Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows Recovery Maleware

Windows Recovery Maleware


Log-Analyse und Auswertung: Windows Recovery Maleware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 24.03.2011, 23:35   #12
machete81
 
Windows Recovery Maleware - Standard

Erneuter OTL-Scan...


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.03.2011 23:29:50 - Run 5
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Machete 81\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 3,91 Gb Free Space | 1,29% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 21,95 Gb Free Space | 14,57% Space Free | Partition Type: NTFS
 
Computer Name: MACHETE81-PC | User Name: Machete 81 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Machete 81\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - c:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Machete 81\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ISPwdSvc) --  File not found
SRV - (comHost) --  File not found
SRV - (CLTNetCnService) --  File not found
SRV - (ccSetMgr) --  File not found
SRV - (ccEvtMgr) --  File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (DAUpdaterSvc) -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FSCLBaseUpdaterService) -- c:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
SRV - (StarWindServiceAE) -- C:\Spiele\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (OlyCamComm) -- C:\Windows\System32\drivers\OlyCamComm.sys (OLYMPUS IMAGING CORP.)
DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) -- C:\Programme\CyberLink\PowerDVD\000.fcl (CyberLink Corp.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (HCW88TSE) -- C:\Windows\System32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc)
DRV - (HCW88BDA) -- C:\Windows\System32\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc)
DRV - (HCW88AUD) -- C:\Windows\System32\drivers\hcw88aud.sys (Hauppauge Computer Works, Inc)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys (Symantec Corporation)
DRV - (NCPro) -- C:\Windows\system32\drivers\MTictwl.sys ()
DRV - (MagicTune) -- C:\Windows\System32\drivers\MTictwl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=15015&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http:google"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.03 20:18:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.03 20:18:08 | 000,000,000 | ---D | M]
 
[2009.01.25 13:22:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Machete 81\AppData\Roaming\mozilla\Extensions
[2011.01.23 21:31:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Machete 81\AppData\Roaming\mozilla\Firefox\Profiles\r10enxb0.default\extensions
[2009.08.13 17:38:32 | 000,002,236 | -H-- | M] () -- C:\Users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\searchplugins\askcom.xml
[2009.05.07 16:07:36 | 000,000,894 | -H-- | M] () -- C:\Users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\searchplugins\conduit.xml
[2009.08.30 12:38:03 | 000,002,321 | -H-- | M] () -- C:\Users\Machete 81\AppData\Roaming\Mozilla\Firefox\Profiles\r10enxb0.default\searchplugins\forestle-de.xml
[2010.10.22 14:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.08.16 20:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 14:40:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008.10.24 17:27:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2008.12.04 16:06:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.04.18 19:51:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010.08.16 20:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 14:40:03 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009.09.02 02:01:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.03 20:18:03 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.03 20:18:03 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.03 20:18:03 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.03 20:18:03 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.03 20:18:03 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.03.24 22:59:49 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FG2CatchUrl) - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - D:\FlashGet universal\ComDlls\bhoCATCH.dll (FlashGet)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Olympus ib] C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Olympus ib] C:\Program Files\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Users\Machete 81\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O8 - Extra context menu item: &Download All by FlashGet - D:\FlashGet universal\ComDlls\Bhoall.htm ()
O8 - Extra context menu item: &Download by FlashGet - D:\FlashGet universal\ComDlls\Bholink.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Machete 81\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: winamp.com ([client] https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.97 83.169.186.225
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Machete 81\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Machete 81\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.24 22:59:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.03.24 19:21:57 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Machete 81\Desktop\OTL.exe
[2011.03.24 00:02:51 | 000,000,000 | ---D | C] -- C:\Users\Machete 81\AppData\Roaming\Malwarebytes
[2011.03.24 00:02:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.24 00:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.24 00:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.24 00:02:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.24 00:02:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.24 00:02:00 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Machete 81\Desktop\mbam-setup.exe
[2011.03.22 02:44:57 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Machete 81\Desktop\HiJackThis204.exe
[2011.03.22 02:18:48 | 000,000,000 | -H-D | C] -- C:\Users\Machete 81\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.03.12 20:04:44 | 000,000,000 | -H-D | C] -- C:\Users\Machete 81\Desktop\Neuer Ordner
[2011.03.12 20:03:26 | 000,000,000 | -H-D | C] -- C:\Users\Machete 81\Desktop\SOFA
[2011.03.09 09:35:09 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 09:35:09 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 09:35:09 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 09:35:09 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.02.23 00:30:56 | 000,000,000 | -H-D | C] -- C:\Users\Machete 81\AppData\Roaming\elsterformular
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.24 23:18:44 | 000,001,356 | ---- | M] () -- C:\Users\Machete 81\AppData\Local\d3d9caps.dat
[2011.03.24 23:18:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.24 23:18:02 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.24 23:17:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.24 23:17:55 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.24 22:59:49 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.03.24 19:21:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Machete 81\Desktop\OTL.exe
[2011.03.24 19:19:37 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Machete 81\Desktop\HiJackThis204.exe
[2011.03.24 00:02:38 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.24 00:02:00 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Machete 81\Desktop\mbam-setup.exe
[2011.03.22 10:14:37 | 000,342,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.03.17 23:01:40 | 004,711,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.17 23:01:40 | 001,858,312 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.17 23:01:40 | 001,436,582 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.17 23:01:40 | 001,299,186 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.16 00:11:21 | 000,168,960 | -H-- | M] () -- C:\Users\Machete 81\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.28 20:47:35 | 000,052,157 | -H-- | M] () -- C:\Users\Machete 81\Downloads\Documents\Steuer2010.pdf
[2011.02.28 20:39:02 | 000,082,595 | -H-- | M] () -- C:\Users\Machete 81\ESt2010_Rohde_Andreas.elfo
 
