Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Beim Start öffnet sich immer kurz ein scwarzes fenster + Opera öffnet immer eine Seite (https://www.trojaner-board.de/99952-beim-start-oeffnet-immer-kurz-scwarzes-fenster-opera-oeffnet-immer-seite.html)

unwissend123 04.06.2011 17:41
Beim Start öffnet sich immer kurz ein scwarzes fenster + Opera öffnet immer eine Seite
 
hallo leute,

ich hoffe ihr könnt mir helfen.
ich hab in einer email auf einen link geklickt, weil ich auf autosuche war.
dieser link führt mich auf eine bekannte verkaufsplatform.
nun ist es so dass bei jedem neustart sich kurz ein schwarzes fenster öffnet mit der überschrift "system32 cmd.exe".
daraufhin schließt sich das fenster nach wenigen sekunden und es öffnet sich opera mit der seite die ich in der email angeklickt habe.
der preis des autos wird immer billiger und die artikelnummer gibt es aber eigentlich gar nicht.
da es mich tierisch nervt hoffe ich, dass ihr mir sagen könnt wie ich diesen fehler vollständig entfernen kann.

hier die logfiles von otl:OTL Logfile:
Code:
OTL Extras logfile created on: 04.06.2011 18:15:45 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Privat\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,91 Gb Available Physical Memory | 72,73% Memory free
8,00 Gb Paging File | 6,84 Gb Available in Paging File | 85,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 253,86 Gb Free Space | 85,19% Space Free | Partition Type: NTFS
 
Computer Name: PRIVAT-PC | User Name: Privat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON BX305 Series" = Druckerdeinstallation für EPSON BX305 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 2.0
"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"EPSON BX305 Series Manual" = EPSON BX305 Series Handbuch
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"Free Studio_is1" = Free Studio version 5.0.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"Opera 11.11.2109" = Opera 11.11
"Uninstall_is1" = Uninstall 1.0.0.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.01.2011 12:34:05 | Computer Name = Privat-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Privat\AppData\Local\Temp\RarSFX0\redist.dll".
Die
abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 28.01.2011 17:00:04 | Computer Name = Privat-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "ASLDR Service" konnte nicht neu gestartet
werden.
 
Error - 23.02.2011 15:50:11 | Computer Name = Privat-PC | Source = Microsoft-Windows-CAPI2 | ID = 4110
Description = Fehler beim Hinzufügen des Zertifikats zu Drittanbieter-Stammzertifizierungsstellen.
Fehler: Eine Zertifikatkette zu einer vertrauenswürdigen Stammzertifizierungsstelle
konnte nicht aufgebaut werden.
 
Error - 06.04.2011 02:00:19 | Computer Name = Privat-PC | Source = Application Hang | ID = 1002
Description = Programm soffice.bin, Version 3.3.9556.500 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 8e0 Startzeit:
01cbf41f524aaf0e Endzeit: 46 Anwendungspfad: C:\Program Files (x86)\OpenOffice.org
3\program\soffice.bin Berichts-ID: 1eb719a7-6013-11e0-94e7-00045ee24d27
 
Error - 15.05.2011 12:00:10 | Computer Name = Privat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: _is9981.exe, Version: 12.0.0.58855,
Zeitstempel: 0x46d48420 Name des fehlerhaften Moduls: ISSetup.dll, Version: 12.0.0.58855,
Zeitstempel: 0x46eef1f1 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00096f3b ID des fehlerhaften
Prozesses: 0xd70 Startzeit der fehlerhaften Anwendung: 0x01cc1318f7b18bd0 Pfad der
fehlerhaften Anwendung: C:\Users\Privat\AppData\Local\Temp\_is9981.exe Pfad des
fehlerhaften Moduls: C:\Users\Privat\AppData\Local\Temp\{0B382C7B-9F11-417E-952B-E1E2C7856CA5}\ISSetup.dll
Berichtskennung:
68f9ec80-7f0c-11e0-9f6e-0004609d1f8d
 
