Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   BKA Trojaner - Brauche dringend Hilfe! (https://www.trojaner-board.de/97460-bka-trojaner-brauche-dringend-hilfe.html)

Deggendorf 14.04.2011 13:47
BKA Trojaner - Brauche dringend Hilfe!
 
Hallo,

wurde auch Opfer des BKA-Trojaners. Habe den Scan drüber laufen lassen und folgenden Log bekommen:OTL Logfile:
Code:
OTL logfile created on: 4/14/2011 2:12:04 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
895.00 Mb Total Physical Memory | 644.00 Mb Available Physical Memory | 72.00% Memory free
806.00 Mb Paging File | 706.00 Mb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88.42 Gb Total Space | 9.19 Gb Free Space | 10.39% Space Free | Partition Type: NTFS
Drive D: | 23.36 Gb Total Space | 14.75 Gb Free Space | 63.13% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] -- -- (gusvc)
SRV - [2007/12/19 17:56:26 | 000,214,056 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2007/08/28 08:16:15 | 000,063,016 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2007/05/22 10:30:34 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/23 06:17:50 | 001,509,888 | ---- | M] (Buhl Data Service GmbH) [Auto] -- C:\Program Files\Sceneo\Bonavista\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007/01/04 14:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/17 15:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006/09/28 03:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/17 09:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] -- -- (PptpMiniport) WAN-Miniport (PPTP)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | System] -- -- (mailKmd)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2009/06/15 12:01:00 | 000,273,920 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\V0540Vid.sys -- (V0540Dev)
DRV - [2007/12/19 17:56:27 | 000,061,632 | ---- | M] (AVIRA GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2007/09/17 06:24:55 | 000,048,448 | ---- | M] (Avira GmbH) [File_System | On_Demand] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2007/03/01 05:34:30 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/02/27 10:25:04 | 000,011,840 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2007/01/13 05:40:00 | 004,452,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/01/08 14:34:04 | 000,449,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2006/11/15 12:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 07:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 05:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/09/15 03:44:18 | 000,011,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2003/04/28 06:27:06 | 000,009,867 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\Tobias_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\Tobias_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Tobias_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Tobias_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Tobias_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\Tobias_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\Tobias_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: dplauncher@digitalpublishing.de:1.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/08 15:20:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/16 09:17:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/02 13:53:02 | 000,000,000 | ---D | M]
 
