Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner Problem: TR/Daonol.B.6 (https://www.trojaner-board.de/68472-trojaner-problem-tr-daonol-b-6-a.html)

RipmaV 12.01.2009 16:37
Trojaner Problem: TR/Daonol.B.6
 
Hey Leute, leider bin ichs nochmal mit einem Problem.
Und zwar hab ich heut den Virenscanner nochmals angeschmissen und er meldet mir folgendes:
Die Datei 'C:\WINDOWS\system32\wdmaud.sys.vir'
enthielt einen Virus oder unerwünschtes Programm 'TR/Daonol.B.6' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.

Die Datei ist zwar weg aber ich traue dem Frieden nicht. Daher bitte ich drum dass sich jemand mein hijackthis-log anguckt und evt. vorschläge macht wie ich diesen störenfried loswerde der mich nu schon seit letzter woche quält.
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:36, on 12.01.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Programme\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Sandboxie\SbieCtrl.exe
C:\Programme\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programme\AntiVir PersonalEdition Classic\avcenter.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - Default URLSearchHook is missing
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Programme\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.6.0_06) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: PRTG Service (PRTGService) - Unknown owner - C:\Programme\PRTG Traffic Grapher\PRTG Traffic Grapher.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programme\Sandboxie\SbieSvc.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe

--
End of file - 7748 bytes
Code:
File wdmaud.sys.vir received on 01.12.2009 16:30:17 (CET)
Antivirus        Version        Last Update        Result
a-squared        4.0.0.73        2009.01.12        -
AhnLab-V3        2009.1.10.0        2009.01.12        Win-Trojan/Daonol.16896
AntiVir        7.9.0.54        2009.01.12        TR/Daonol.B.6
Authentium        5.1.0.4        2009.01.10        -
Avast        4.8.1281.0        2009.01.12        Win32:Daonol
AVG        8.0.0.229        2009.01.12        -
BitDefender        7.2        2009.01.12        Trojan.Agent.ALTA
CAT-QuickHeal        10.00        2009.01.12        -
ClamAV        0.94.1        2009.01.12        -
Comodo        919        2009.01.12        -
DrWeb        4.44.0.09170        2009.01.12        -
eSafe        7.0.17.0        2009.01.12        -
eTrust-Vet        31.6.6304        2009.01.12        -
F-Prot        4.4.4.56        2009.01.12        -
F-Secure        8.0.14470.0        2009.01.12        -
Fortinet        3.117.0.0        2009.01.11        -
GData        19        2009.01.12        Trojan.Agent.ALTA
Ikarus        T3.1.1.45.0        2009.01.12        -
K7AntiVirus        7.10.584        2009.01.09        -
Kaspersky        7.0.0.125        2009.01.12        -
McAfee        5492        2009.01.11        -
