Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Ukash-Bundespolizei Trojaner Befall (https://www.trojaner-board.de/104459-ukash-bundespolizei-trojaner-befall.html)

DennisH 24.10.2011 20:16
Ukash-Bundespolizei Trojaner Befall
 
Hallo und Guten Abend,

ich habe mir heute den Ukash Trojaner eingefangen. Ich hatte ihn schoneinmal, da ging er jedoch mit Ein und Ausschalten den Laptops weg. Dieses mal war dies nicht der Fall.
Ich habe mich also an meinen Rechner gesetzt und angefangen zu googlen. Dabei bin ich auf mehrere Themen in diesem Forum gestoßen, die dieses Thema behandeln. Leider habe ich das Problem, das ich nie einen wirklichen anfang finde. :headbang: Deshalb habe ich die Bitte, dass mir das vielleicht jemand noch einmal Schritt für Schritt erklären kann, was ich da machen muss, wo ich die Files finde und wie ich die benötigten Programme bekomme. :dankeschoen:

Ich brauche den Laptop nämlich für die Arbeit.

Vielen Dank

Dennis

markusg 24.10.2011 20:24
hi, beide geräte die dir zur verfügung stehen haben ein dvd laufwerk bzw cd laufwerk, du hast rolinge und nen stick zur hand?
download:
http://filepony.de/download-otlpe/
und brenne es mit ISOBurner auf eine CD.
ISO Burner Download - ISO Burner 2.5
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die Datei, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs

DennisH 24.10.2011 20:26
hey, danke für die schnelle antwort. :dankeschoen:

ich werde das gleich mal machen und die logs dann heute abend oder spätestens morgen mittag posten.

markusg 24.10.2011 20:31
jo, lange bin ich nicht mehr online, aber werds mir auf jeden fall morgen angucken.