[2008/11/08 16:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\Mozilla\Extensions
[2011/04/10 15:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\extensions
[2009/10/01 05:49:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/01 03:55:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/01 12:55:33 | 000,000,000 | ---D | M] (dp Launcher Plugin) -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\extensions\dplauncher@digitalpublishing.de
[2010/02/26 15:37:46 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\extensions\firefox@tvunetworks.com
[2009/04/17 06:04:12 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\extensions\moveplayer@movenetworks.com
[2011/04/06 07:23:14 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-1.xml
[2009/02/05 11:20:01 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-10.xml
[2009/03/24 08:48:19 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-11.xml
[2009/03/30 02:58:15 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-12.xml
[2009/04/22 13:40:11 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-13.xml
[2009/04/29 13:12:24 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-14.xml
[2009/06/19 11:12:47 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-15.xml
[2009/07/24 11:05:27 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-16.xml
[2009/10/03 09:35:38 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-17.xml
[2009/10/31 12:01:14 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-18.xml
[2009/12/18 09:04:18 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-19.xml
[2007/11/03 16:56:14 | 000,000,949 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-2.xml
[2010/01/08 14:04:49 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-20.xml
[2010/02/26 15:37:52 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-21.xml
[2007/11/28 11:09:56 | 000,000,949 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-3.xml
[2007/12/01 13:26:52 | 000,000,949 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-4.xml
[2008/07/19 12:04:33 | 000,000,949 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-5.xml
[2008/07/22 08:22:27 | 000,000,949 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-6.xml
[2008/10/24 12:21:53 | 000,000,949 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-7.xml
[2008/12/03 11:14:20 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-8.xml
[2008/12/25 18:47:16 | 000,000,950 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin-9.xml
[2009/03/25 06:49:20 | 000,000,944 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\a76vxje5.default\searchplugins\icqplugin.xml
[2009/06/19 13:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/19 11:18:45 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2007/06/13 07:29:18 | 000,000,000 | ---D | M] (DivX Settings) -- C:\Program Files\Mozilla Firefox\extensions\divx@partners.mozilla.com
[2010/05/30 05:47:24 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/05/30 05:47:25 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/05/30 05:47:25 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/05/30 05:47:25 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/05/30 05:47:25 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (IE Toolbar)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\Tobias_ON_C\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\Tobias_ON_C\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Babylon Client] File not found
O4 - HKLM..\Run: [C:\Windows\system32\V0540Ext.ax] C:\Windows\System32\V0540Ext.ax (Creative Technology Ltd.)
O4 - HKLM..\Run: [CtrlVol] File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Tobias_ON_C..\Run: [SystemData.exe] C:\SystemData\SystemData.exe ()
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Tobias_ON_C Winlogon: Shell - (C:\Users\Tobias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5NG2L6CG\info[1].exe) - C:\Users\Tobias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5NG2L6CG\info[1].exe ()
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2980136b-5220-11e0-8eac-0016d382602b}\Shell - "" = AutoRun
O33 - MountPoints2\{2980136b-5220-11e0-8eac-0016d382602b}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{8f83e48f-f98d-11db-b9ea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8f83e48f-f98d-11db-b9ea-806e6f6e6963}\Shell\AutoRun\command - "" = E:\PSetup.exe /continue /uionlyifneeded
O33 - MountPoints2\{b36289f0-ac20-11dd-a388-0016d382602b}\Shell\AutoRun\command - "" = F:\Launch.exe
O33 - MountPoints2\{cf288df8-4b44-11df-b08b-0016d382602b}\Shell\AutoRun\command - "" = F:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/14 11:10:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/04 06:36:59 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\México - Méx.Trip
[2011/04/03 14:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/04/03 14:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/03/19 08:26:06 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\Warcraft III
[2011/03/15 15:38:52 | 000,000,000 | ---D | C] -- C:\Users\Tobias\Desktop\6.Semester
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/13 17:37:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/13 17:36:07 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/13 17:36:07 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/13 17:35:52 | 938,131,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/12 11:02:10 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/12 11:02:10 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/12 11:02:10 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/12 11:02:10 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/12 08:12:24 | 000,013,072 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\nvModes.dat
[2011/04/12 08:12:24 | 000,013,072 | ---- | M] () -- C:\Users\Tobias\AppData\Roaming\nvModes.001
[2011/04/12 06:30:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/04/08 08:45:19 | 000,000,638 | ---- | M] () -- C:\Users\Tobias\Desktop\PLAKAT_gemeinsam.fuer.japan.lnk
[2011/04/03 14:05:54 | 001,863,844 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/04/03 13:39:44 | 000,009,840 | -HS- | M] () -- C:\Users\Tobias\AppData\Local\8h7677sklawlu0y1x0g47maike22u417x83d12u6wgr8je
[2011/04/03 13:39:44 | 000,009,840 | -HS- | M] () -- C:\ProgramData\8h7677sklawlu0y1x0g47maike22u417x83d12u6wgr8je
[2011/04/03 12:14:16 | 000,331,776 | -HS- | M] () -- C:\Users\Tobias\AppData\Local\tpi.exe
[2011/03/31 05:06:08 | 002,720,800 | ---- | M] () -- C:\Users\Tobias\Desktop\Bad Taste Party.jpg
 