[ System Events ]
Error - 04.06.2011 10:33:06 | Computer Name = Privat-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 04.06.2011 10:33:06 | Computer Name = Privat-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 04.06.2011 10:34:32 | Computer Name = Privat-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 04.06.2011 10:34:32 | Computer Name = Privat-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 04.06.2011 10:40:37 | Computer Name = Privat-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 04.06.2011 10:40:37 | Computer Name = Privat-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 04.06.2011 12:05:35 | Computer Name = Privat-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 04.06.2011 12:05:35 | Computer Name = Privat-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 04.06.2011 12:07:37 | Computer Name = Privat-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 04.06.2011 12:07:37 | Computer Name = Privat-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
--- --- ---


OTL Logfile:
Code:
OTL logfile created on: 04.06.2011 18:15:45 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Privat\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,91 Gb Available Physical Memory | 72,73% Memory free
8,00 Gb Paging File | 6,84 Gb Available in Paging File | 85,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 253,86 Gb Free Space | 85,19% Space Free | Partition Type: NTFS
 
Computer Name: PRIVAT-PC | User Name: Privat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Privat\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - c:\users\privat\appdata\local\temp\sgjosv51.exe ()
PRC - C:\Users\Privat\AppData\Local\quijjgbf.exe ()
PRC - C:\Users\Privat\AppData\Local\dhvwwtos.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe (Panasonic Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Privat\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB 0B 84 C5 A1 22 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.05.13 15:29:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.05.13 15:45:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Extensions
[2011.05.13 15:45:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Privat\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKCU..\Run: [EPSON BX305 Series] File not found
O4 - HKCU..\Run: [Rlgyghgr] C:\Users\Privat\AppData\Local\dhvwwtos.exe ()
O4 - Startup: C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Privat\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Privat\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Privat\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Privat\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.04 18:13:31 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Privat\Desktop\OTL.exe
[2011.06.04 15:07:35 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Privat\Desktop\HiJackThis204.exe
[2011.06.04 12:36:11 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Privat\Desktop\mbam-setup-1.51.0.1200.exe
[2011.05.26 11:43:23 | 000,000,000 | -H-D | C] -- C:\Users\Privat\AppData\Local\30921202
[2011.05.25 12:24:04 | 000,000,000 | ---D | C] -- C:\Users\Privat\Desktop\Roller
[2011.05.25 09:12:15 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011.05.24 19:17:23 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011.05.24 19:17:23 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011.05.15 18:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2011.05.15 18:00:37 | 000,000,000 | ---D | C] -- C:\Programme\Epson Software
[2011.05.15 17:58:10 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Roaming\Epson
[2011.05.15 17:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2011.05.15 17:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2011.05.15 17:56:45 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\EPSON
[2011.05.15 17:56:28 | 000,010,752 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\E_GCINST.DLL
[2011.05.15 17:56:15 | 000,118,784 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMGJE.DLL
[2011.05.15 17:56:11 | 000,088,064 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBGJE.DLL
[2011.05.15 17:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2011.05.15 17:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2011.05.15 17:55:44 | 000,464,384 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esxw2ud.dll
[2011.05.15 17:55:44 | 000,128,392 | ---- | C] (Seiko Epson Corporation) -- C:\Windows\SysNative\esdevapp.exe
[2011.05.15 17:55:44 | 000,017,408 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcdev.dll
[2011.05.15 17:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2011.05.13 15:45:32 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Roaming\Mozilla
[2011.05.13 15:45:31 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Roaming\Thunderbird
[2011.05.13 15:45:31 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Local\Thunderbird
[2011.05.13 15:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird
[2011.05.13 15:29:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2011.05.11 15:32:59 | 005,509,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.05.11 15:32:56 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.05.11 15:32:56 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.05.11 15:32:53 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011.05.11 15:32:52 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011.05.09 23:18:35 | 000,000,000 | ---D | C] -- C:\Users\Privat\Desktop\Show-Room
[2011.05.08 18:08:06 | 000,000,000 | ---D | C] -- C:\Users\Privat\Desktop\Bmw 728i
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.04 18:15:01 | 000,016,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.04 18:15:01 | 000,016,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.04 18:13:31 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Privat\Desktop\OTL.exe
[2011.06.04 18:11:55 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.06.04 18:11:55 | 000,656,040 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.06.04 18:11:55 | 000,616,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.06.04 18:11:55 | 000,130,640 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.06.04 18:11:55 | 000,106,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.06.04 18:07:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.04 18:07:29 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.04 15:32:05 | 000,008,147 | ---- | M] () -- C:\Users\Privat\Desktop\prüfung 1
[2011.06.04 15:07:35 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Privat\Desktop\HiJackThis204.exe
[2011.06.04 12:36:51 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.04 12:36:12 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Privat\Desktop\mbam-setup-1.51.0.1200.exe
[2011.06.04 12:28:13 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011.05.31 18:27:55 | 001,201,152 | -H-- | M] () -- C:\Users\Privat\AppData\Local\quijjgbf.exe
[2011.05.31 18:27:55 | 001,201,152 | -H-- | M] () -- C:\Users\Privat\AppData\Local\dhvwwtos.exe
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.15 18:02:47 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2011.05.15 18:00:38 | 000,000,306 | ---- | M] () -- C:\Windows\setup.iss
[2011.05.15 17:57:01 | 000,002,291 | ---- | M] () -- C:\Users\Public\Desktop\EPSON BX305 Series Handbuch.lnk
[2011.05.15 17:55:45 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011.05.13 15:29:36 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
 