DennisH 24.10.2011 22:13
Soo, ich habe jetzt hier die otl.txt (im notfall auch im anhang zu finden)
eine andere datei hat er nicht angelegt.
OTL Logfile:
Code:
OTL logfile created on: 10/25/2011 1:03:27 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.52 Gb Total Space | 123.83 Gb Free Space | 66.39% Space Free | Partition Type: NTFS
Drive D: | 184.62 Gb Total Space | 153.37 Gb Free Space | 83.08% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/08/17 20:36:20 | 000,203,264 | ---- | M] (AMD) [Auto] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/24 05:40:26 | 000,242,176 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/04/15 11:08:20 | 000,803,696 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/03/17 05:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/03/06 12:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2007/11/21 11:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2011/08/06 17:57:01 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/21 01:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/16 12:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009/04/01 12:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/03/30 10:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009/03/10 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/03/06 11:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/02/11 07:05:16 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/08/06 17:57:02 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/08/06 17:57:02 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/01/13 10:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/08/17 21:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/04/24 08:29:40 | 000,206,336 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/03/23 10:48:20 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/03/18 05:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2008/02/06 18:29:08 | 000,195,632 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2007/12/11 08:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 08:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Toshiba_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;
IE - HKU\Toshiba_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEG&bmod=TSEG;
IE - HKU\Toshiba_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Toshiba_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/11 14:01:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/08/03 18:16:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Extensions
[2011/09/09 18:51:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/09 18:51:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
File not found (No name found) --
[2011/08/05 14:19:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/11 14:01:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/11 14:01:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/11 14:01:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/11 14:01:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/11 14:01:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/11 14:01:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/11 14:01:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\Toshiba_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPCHWMsg] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera]  File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Toshiba_ON_C..\Run: [avupdate]  File not found
O4 - HKU\Toshiba_ON_C..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\Toshiba_ON_C..\Run: [quro.exe] C:\Users\Toshiba\AppData\Roaming\Byhaco\quro.exe ()
O4 - HKU\Toshiba_ON_C..\Run: [ss0hiw71.exe] C:\Users\Toshiba\AppData\Roaming\ss0hiw71.exe (Radialpoint Inc.)
O4 - HKU\Toshiba_ON_C..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ()
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/10/24 14:39:17 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Avira
[2011/10/24 14:34:56 | 000,174,592 | ---- | C] (Radialpoint Inc.) -- C:\Users\Toshiba\AppData\Roaming\ss0hiw71.exe
[2011/10/22 10:25:02 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Documents\Stronghold Crusader
[2011/10/13 06:53:07 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/13 06:53:07 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/10/13 06:53:06 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/13 06:53:06 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/13 06:53:06 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/10/13 06:53:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/13 06:53:05 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/13 06:53:05 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/10/13 06:53:05 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/13 06:53:05 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/13 06:53:05 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2011/10/13 06:53:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/13 06:53:05 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/13 06:53:05 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/10/13 06:53:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/10/13 06:53:05 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/10/13 06:52:14 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/13 06:52:14 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/13 06:52:14 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/10/13 06:52:14 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011/10/13 06:52:14 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/13 06:52:14 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/13 06:52:14 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/13 06:52:13 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/13 06:52:13 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/10/13 06:52:13 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/10/13 06:52:10 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
[2011/10/13 06:52:08 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2011/10/11 09:44:59 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\.minecraft
[2011/10/08 06:17:54 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\Kiemensee
[2011/10/06 14:09:04 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Documents\Stronghold Legends
[2011/10/06 13:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Firefly Studios
[2011/10/06 13:56:50 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Documents\Stronghold 2
[2011/10/01 19:40:28 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Warhammer Battle March
[2011/10/01 18:42:36 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Documents\Warhammer Battle March
[2011/10/01 17:16:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2011/10/01 17:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAMCO BANDAI Games
[2011/10/01 17:00:58 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\InstallShield
[2011/09/30 18:23:11 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Gas Powered Games
[2011/09/30 18:21:42 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/09/30 18:21:42 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/09/30 18:21:41 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/09/30 18:21:41 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/09/30 18:21:28 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Documents\My Games
[2011/09/30 17:52:30 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011/09/30 17:52:30 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2011/09/30 17:52:30 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2011/09/30 17:52:30 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2011/09/30 17:52:28 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011/09/30 17:52:28 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2011/09/30 17:52:27 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2011/09/30 17:52:27 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2011/09/30 17:52:27 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2011/09/30 17:52:27 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2011/09/30 17:52:26 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2011/09/30 17:52:26 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2011/09/30 17:52:25 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011/09/30 17:52:25 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011/09/30 17:52:25 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2011/09/30 17:52:25 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2011/09/30 17:52:23 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2011/09/30 17:52:23 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2011/09/30 17:52:22 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011/09/30 17:52:22 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011/09/30 17:52:20 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011/09/30 17:52:18 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011/09/30 17:52:18 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2011/09/30 17:52:18 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011/09/30 17:52:18 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2011/09/30 17:52:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2011/09/30 17:52:17 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011/09/30 17:52:17 