bit, alternate, antivirus, autorun, avira, bho, entfernen, error, firefox, flash player, format, google, helper, hijack, hijackthis, home, installation, internet, logfile, mozilla, oldtimer, programm, realtek, registry, security, spyware, start menu, syswow64, virus, webcheck, windows


« Win 7 Recovery Fake - Wieso keine Antwort? | C:\Windows\system32\ezShellStart.exe »


Ähnliche Themen: Gefälschter Virus attackiert meinen PC!


  1. Upgrade auf Windows 10: Vorsicht vor gefälschter E-Mail
    Nachrichten - 03.08.2015 (0)
  2. Windows 7: Trojaner nach gefälschter Bank-Mail
    Log-Analyse und Auswertung - 06.09.2014 (17)
  3. Verschlüsselungstrojaner attackiert Synology-Speichersysteme
    Nachrichten - 04.08.2014 (0)
  4. Website attackiert mit trojan:js/redirector.nf
    Plagegeister aller Art und deren Bekämpfung - 30.01.2014 (1)
  5. Tojaner/keylogger in gefälschter AMAZON-E-Mail?
    Log-Analyse und Auswertung - 18.04.2013 (1)
  6. Anonymous attackiert Online-Angebote Nordkoreas
    Nachrichten - 05.04.2013 (0)
  7. 100,- € zahlen wegen gefälschter lizens (ukash)
    Log-Analyse und Auswertung - 05.03.2012 (17)
  8. Gefälschter BKA-Trojaner - wo nistet er sich ein?
    Plagegeister aller Art und deren Bekämpfung - 03.04.2011 (5)
  9. Botnet attackiert Weblogs vietnamesischer Dissidenten
    Nachrichten - 01.04.2010 (0)
  10. Trojaner attackiert mich
    Plagegeister aller Art und deren Bekämpfung - 22.01.2010 (0)
  11. svchost.exe von IP 192.168.1.106 attackiert??
    Plagegeister aller Art und deren Bekämpfung - 26.07.2009 (1)
  12. Metasploit-Tool attackiert Oracle-Lücken
    Nachrichten - 23.07.2009 (0)
  13. Gefälschter Free Download Manager?
    Plagegeister aller Art und deren Bekämpfung - 07.05.2009 (1)
  14. Hilfe werde ich attackiert?
    Plagegeister aller Art und deren Bekämpfung - 22.01.2009 (7)
  15. "mailer return": gefälschter Absender oder Virus?
    Überwachung, Datenschutz und Spam - 20.08.2007 (2)
  16. ständig von Trojaner attackiert
    Plagegeister aller Art und deren Bekämpfung - 01.05.2007 (3)
  17. wwBars.5 attackiert WMP
    Plagegeister aller Art und deren Bekämpfung - 25.07.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Gefälschter Virus attackiert meinen PC! - "Als ich gestern mit meinem Goolge Chrome im Internet unterwegs war,downloadete ich den Adobe Flash player 10. In der Folge poppten Fenster von angeblicher Antiviren-Software auf [WIN7 Internet Security], die - Gefälschter Virus attackiert meinen PC!...
Archiv
Du betrachtest: Gefälschter Virus attackiert meinen PC! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131