========== Files Created - No Company Name ==========
 
[2011.06.04 15:32:05 | 000,008,147 | ---- | C] () -- C:\Users\Privat\Desktop\prüfung 1
[2011.06.04 12:28:13 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011.06.04 12:28:13 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011.05.26 11:46:24 | 001,201,152 | -H-- | C] () -- C:\Users\Privat\AppData\Local\quijjgbf.exe
[2011.05.26 11:46:23 | 001,201,152 | -H-- | C] () -- C:\Users\Privat\AppData\Local\dhvwwtos.exe
[2011.05.15 18:02:47 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2011.05.15 18:00:24 | 000,000,306 | ---- | C] () -- C:\Windows\setup.iss
[2011.05.15 17:57:01 | 000,002,291 | ---- | C] () -- C:\Users\Public\Desktop\EPSON BX305 Series Handbuch.lnk
[2011.05.15 17:55:45 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011.05.13 15:29:36 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011.02.23 21:49:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.25 16:23:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.01.28 18:57:33 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\DVDVideoSoft
[2011.01.28 18:57:45 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.25 12:24:20 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Epson
[2011.02.27 18:05:38 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\OpenOffice.org
[2011.06.04 12:28:15 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Opera
[2011.02.28 17:20:32 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Panasonic
[2011.05.13 15:45:32 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\Thunderbird
[2011.04.17 19:05:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---


und hier hab ich noch eines von malewarebytes

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6768

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.06.2011 13:17:09
mbam-log-2011-06-04 (13-17-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 239897
Laufzeit: 37 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

markusg 05.06.2011 15:29
hi
öffne malwarebytes, logdateien, alle logs posten.
• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.


:OTL
PRC - c:\users\privat\appdata\local\temp\sgjosv51.exe ()
PRC - C:\Users\Privat\AppData\Local\quijjgbf.exe ()
PRC - C:\Users\Privat\AppData\Local\dhvwwtos.exe ()
O4 - HKCU..\Run: [EPSON BX305 Series] File not found
O4 - HKCU..\Run: [Rlgyghgr] C:\Users\Privat\AppData\Local\dhvwwtos.exe ()
[2011.05.26 11:43:23 | 000,000,000 | -H-D | C] -- C:\Users\Privat\AppData\Local\30921202

:Files
C:\Users\Privat\AppData\Local\dhvwwtos.exe
C:\Users\Privat\AppData\Local\quijjgbf.exe
c:\users\privat\appdata\local\temp\sgjosv51.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
http://www.trojaner-board.de/54791-a...ner-board.html

unwissend123 06.06.2011 12:29
hier erstmal die vorletzte logdatei von malewarebytes.
ich habe aber sonst keine mehr, da der laptop noch relativ neu ist.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5630

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.01.2011 22:30:49
mbam-log-2011-01-28 (22-30-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 222768
Laufzeit: 19 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



hier nun die datei von OTL:

All processes killed
========== OTL ==========
No active process named sgjosv51.exe was found!
No active process named quijjgbf.exe was found!
No active process named dhvwwtos.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON BX305 Series deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Rlgyghgr deleted successfully.
C:\Users\Privat\AppData\Local\dhvwwtos.exe moved successfully.
C:\Users\Privat\AppData\Local\30921202 folder moved successfully.
File rity] not found.
File PTYFLASH] not found.
File ptytemp] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.23.0 log created on 06062011_131519