========== Files Created - No Company Name ==========
 
[2011.03.24 00:02:38 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.22 10:12:36 | 2146,754,560 | -HS- | C] () -- C:\hiberfil.sys
[2011.02.28 20:47:35 | 000,052,157 | -H-- | C] () -- C:\Users\Machete 81\Downloads\Documents\Steuer2010.pdf
[2011.02.27 18:45:06 | 000,082,595 | -H-- | C] () -- C:\Users\Machete 81\ESt2010_Rohde_Andreas.elfo
[2011.01.21 00:29:26 | 000,000,760 | -H-- | C] () -- C:\Users\Machete 81\AppData\Roaming\setup_ldm.iss
[2010.08.28 23:12:57 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2010.08.28 23:12:56 | 000,040,960 | ---- | C] () -- C:\Windows\98Setup.exe
[2010.07.19 21:11:02 | 000,000,219 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.05.30 23:03:44 | 000,000,876 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2010.04.23 22:23:47 | 000,000,468 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2010.04.23 22:23:47 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2010.04.23 22:23:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.04.23 22:18:13 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2010.04.22 22:19:19 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.09.24 17:39:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 17:39:55 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.24 17:39:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.09.15 00:23:30 | 000,107,572 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009.02.25 02:33:54 | 000,024,227 | -H-- | C] () -- C:\Users\Machete 81\AppData\Roaming\UserTile.png
[2009.02.22 23:02:45 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.02.13 18:42:32 | 000,000,034 | ---- | C] () -- C:\Windows\System32\oeminfo.ini
[2008.12.04 17:59:06 | 000,178,992 | ---- | C] () -- C:\Windows\hphins26.dat
[2008.11.15 20:11:59 | 000,000,339 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.11.15 16:36:59 | 000,013,312 | ---- | C] () -- C:\Windows\System32\drivers\MTictwl.sys
[2008.11.05 19:25:26 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.11.01 23:20:10 | 000,001,356 | ---- | C] () -- C:\Users\Machete 81\AppData\Local\d3d9caps.dat
[2008.11.01 22:19:21 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008.10.28 17:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.10.26 19:07:46 | 000,005,061 | -H-- | C] () -- C:\ProgramData\xqkcebzs.dik
[2008.10.22 16:01:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.10.04 16:22:35 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2008.09.28 00:10:20 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008.09.24 19:52:22 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008.09.24 19:52:22 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.07.04 19:41:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.04.01 20:47:15 | 000,000,098 | -H-- | C] () -- C:\Users\Machete 81\AppData\Local\fusioncache.dat
[2008.03.17 22:21:57 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2008.03.17 22:20:50 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.03.17 22:19:46 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.03.11 01:32:25 | 000,000,074 | -H-- | C] () -- C:\Users\Machete 81\AppData\Roaming\wklnhst.dat
[2008.03.06 23:06:44 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.03.06 23:06:44 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.03.05 18:49:51 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008.03.04 23:59:23 | 000,022,328 | -H-- | C] () -- C:\Users\Machete 81\AppData\Roaming\PnkBstrK.sys
[2008.03.04 23:59:23 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.03.04 23:59:06 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008.03.04 23:59:04 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008.03.04 23:58:54 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.03.04 13:21:30 | 000,168,960 | -H-- | C] () -- C:\Users\Machete 81\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.18 17:49:21 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat
[2007.11.08 04:24:10 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2007.11.08 04:19:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007.09.20 11:33:52 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2007.09.20 11:33:52 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2007.09.20 11:33:52 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.09.20 11:33:52 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2007.09.20 11:33:52 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007.09.20 11:33:52 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2007.09.20 11:33:52 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2007.09.20 11:33:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007.09.20 11:33:52 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2007.09.20 11:33:52 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2007.09.20 11:33:52 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2007.09.20 11:33:52 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2007.09.20 11:33:52 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007.09.20 11:33:52 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2007.09.20 11:33:52 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2007.09.20 11:33:52 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2007.09.20 11:33:52 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2007.09.20 11:33:52 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2007.09.20 11:33:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.03.20 15:44:02 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2006.11.02 16:33:31 | 004,711,396 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 001,436,582 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,342,040 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 001,858,312 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 001,299,186 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:27:46 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP207.ini
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.07 22:29:33 | 000,001,024 | ---- | C] () -- C:\Windows\System32\ASPRTMM0.DLL
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2006.02.26 10:08:28 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004.05.24 19:33:16 | 000,155,648 | ---- | C] () -- C:\Windows\System32\LEXPING.EXE
[2002.11.13 08:40:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
[2001.01.19 08:50:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\INSTMON.EXE
 
