Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows Sicherheitscenter Dienst und merkwürdige Redirects

Windows Sicherheitscenter Dienst und merkwürdige Redirects


Log-Analyse und Auswertung: Windows Sicherheitscenter Dienst und merkwürdige Redirects

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 13.12.2012, 19:24   #1
JohnD
 
Windows Sicherheitscenter Dienst und merkwürdige Redirects - Standard

Windows Sicherheitscenter Dienst und merkwürdige Redirects


Vielen Dank für deine Hilfe.

OTR Log:

Code:
ATTFilter
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: hendrik
->Temp folder emptied: 247728 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 1188 bytes
 
User: meike
->Temp folder emptied: 2074045579 bytes
->Temporary Internet Files folder emptied: 141300424 bytes
->FireFox cache emptied: 427811645 bytes
->Flash cache emptied: 70845 bytes
 
User: piet
->Temp folder emptied: 1125757 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 128852415 bytes
->Flash cache emptied: 16201 bytes
 
User: Public
 
User: reymann
->Temp folder emptied: 51336 bytes
->Temporary Internet Files folder emptied: 36617530 bytes
->FireFox cache emptied: 16026123 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 94541360 bytes
RecycleBin emptied: 10486941 bytes
 
Total Files Cleaned = 2.796,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12132012_190428

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
adwcleaner.exe will nichts bestätigt haben, startet einmal neu und erstellt kein log file.


Neue otl.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.12.2012 19:22:59 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\meike\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,37 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 64,64% Memory free
6,73 Gb Paging File | 5,46 Gb Available in Paging File | 81,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,14 Gb Total Space | 87,33 Gb Free Space | 73,29% Space Free | Partition Type: NTFS
 
Computer Name: CAD11WINDOWS7 | User Name: meike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.12 18:51:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\meike\Downloads\OTL.exe
PRC - [2012.12.05 16:23:58 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.21 19:00:02 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.16 15:37:24 | 006,849,448 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer.exe
PRC - [2012.07.16 15:37:24 | 002,677,160 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.07.16 15:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\tv_w32.exe
PRC - [2011.04.01 08:36:52 | 001,218,048 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPrintWebAPIShell.exe
PRC - [2011.04.01 08:36:52 | 000,130,560 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HeleniProxyUI.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.02 13:08:16 | 000,018,656 | ---- | M] () -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.05 16:23:36 | 002,397,152 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.11.19 08:53:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.19 08:52:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.19 08:52:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.11.19 08:52:40 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.19 08:52:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.19 08:52:35 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.01.10 20:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011.04.25 15:37:36 | 000,518,656 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP ePrintAndShare\InstantPrinting\pompeius.dll
MOD - [2011.04.01 08:36:52 | 001,218,048 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HPrintWebAPIShell.exe
MOD - [2011.03.31 14:57:32 | 000,059,904 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP ePrintAndShare\InstantPrinting\zlib1.dll
MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.12 11:11:05 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.05 16:23:58 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.16 15:37:24 | 002,677,160 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.06.11 18:59:04 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.02.02 13:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.11.20 22:29:12 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.11.27 10:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.22 15:51:13 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.11.22 15:50:51 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.07.25 09:35:11 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2012.07.25 09:31:17 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.09.17 18:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.07.14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2006.11.22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3305020379-978273152-1308697997-1024\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3305020379-978273152-1308697997-1024\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-3305020379-978273152-1308697997-1024\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-3305020379-978273152-1308697997-1024\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 04 00 FD 02 30 00 00 00 92 B0 1E 1E 00 00 00 80 06 00 FD 02 31 36 38 2E 94 B0 1E 1E 00 00 00 80 08 00 FD 02 32 35 35 2E 96 B0 1E 1E 32 35 00 80 0A 00 FD 02 00 00 00 00  [binary data]
IE - HKU\S-1-5-21-3305020379-978273152-1308697997-1024\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-21-3305020379-978273152-1308697997-1024\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3305020379-978273152-1308697997-1024\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3305020379-978273152-1308697997-1024\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3305020379-978273152-1308697997-1024\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3305020379-978273152-1308697997-1024\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKU\S-1-5-21-3305020379-978273152-1308697997-1024\..\SearchScopes\{703244CB-2D1F-45B3-A6B7-489A63696642}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3305020379-978273152-1308697997-1024\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.05 16:23:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.06 10:30:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.05 16:23:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.06 10:30:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012.06.11 18:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\meike\AppData\Roaming\mozilla\Extensions
[2012.12.07 17:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\meike\AppData\Roaming\mozilla\Firefox\Profiles\5hdf0q1s.default\extensions
[2012.12.05 16:23:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.05 16:23:59 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.25 10:42:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.25 10:42:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.25 10:42:36 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.25 10:42:36 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.25 10:42:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.25 10:42:36 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Heleni Uploader] C:\Programme\Hewlett-Packard\HP ePrintAndShare\ProxyUploader\HeleniProxyUI.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\piet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E292461-0946-43CD-9439-75570F71787C}: NameServer = 192.168.1.1,192.168.1.10
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.13 18:38:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.12 19:23:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012.12.12 18:52:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.12 18:43:04 | 000,000,000 | ---D | C] -- C:\Users\meike\AppData\Roaming\Avira
[2012.12.12 18:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.12.12 18:40:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.12.12 18:40:02 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.12.12 18:40:02 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.12.12 18:40:02 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.12.12 18:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.12.12 18:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.12.12 18:13:53 | 000,000,000 | ---D | C] -- C:\Users\meike\AppData\Roaming\QuickScan
[2012.12.12 18:06:18 | 000,000,000 | ---D | C] -- C:\Users\meike\AppData\Roaming\Malwarebytes
[2012.12.12 18:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.06 10:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012.12.05 16:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.11.29 09:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012.11.29 09:51:23 | 000,000,000 | ---D | C] -- C:\Users\meike\AppData\Local\Google
[2012.11.29 09:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Google
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.13 19:22:22 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.13 19:22:22 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.13 19:22:22 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.13 19:22:22 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.13 19:18:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.13 19:17:52 | 2711,212,032 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.13 19:17:25 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.13 19:17:25 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.13 19:12:14 | 000,545,819 | ---- | M] () -- C:\Users\meike\Desktop\adwcleaner.exe
[2012.12.13 19:09:18 | 000,000,446 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.12.13 19:01:54 | 000,568,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.13 17:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.12 18:40:04 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.12.12 18:26:00 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.12.12 15:27:38 | 000,085,422 | ---- | M] () -- C:\Users\meike\Documents\Gartenplan-Model.dwf
[2012.12.11 14:48:18 | 000,000,208 | -H-- | M] () -- C:\Users\meike\Documents\Zeichnung1.dwl2
[2012.12.11 14:48:18 | 000,000,058 | -H-- | M] () -- C:\Users\meike\Documents\Zeichnung1.dwl
[2012.11.29 09:51:27 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.11.27 10:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.11.22 15:51:13 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.11.22 15:50:51 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.11.15 14:53:27 | 004,084,404 | ---- | M] () -- C:\Users\meike\B&B-ITALIA_FLAT.C_1544_L0_F113_Flat_C_tec.pdf
 