========== Files Created - No Company Name ==========
 
[2011/04/13 17:35:52 | 938,131,456 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/08 08:42:53 | 000,000,638 | ---- | C] () -- C:\Users\Tobias\Desktop\PLAKAT_gemeinsam.fuer.japan.lnk
[2011/04/03 14:04:47 | 001,863,844 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/04/03 12:14:48 | 000,009,840 | -HS- | C] () -- C:\Users\Tobias\AppData\Local\8h7677sklawlu0y1x0g47maike22u417x83d12u6wgr8je
[2011/04/03 12:14:48 | 000,009,840 | -HS- | C] () -- C:\ProgramData\8h7677sklawlu0y1x0g47maike22u417x83d12u6wgr8je
[2011/04/03 12:14:16 | 000,331,776 | -HS- | C] () -- C:\Users\Tobias\AppData\Local\tpi.exe
[2011/03/31 05:07:10 | 002,720,800 | ---- | C] () -- C:\Users\Tobias\Desktop\Bad Taste Party.jpg
[2010/02/10 14:53:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/04 12:26:16 | 000,054,789 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009/10/20 13:25:38 | 000,000,680 | ---- | C] () -- C:\Users\Tobias\AppData\Local\d3d9caps.dat
[2008/11/06 13:25:05 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2007/12/19 17:56:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007/05/21 12:54:37 | 000,047,104 | ---- | C] () -- C:\Users\Tobias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/21 06:42:12 | 000,013,072 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\nvModes.001
[2007/05/21 06:03:44 | 000,013,072 | ---- | C] () -- C:\Users\Tobias\AppData\Roaming\nvModes.dat
[2007/05/03 13:31:40 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2007/05/03 13:31:37 | 000,000,634 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/05/03 13:31:36 | 000,000,967 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007/03/14 19:12:48 | 000,081,920 | ---- | C] () -- C:\Windows\mws.exe
[2007/03/12 21:42:14 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007/03/10 02:49:55 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2007/03/10 02:49:54 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2007/03/10 02:39:31 | 000,000,199 | ---- | C] () -- C:\Windows\WISO.INI
[2007/03/09 22:40:31 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/03/09 10:58:44 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2007/03/09 01:33:44 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/02/28 05:13:52 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2006/12/11 00:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 11:33:31 | 000,641,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,116,706 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,392,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/09/20 02:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini
[1997/10/17 18:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997/10/17 18:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
[1997/09/03 18:00:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\WRKGADM.EXE
[1997/09/03 18:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[1997/09/03 18:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\VADE232.DLL
 
========== LOP Check ==========
 
[2007/06/09 23:19:00 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Babylon
[2010/02/21 18:50:11 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\DataDesign
[2010/05/01 12:55:53 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\digital publishing
[2009/10/19 17:21:00 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\fotobuch.de AG
[2011/03/17 10:29:28 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\ICQ
[2007/05/21 09:22:55 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\ICQ Toolbar
[2007/05/21 09:09:40 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\ICQLite
[2007/06/12 08:21:27 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\InterVideo
[2011/01/22 12:30:07 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Langenscheidt
[2007/05/21 13:02:22 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\MAGIX
[2007/05/03 13:05:48 | 000,000,000 | ---D | M] -- C:\Users\Tobias\AppData\Roaming\Ulead Systems
[2007/05/03 13:00:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2007/06/09 23:17:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2007/05/03 13:00:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2007/05/03 13:00:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2009/10/19 17:21:01 | 000,000,000 | ---D | M] -- C:\ProgramData\fotobuch.de AG
[2007/03/10 02:39:23 | 000,000,000 | ---D | M] -- C:\ProgramData\fun communications
[2009/06/19 11:18:41 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2007/03/09 11:36:30 | 000,000,000 | ---D | M] -- C:\ProgramData\InterVideo
[2011/01/22 12:30:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Langenscheidt
[2007/03/12 21:46:32 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2007/05/03 13:00:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/04/03 14:37:22 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2007/03/14 19:14:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2007/05/03 13:00:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2007/03/09 23:35:06 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2007/12/05 17:11:17 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2011/04/12 09:34:58 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
--- --- ---


Kann mir irgendjemand bei diesem Problem helfen? Und zwar einem nicht wirklichem Computer-Menschen :)!