McAfee+Artemis        5492        2009.01.11        -
Microsoft        1.4205        2009.01.12        Trojan:Win32/Daonol.B
NOD32        3759        2009.01.12        Win32/Delf.NWJ
Norman        5.93.01        2009.01.12        W32/DLoader.MDLX
Panda        9.4.3.3        2009.01.11        -
PCTools        4.4.2.0        2009.01.12        -
Prevx1        V2        2009.01.12        Malicious Software
Rising        21.12.02.00        2009.01.12        -
SecureWeb-Gateway        6.7.6        2009.01.12        Trojan.Daonol.B.6
Sophos        4.37.0        2009.01.12        -
Sunbelt        3.2.1831.2        2009.01.09        -
Symantec        10        2009.01.12        Downloader
TheHacker        6.3.1.4.218        2009.01.11        -
TrendMicro        8.700.0.1004        2009.01.12        -
VBA32        3.12.8.10        2009.01.12        Win32.Delf.NWJ
ViRobot        2009.1.12.1554        2009.01.12        -
VirusBuster        4.5.11.0        2009.01.12        -
Additional information
File size: 16896 bytes
MD5...: fc62fe02a856d606108eef88086b94c6
SHA1..: 06443e43be3e8c98fe8963aa27b6e4fd31c07c21
SHA256: ae756f8b3d8c346a0cd5daf7ffe3fc84a4d96ad9682588cae634f9b3f258f739
SHA512: 7f008e5f0bd49fb5dd6134b5d7877d5996e67fdd36f7090f04ac24d884bb69db<br>6d0dbecf2a476196d4cb278ee372f8575d6a6eb0f79ad92a241c42cc5b651454<br>
ssdeep: 384:WAFuCLoUbpaiAvcR/hB3SAP0jdjBafHe8EAHE:W7+oQkXUN3SAP0J8ZE<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (58.3%)<br>Win16/32 Executable Delphi generic (14.1%)<br>Generic Win/DOS Executable (13.7%)<br>DOS Executable Generic (13.6%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x404010<br>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>CODE 0x1000 0x3030 0x3200 6.45 e9efd365431dd8650b8f8cb40899ccce<br>DATA 0x5000 0x1d0 0x200 4.42 3411a59b785ce49cc6e9dd5b3e7f5877<br>BSS 0x6000 0xd2f5 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.idata 0x14000 0x33c 0x400 3.90 6cb0182cc59f08a3fb7686e45a5d8b9e<br>.reloc 0x15000 0x22c 0x400 4.14 59ab30a1046d6e21f6a112720f9c57d7<br>.rsrc 0x16000 0x18c 0x200 2.55 43c2c0b7d14f56167fb724b791d45637<br><br>( 3 imports ) <br>&gt; kernel32.dll: GetCurrentThreadId, ExitProcess, UnhandledExceptionFilter, RtlUnwind, RaiseException, TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc, FreeLibrary, GetProcessHeap<br>&gt; kernel32.dll: VirtualFree, VirtualAlloc, Sleep, ReadFile, LoadLibraryA, HeapFree, HeapAlloc, GetTickCount, GetProcessHeap, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLastError, GetFileSize, GetComputerNameA, FindAtomA, ExitProcess, CreateThread, CreateMutexA, CreateFileA, CloseHandle, AddAtomA<br>&gt; wsock32.dll: WSAGetLastError<br><br>( 0 exports ) <br>
Prevx info: &lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=C711363E000124B142EC009F6558880038B21F64' target='_blank'&gt;http://info.prevx.com/aboutprogramtext.asp?PX5=C711363E000124B142EC009F6558880038B21F64&lt;/a&gt;