========== Files - Unicode (All) ==========
[2008.03.22 22:46:17 | 000,307,910 | -H-- | C] ()(C:\Users\Machete 81\Downloads\Documents\? 4Basti.amr) -- C:\Users\Machete 81\Downloads\Documents\ 4Basti.amr
[2008.03.18 21:10:04 | 000,307,910 | -H-- | M] ()(C:\Users\Machete 81\Downloads\Documents\? 4Basti.amr) -- C:\Users\Machete 81\Downloads\Documents\ 4Basti.amr

< End of report >
--- --- ---
 

Themen zu Windows Recovery Maleware
anti-malware, appdata, bösartige, dateien, explorer, fehlermeldungen, festplatte, festplatten, files, maleware, microsoft, minute, nicht mehr, platte, platten, problem, programdata, recovery, service, software, temporary, value, version, windows, zugreifen, ähnliches


« klassisches fensterdesign wie bekomm ich es weg | nuqel Trojaner - rkill laeuft nicht Malwarebytes auch nicht »


Ähnliche Themen: Windows Recovery Maleware


  1. Windows 7: Avira meldet Maleware
    Plagegeister aller Art und deren Bekämpfung - 07.11.2015 (7)
  2. Windows PC mit viel Maleware
    Plagegeister aller Art und deren Bekämpfung - 16.02.2015 (13)
  3. Windows 7 träge und ständig neue Maleware
    Log-Analyse und Auswertung - 09.01.2015 (21)
  4. Windows 7 64Bit+ Avast, Win32:Maleware.gen
    Plagegeister aller Art und deren Bekämpfung - 20.01.2014 (22)
  5. Spyhunter 4, Maleware oder Maleware Security Suite?
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (5)
  6. TR Windows Recovery
    Plagegeister aller Art und deren Bekämpfung - 24.06.2011 (19)
  7. Windows XP Recovery GAU
    Plagegeister aller Art und deren Bekämpfung - 18.06.2011 (15)
  8. Maleware Verdacht: Recovery-Aufforderung mit Meldung "Festplatte beschädigt"
    Mülltonne - 16.06.2011 (1)
  9. Windows Recovery
    Log-Analyse und Auswertung - 10.06.2011 (20)
  10. Windows 7 recovery
    Log-Analyse und Auswertung - 24.05.2011 (9)
  11. Windows Maleware WindowsRecovery
    Log-Analyse und Auswertung - 14.05.2011 (48)
  12. Windows Recovery auf PC
    Log-Analyse und Auswertung - 08.05.2011 (6)
  13. windows fehler oder maleware ?
    Alles rund um Windows - 07.05.2011 (1)
  14. Windows Recovery
    Log-Analyse und Auswertung - 04.05.2011 (7)
  15. Windows recovery
    Log-Analyse und Auswertung - 26.04.2011 (13)
  16. Windows Recovery :(
    Plagegeister aller Art und deren Bekämpfung - 24.04.2011 (1)
  17. Maleware? oder Fehlalarm wegen Windows 7
    Log-Analyse und Auswertung - 26.09.2009 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows Recovery Maleware - OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 24.03.2011 23:29:50 - Run 5 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Machete 81\Desktop Windows Vista Home Premium - Windows Recovery Maleware...
Archiv
Du betrachtest: Windows Recovery Maleware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131