Wäre euch sehr dankbar!

markusg 14.04.2011 14:22
wer nie windows updates etc instaliert muss sich nicht wundern. ob das system überhaupt noch zu retten ist, da mehrere infektionen vorliegen wird sich noch rausstellen müssen

wir haben hier auch ein kleines problem.
das script ist zu lang fürs forum. ich poste dir also einen screenshot, wie es im otl aussehen muss.
kopiere das script also in das otl fenster, schaue dir den screen shot an. wenn ne zeile falsch umgebrochen ist, stelle dich an deren ende, drücke entf. und damit wird das script nach oben gezogen.
http://www12.file-upload.net/thumb/1...ib9rscwk6n.jpg

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:

:OTL
O4 - HKU\Tobias_ON_C..\Run: [SystemData.exe] C:\SystemData\SystemData.exe ()

O20 - HKU\Tobias_ON_C Winlogon: Shell - (C:\Users\Tobias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5NG2L6CG\info[1].exe) - C:\Users\Tobias\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\5NG2L6CG\info[1].exe ()
:Files
C:\SystemData
C:\Users\Tobias\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\5NG2L6CG\info[1].exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt auf deinem stick.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.



öffne computer, öffne c: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
lade das archiv in unserem upload channel hoch.
http://www.trojaner-board.de/54791-a...ner-board.html

danach:

Deggendorf 14.04.2011 17:02
Hi

also erst einmal vielen Dank für deine Hilfe! Nur leider geht der Computer immer noch nicht. Ich habe das oben genannte mehrmals wiederholt aber leider ohne erfolg.

Sonst noch irgendwelche Vorschläge?

markusg 14.04.2011 17:20
na was ist denn passiert als du den otl fix ausgeführt hast...

Deggendorf 14.04.2011 17:54
Hm also ich habe auf Run Fix geklickt, dann habe ich Fix.txt ausgewählt und dann kam die Meldung Vorgang beendet. Und dann wurde ich gefragt ob ich ein reboot machen möchte. Ich habe Ja gesagt, PC hat allerdings nicht von alleine neu gestartet. Dann habe ich das gemacht, allerdings kam beim Hochfahren direkt wieder das BKA-Fenster.... hm irgendwelche Ideen noch?

markusg 14.04.2011 18:39
kannst du mal versuchen das script per hand einzugeben? manchmal klappt das über die txt nicht.

Deggendorf 14.04.2011 19:05
habs versucht leider ohne Erfolg! :(

Deggendorf 14.04.2011 19:19
vllt noch eine Idee?

markusg 14.04.2011 20:17
bitte mal dieses script versuchen.

Code:
:OTL
O20 - HKU\Tobias_ON_C Winlogon: Shell - (C:\Users\Tobias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5NG2L6CG\info[1].exe) - C:\Users\Tobias\AppData\LocalMicrosoft\Windows\Temporary Internet Files\Content.IE5\5NG2L6CG\info[1].exe ()
:Files
C:\Users\Tobias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5NG2L6CG\info[1].exe
:Commands
[Reboot]

Deggendorf 14.04.2011 21:03
markusg du bist ein König! Vielen Vielen Dank, bin gerade wieder rein gekommen....

markusg 15.04.2011 10:23
na das ist doch schon mal was.
download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

Deggendorf 18.04.2011 11:30
hey markus...

neues Problem ist aufgetreten. Der BKA-Trojaner kam wieder. Hab dann ihn aber auch noch einmal weg bekommen mit dem gleichen Verfahren. Nur nun sind alle meine persönlichen Daten verschwunden und jedes Mal wenn ich meinen Computer starte kommt eine Datenträgerüberprüfung die jedes Mal bei 16 % abrupt endet...
Hast du ne Idee was ich tun kann um den PC wieder normal zu benutzen?

Danke dir schon mal!

markusg 18.04.2011 11:57
mach ne datn sicherung über die otl cd wir setzen neu auf und sichern den pc dann richtig ab.

Deggendorf 18.04.2011 17:02
puh so nach einer kleinen Ewigkeit hab ich jetzt das wichtigste wieder :)... wie schaff ich es jetzt aber noch das die Datenüberprüfung am Anfang, wenn ich den PC hochfahren möchte, nicht bei 16 % hängen bleibt und somit bei jedem Start von neuem wieder aufgeht?

Und was kann ich tun nun um meinen PC besser zu schützen?

Wie immer dank ich dir schon mal im VOraus! :)

markusg 18.04.2011 17:08
hast du deine daten gesichert? wir instalieren windows dann neu.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:28 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131