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



ich hab "öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
Anleitung: UploadChannel - Trojaner-Board" befolgt,jedoch weis ich nicht was ich nun hochladen soll?

unwissend123 06.06.2011 12:32
beim letzte schritt hab ich den ordner moved files, jedoch weis ich nicht was du mit "wähle zu moved files.rar oder zip hinzufügen." meinst. tut mir leid aber ich kenn mich wirklich nicht mit diesen dingen aus.

markusg 06.06.2011 14:00
du sollst ihn mit winrar oder zip über den rechtsklick packen wie beschrieben.
oder lade und instaliere 7zip
http://filepony.de/download-7-zip/
rechtsklick auf moved files, 7zip aufklappen und packen.

unwissend123 06.06.2011 16:10
sorry, hab die datei nun nach der anleitung hochgeladen.

markusg 06.06.2011 16:11
ist doch kein problem.
danke für den upload.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

unwissend123 06.06.2011 16:32
Combofix Logfile:
Code:
ComboFix 11-06-05.06 - Privat 06.06.2011  17:23:09.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.4095.3038 [GMT 2:00]
ausgeführt von:: c:\users\Privat\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Privat\AppData\Local\quijjgbf.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-05-06 bis 2011-06-06  ))))))))))))))))))))))))))))))
.
.
2011-06-06 15:27 . 2011-06-06 15:27        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-06-06 14:57 . 2011-06-06 14:57        --------        d-----w-        c:\program files (x86)\7-Zip
2011-06-06 11:15 . 2011-06-06 14:58        --------        d-----w-        C:\_OTL
2011-06-03 06:47 . 2011-05-09 22:00        8718160        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5E28661-9361-4E80-87B9-3E0256384F1F}\mpengine.dll
2011-05-25 07:12 . 2011-04-22 20:18        27008        ----a-w-        c:\windows\system32\drivers\Diskdump.sys
2011-05-24 17:17 . 2011-04-09 06:58        142336        ----a-w-        c:\windows\system32\poqexec.exe
2011-05-24 17:17 . 2011-04-09 05:56        123904        ----a-w-        c:\windows\SysWow64\poqexec.exe
2011-05-15 16:02 . 2011-05-15 16:02        --------        d-----w-        c:\programdata\UDL
2011-05-15 16:00 . 2011-05-15 16:00        --------        d-----w-        c:\program files\Epson Software
2011-05-15 15:58 . 2011-05-25 10:24        --------        d-----w-        c:\users\Privat\AppData\Roaming\Epson
2011-05-15 15:57 . 2011-05-15 16:01        --------        d-----w-        c:\program files (x86)\Epson Software
2011-05-15 15:56 . 2011-05-15 15:56        --------        d-----w-        c:\program files\Common Files\EPSON
2011-05-15 15:56 . 2007-04-10 01:06        10752        ----a-w-        c:\windows\system32\E_GCINST.DLL
2011-05-15 15:56 . 2008-11-12 03:00        118784        ----a-w-        c:\windows\system32\E_ILMGJE.DLL
2011-05-15 15:56 . 2009-10-01 03:01        88064        ----a-w-        c:\windows\system32\E_IBCBGJE.DLL
2011-05-15 15:55 . 2011-05-15 15:56        --------        d-----w-        c:\programdata\EPSON
2011-05-15 15:55 . 2009-11-19 22:00        464384        ----a-w-        c:\windows\system32\esxw2ud.dll
2011-05-15 15:55 . 2009-04-30 22:00        17408        ----a-w-        c:\windows\system32\esxcdev.dll
2011-05-15 15:55 . 2009-04-30 22:00        128392        ----a-w-        c:\windows\system32\esdevapp.exe
2011-05-15 15:55 . 2011-05-15 15:56        --------        d-----w-        c:\program files (x86)\epson
2011-05-13 13:45 . 2011-05-13 13:45        --------        d-----w-        c:\users\Privat\AppData\Roaming\Thunderbird
2011-05-13 13:45 . 2011-05-13 13:45        --------        d-----w-        c:\users\Privat\AppData\Local\Thunderbird
2011-05-13 13:29 . 2011-05-13 13:29        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2011-05-11 13:32 . 2011-04-09 06:45        5509504        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-05-11 13:32 . 2011-04-09 06:13        3957632        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 13:32 . 2011-04-09 06:13        3901824        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 13:32 . 2011-03-25 03:23        343040        ----a-w-        c:\windows\system32\drivers\usbhub.sys