Antivirus        Version        Last Update        Result
AhnLab-V3        2009.1.10.0        2009.01.12        Win-Trojan/Daonol.16896
AntiVir        7.9.0.54        2009.01.12        TR/Daonol.B.6
Avast        4.8.1281.0        2009.01.12        Win32:Daonol
BitDefender        7.2        2009.01.12        Trojan.Agent.ALTA
GData        19        2009.01.12        Trojan.Agent.ALTA
Microsoft        1.4205        2009.01.12        Trojan:Win32/Daonol.B
NOD32        3759        2009.01.12        Win32/Delf.NWJ
Norman        5.93.01        2009.01.12        W32/DLoader.MDLX
Prevx1        V2        2009.01.12        Malicious Software
SecureWeb-Gateway        6.7.6        2009.01.12        Trojan.Daonol.B.6
Symantec        10        2009.01.12        Downloader
VBA32        3.12.8.10        2009.01.12        Win32.Delf.NWJ

Additional information
File size: 16896 bytes
MD5...: fc62fe02a856d606108eef88086b94c6
SHA1..: 06443e43be3e8c98fe8963aa27b6e4fd31c07c21
SHA256: ae756f8b3d8c346a0cd5daf7ffe3fc84a4d96ad9682588cae634f9b3f258f739
SHA512: 7f008e5f0bd49fb5dd6134b5d7877d5996e67fdd36f7090f04ac24d884bb69db<br>6d0dbecf2a476196d4cb278ee372f8575d6a6eb0f79ad92a241c42cc5b651454<br>
ssdeep: 384:WAFuCLoUbpaiAvcR/hB3SAP0jdjBafHe8EAHE:W7+oQkXUN3SAP0J8ZE<br>
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (58.3%)<br>Win16/32 Executable Delphi generic (14.1%)<br>Generic Win/DOS Executable (13.7%)<br>DOS Executable Generic (13.6%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x404010<br>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<br>machinetype.......: 0x14c (I386)<br><br>( 6 sections )<br>name        viradd    virsiz  rawdsiz  ntrpy  md5<br>CODE        0x1000    0x3030    0x3200  6.45  e9efd365431dd8650b8f8cb40899ccce<br>DATA        0x5000    0x1d0    0x200  4.42  3411a59b785ce49cc6e9dd5b3e7f5877<br>BSS        0x6000    0xd2f5      0x0  0.00  d41d8cd98f00b204e9800998ecf8427e<br>.idata    0x14000    0x33c    0x400  3.90  6cb0182cc59f08a3fb7686e45a5d8b9e<br>.reloc    0x15000    0x22c    0x400  4.14  59ab30a1046d6e21f6a112720f9c57d7<br>.rsrc      0x16000    0x18c    0x200  2.55  43c2c0b7d14f56167fb724b791d45637<br><br>( 3 imports )  <br>&gt; kernel32.dll: GetCurrentThreadId, ExitProcess, UnhandledExceptionFilter, RtlUnwind, RaiseException, TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc, FreeLibrary, GetProcessHeap<br>&gt; kernel32.dll: VirtualFree, VirtualAlloc, Sleep, ReadFile, LoadLibraryA, HeapFree, HeapAlloc, GetTickCount, GetProcessHeap, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLastError, GetFileSize, GetComputerNameA, FindAtomA, ExitProcess, CreateThread, CreateMutexA, CreateFileA, CloseHandle, AddAtomA<br>&gt; wsock32.dll: WSAGetLastError<br><br>( 0 exports ) <br>
Prevx info: &lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=C711363E000124B142EC009F6558880038B21F64' target='_blank'&gt;http://info.prevx.com/aboutprogramtext.asp?PX5=C711363E000124B142EC009F6558880038B21F64&lt;/a&gt;


Danke schonmal!

RipmaV 13.01.2009 10:29
push to top

RipmaV 13.01.2009 12:52
So hab mal GMER durchlaufen lassen und die einträge die es gefunden hatPoste ich mal hier, vllt hilft dass ja noch zusätzlich.
Hier das GMER Log:
Code:
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-12 17:05:11
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT  F7B5CCCC                                  ZwCreateThread
SSDT  F7B5CCB8                                  ZwOpenProcess
SSDT  F7B5CCBD                                  ZwOpenThread
SSDT  F7B5CCC7                                  ZwTerminateProcess
SSDT  F7B5CCC2                                  ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

.text  win32k.sys!EngAcquireSemaphore + 2642    BF808936 5 Bytes  JMP 85BE64D0
.text  win32k.sys!EngFreeUserMem + 5502          BF80EDED 5 Bytes  JMP 85BE6430
.text  win32k.sys!EngCreateBitmap + D973        BF8457BB 5 Bytes  JMP 85BE6610
.text  win32k.sys!EngMultiByteToWideChar + 2F22  BF852729 5 Bytes  JMP 85BE6750
.text  win32k.sys!EngStretchBlt + CCB6          BF86C8A2 5 Bytes  JMP 85BE6570
.text  win32k.sys!FONTOBJ_pxoGetXform + 1032F    BF8C3127 5 Bytes  JMP 85BE66B0
.text  win32k.sys!EngFillPath + 3B8D            BF8F0327 5 Bytes  JMP 85BE67F0

---- EOF - GMER 1.0.14 ----
Bis jetzt kammen keine Fehlermeldungen, Virenmeldungen oder ähnliches wieder.

Hoffe es guckt sich trotzdem jemand den Thread hier nochmal an.

RipmaV 14.01.2009 10:14
Das "Problem" besteht weiterhin. Bitte überprüf mal jemand meine geposteten Logs!


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:17 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131