========== Files Created - No Company Name ==========
 
[2012.12.13 19:12:14 | 000,545,819 | ---- | C] () -- C:\Users\meike\Desktop\adwcleaner.exe
[2012.12.12 18:40:04 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.12.12 15:27:36 | 000,085,422 | ---- | C] () -- C:\Users\meike\Documents\Gartenplan-Model.dwf
[2012.11.29 09:51:27 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.11.16 17:30:24 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 17:30:11 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.15 14:53:09 | 004,084,404 | ---- | C] () -- C:\Users\meike\B&B-ITALIA_FLAT.C_1544_L0_F113_Flat_C_tec.pdf
[2012.07.25 09:17:38 | 000,000,600 | ---- | C] () -- C:\Users\meike\AppData\Local\PUTTY.RND
[2012.06.11 19:32:26 | 000,000,332 | ---- | C] () -- C:\Windows\STLKDLL32.INI
[2012.06.11 19:32:26 | 000,000,297 | ---- | C] () -- C:\Windows\STLBDLL32.INI
[2012.06.11 19:26:52 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2012.06.11 19:26:52 | 000,028,672 | ---- | C] () -- C:\Windows\System32\hlduinst.exe
[2012.06.11 19:26:52 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2012.06.11 18:59:06 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.06.11 18:55:51 | 000,000,592 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2012.06.11 18:41:34 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.06.11 18:31:11 | 000,000,446 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.01.10 21:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012.01.10 21:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012.01.10 21:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012.01.10 20:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.01.10 20:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.01.10 20:12:34 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.01.10 20:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.04.12 02:30:05 | 000,696,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 02:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 02:30:05 | 000,147,916 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 02:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.05.05 13:38:08 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Autodesk
[2012.05.05 13:38:08 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\IrfanView
[2012.05.05 13:38:08 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Thunderbird
[2012.09.04 08:02:46 | 000,000,000 | ---D | M] -- C:\Users\hendrik\AppData\Roaming\Autodesk
[2012.09.03 14:42:41 | 000,000,000 | ---D | M] -- C:\Users\hendrik\AppData\Roaming\CIP
[2012.09.20 15:33:49 | 000,000,000 | ---D | M] -- C:\Users\hendrik\AppData\Roaming\PDF Writer
[2012.08.30 11:38:54 | 000,000,000 | ---D | M] -- C:\Users\hendrik\AppData\Roaming\Thunderbird
[2012.06.12 08:11:58 | 000,000,000 | ---D | M] -- C:\Users\meike\AppData\Roaming\Autodesk
[2012.06.11 19:40:31 | 000,000,000 | ---D | M] -- C:\Users\meike\AppData\Roaming\CIP
[2012.06.12 15:44:25 | 000,000,000 | ---D | M] -- C:\Users\meike\AppData\Roaming\PDF Writer
[2012.12.12 18:13:54 | 000,000,000 | ---D | M] -- C:\Users\meike\AppData\Roaming\QuickScan
[2012.06.11 18:48:09 | 000,000,000 | ---D | M] -- C:\Users\meike\AppData\Roaming\Thunderbird
[2012.04.20 18:59:21 | 000,000,000 | ---D | M] -- C:\Users\piet\AppData\Roaming\Autodesk
[2011.02.27 18:08:04 | 000,000,000 | ---D | M] -- C:\Users\piet\AppData\Roaming\Bullzip
[2011.02.27 18:08:04 | 000,000,000 | ---D | M] -- C:\Users\piet\AppData\Roaming\CIP
[2012.09.20 09:13:50 | 000,000,000 | ---D | M] -- C:\Users\piet\AppData\Roaming\Dropbox
[2011.02.27 18:08:11 | 000,000,000 | ---D | M] -- C:\Users\piet\AppData\Roaming\IrfanView
[2011.02.27 18:08:11 | 000,000,000 | ---D | M] -- C:\Users\piet\AppData\Roaming\Kummert Inspektionssysteme
[2012.04.23 11:11:06 | 000,000,000 | ---D | M] -- C:\Users\piet\AppData\Roaming\PDF Writer
[2011.02.27 18:08:34 | 000,000,000 | ---D | M] -- C:\Users\piet\AppData\Roaming\TeamViewer
[2011.02.27 18:08:35 | 000,000,000 | ---D | M] -- C:\Users\piet\AppData\Roaming\Thunderbird
[2012.08.24 12:47:45 | 000,000,000 | ---D | M] -- C:\Users\piet\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