2011-05-11 13:32 . 2011-03-25 03:23        324608        ----a-w-        c:\windows\system32\drivers\usbport.sys
2011-05-11 13:32 . 2011-03-25 03:22        52224        ----a-w-        c:\windows\system32\drivers\usbehci.sys
2011-05-11 13:32 . 2011-03-25 03:23        98816        ----a-w-        c:\windows\system32\drivers\usbccgp.sys
2011-05-11 13:32 . 2011-03-25 03:22        25600        ----a-w-        c:\windows\system32\drivers\usbohci.sys
2011-05-11 13:32 . 2011-03-25 03:22        30720        ----a-w-        c:\windows\system32\drivers\usbuhci.sys
2011-05-11 13:32 . 2011-03-25 03:22        7936        ----a-w-        c:\windows\system32\drivers\usbd.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 07:11 . 2011-01-28 16:53        39984        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2011-01-28 16:53        25912        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-03-12 12:03 . 2011-04-26 17:28        662528        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-03-12 11:31 . 2011-04-26 17:28        442880        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:23 . 2011-04-26 17:28        187264        ----a-w-        c:\windows\system32\drivers\storport.sys
2011-03-11 06:23 . 2011-04-26 17:28        1657216        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2011-03-11 06:23 . 2011-04-26 17:28        166272        ----a-w-        c:\windows\system32\drivers\nvstor.sys
2011-03-11 06:23 . 2011-04-26 17:28        148352        ----a-w-        c:\windows\system32\drivers\nvraid.sys
2011-03-11 06:23 . 2011-04-26 17:28        410496        ----a-w-        c:\windows\system32\drivers\iaStorV.sys
2011-03-11 06:22 . 2011-04-26 17:28        107904        ----a-w-        c:\windows\system32\drivers\amdsata.sys
2011-03-11 06:22 . 2011-04-26 17:28        27008        ----a-w-        c:\windows\system32\drivers\amdxata.sys
2011-03-11 06:19 . 2011-04-13 22:35        1395712        ----a-w-        c:\windows\system32\mfc42.dll
2011-03-11 06:19 . 2011-04-13 22:35        1359872        ----a-w-        c:\windows\system32\mfc42u.dll
2011-03-11 06:18 . 2011-04-26 17:28        2566144        ----a-w-        c:\windows\system32\esent.dll
2011-03-11 06:15 . 2011-04-26 17:28        96768        ----a-w-        c:\windows\system32\fsutil.exe
2011-03-11 05:40 . 2011-04-13 22:35        1164288        ----a-w-        c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:40 . 2011-04-13 22:35        1137664        ----a-w-        c:\windows\SysWow64\mfc42.dll
2011-03-11 05:39 . 2011-04-26 17:28        1686016        ----a-w-        c:\windows\SysWow64\esent.dll
2011-03-11 05:37 . 2011-04-26 17:28        74240        ----a-w-        c:\windows\SysWow64\fsutil.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
.
c:\users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VideoCam Suite 2.0.lnk - c:\program files (x86)\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe [2011-2-28 185688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Privat\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Privat\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-06-06  17:29:25
ComboFix-quarantined-files.txt  2011-06-06 15:29
.
Vor Suchlauf: 8 Verzeichnis(se), 272.123.269.120 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 272.167.776.256 Bytes frei
.
- - End Of File - - E6DE273CCCCD2854415017231DE916B2
--- --- ---

markusg 06.06.2011 16:37
wie läuft das gerät?

unwissend123 06.06.2011 16:55
hab den pc jetzt 2 mal neu gestartet und diese nervige meldung kam nun endlich nicht mehr. ich hoffe es bleibt so.
tausend dank, wirklich super service, endlich kann ich wieder ungestört arbeiten.
kannst du mir vielleicht noch sagen was das nun genau für eine art von datei war, also ob es werbung, ein virus oder ewas anderes war?

markusg 06.06.2011 17:30
lade den CCleaner standard:
CCleaner - Standard
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:01 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131