[/code]

Nochmal danke !

Antwort

Themen zu Windows Sicherheitscenter Dienst und merkwürdige Redirects
32 bit, adobe, antivir, autorun, avg, bho, defender, desktop, excel, explorer, firefox, flash player, format, gerätetreiber, helper, install.exe, logfile, mozilla, msiexec.exe, opera, programme, redirect ihavenet sicherheitscenter, registry, scan, security, seiten, software, starten, surfen, windows


« Ucash entfernen | Möglicherweise Rootkit - GMER Logfile Analyse »


Ähnliche Themen: Windows Sicherheitscenter Dienst und merkwürdige Redirects


  1. Google-Redirect und Sicherheitscenter-Dienst deaktiviert
    Log-Analyse und Auswertung - 25.11.2017 (12)
  2. der angegeben dienst ist kein installierter dienst
    Plagegeister aller Art und deren Bekämpfung - 14.11.2015 (11)
  3. Kunden PC Virus *Der angegebene Dienst ist kein Installierter Dienst*
    Plagegeister aller Art und deren Bekämpfung - 11.03.2015 (16)
  4. Windows 7 Home Premium: Merkwürdige Scans und Windows Fehlerbehebung
    Log-Analyse und Auswertung - 14.01.2015 (11)
  5. Probleme mit Bonjour Dienst, Dienst nicht verfügbar
    Diskussionsforum - 29.11.2014 (2)
  6. Windows 8.1: Seltsame Browser Redirects und Popups
    Log-Analyse und Auswertung - 08.05.2014 (12)
  7. Windows 7: Browser-Redirects zu fragwurdigen "Java Plugin Updates"
    Log-Analyse und Auswertung - 04.03.2014 (17)
  8. [Meldung im Wartecenter] 'Dienst "Windows-Sicherheitscenter" aktivieren (Wichtig)'
    Plagegeister aller Art und deren Bekämpfung - 10.11.2013 (1)
  9. Sicherheitscenter dienst nach Infektion weg. Bin am Ende mit meinem Latein
    Plagegeister aller Art und deren Bekämpfung - 28.07.2013 (11)
  10. Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten
    Log-Analyse und Auswertung - 08.05.2013 (7)
  11. Der angegebene Dienst ist kein installierter Dienst.
    Plagegeister aller Art und deren Bekämpfung - 07.03.2013 (29)
  12. Google-Redirect und Sicherheitscenter-Dienst deaktiviert
    Log-Analyse und Auswertung - 01.03.2012 (21)
  13. Dienst "Windows-Sicherheitscenter" lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 21.06.2011 (21)
  14. Goggle Redirects unter Firefox & Windows Sicherheitscenter kann nicht gestartet werden
    Log-Analyse und Auswertung - 19.04.2011 (16)
  15. Merkwürdige Sicherheitscenter-Meldungen, verschicke ungewollt Spammails, ...
    Antiviren-, Firewall- und andere Schutzprogramme - 14.02.2011 (13)
  16. Dienst "Sicherheitscenter" lässt sich nicht starten - Googleumleitungen - Trojaner on Board ?
    Log-Analyse und Auswertung - 10.02.2011 (25)
  17. Sicherheitscenter /Dienst unter Windows XP nicht verfügbar!
    Antiviren-, Firewall- und andere Schutzprogramme - 24.10.2006 (30)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows Sicherheitscenter Dienst und merkwürdige Redirects - Vielen Dank für deine Hilfe. OTR Log: Code: Alles auswählen Aufklappen ATTFilter User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: - Windows Sicherheitscenter Dienst und merkwürdige Redirects...
Archiv
Du betrachtest: Windows Sicherheitscenter Dienst und merkwürdige Redirects auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131