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011/09/30 17:52:17 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2011/09/30 17:52:16 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011/09/30 17:52:16 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2011/09/30 17:52:16 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011/09/30 17:52:16 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2011/09/30 17:52:14 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011/09/30 17:52:14 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2011/09/30 17:52:12 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011/09/30 17:52:12 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2011/09/30 17:52:11 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2011/09/30 17:52:11 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011/09/30 17:52:11 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011/09/30 17:52:11 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2011/09/30 17:52:10 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2011/09/30 17:52:10 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2011/09/30 17:52:10 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2011/09/30 17:52:10 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2011/09/30 17:52:08 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011/09/30 17:52:08 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2011/09/30 17:52:07 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011/09/30 17:52:07 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2011/09/30 17:52:05 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011/09/30 17:52:05 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2011/09/30 17:52:05 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011/09/30 17:52:05 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2011/09/30 17:52:03 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011/09/30 17:52:03 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2011/09/30 17:52:02 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011/09/30 17:52:02 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2011/09/30 17:52:01 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011/09/30 17:52:01 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2011/09/30 17:52:01 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011/09/30 17:52:01 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2011/09/30 17:51:59 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011/09/30 17:51:59 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2011/09/30 17:51:58 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011/09/30 17:51:58 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011/09/30 17:51:58 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011/09/30 17:51:58 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2011/09/30 17:51:53 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011/09/30 17:51:53 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011/09/30 17:51:53 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011/09/30 17:51:53 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011/09/30 17:51:52 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011/09/30 17:51:33 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011/09/30 17:51:16 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011/09/30 17:51:16 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011/09/30 17:51:14 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011/09/30 17:51:14 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011/09/30 17:51:09 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011/09/30 17:51:09 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011/09/30 17:50:42 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011/09/30 17:50:42 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011/09/30 17:50:20 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011/09/30 17:49:20 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011/09/30 17:48:18 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011/09/30 17:48:18 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011/09/30 17:47:59 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011/09/30 17:47:59 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011/09/30 17:47:39 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011/09/30 17:47:39 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011/09/30 17:47:29 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011/09/30 17:45:14 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011/09/30 17:45:14 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011/09/30 17:45:14 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011/09/30 17:45:14 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011/09/30 17:45:12 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011/09/30 17:43:45 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011/09/30 17:42:23 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011/09/30 17:42:23 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011/09/30 17:41:52 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011/09/30 17:41:52 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011/09/30 17:41:20 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011/09/30 17:41:20 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011/09/30 17:40:54 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011/09/30 17:40:54 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011/09/30 17:40:31 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011/09/30 17:40:14 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011/09/30 17:39:27 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011/09/30 17:39:27 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011/09/30 17:39:10 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011/09/30 17:39:10 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011/09/30 17:39:10 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011/09/30 17:39:10 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011/09/30 17:39:04 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011/09/30 17:39:04 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011/09/30 17:39:02 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011/09/30 17:39:02 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011/09/30 17:38:59 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011/09/30 17:38:59 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011/09/30 17:38:57 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011/09/30 17:38:57 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011/09/30 17:38:54 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011/09/30 17:38:54 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011/09/30 17:38:51 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011/09/30 17:38:51 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011/09/30 17:37:55 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Stardock
[2011/09/30 17:37:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\{EA77F737-0FEA-4800-BD99-D6AF1051C7A9}
[2011/09/30 17:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2011/09/30 17:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2011/09/30 17:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2011/09/30 17:35:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{67C33A62-5B1D-43D1-9600-16006F36EB2B}
[2011/09/30 17:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock Games
[2011/09/30 17:33:04 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\Stardock
[2011/09/27 13:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/27 13:20:11 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Roaming\Skype
[2011/09/27 13:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/09/27 13:20:02 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/09/27 13:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/09/27 05:38:09 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\Schule
[2011/09/26 17:30:27 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\Desktop\IAA
 
========== Files - Modified Within 30 Days ==========
 
[2011/10/24 16:06:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/24 16:05:55 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/24 16:05:29 | 3193,602,048 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/24 15:09:53 | 000,664,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/10/24 15:09:53 | 000,624,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/24 15:09:53 | 000,134,564 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/10/24 15:09:53 | 000,110,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/24 14:34:56 | 000,174,592 | ---- | M] (Radialpoint Inc.) -- C:\Users\Toshiba\AppData\Roaming\ss0hiw71.exe
[2011/10/24 14:34:56 | 000,000,008 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\1aw9zzz16s5txpve.dat
[2011/10/24 14:16:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/24 14:11:15 | 002,367,488 | ---- | M] () -- C:\Users\Toshiba\Documents\Silivia Ernährung.accdb
[2011/10/24 09:35:43 | 000,010,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/24 09:35:43 | 000,010,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/22 10:24:46 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2011/10/22 10:24:15 | 000,000,705 | ---- | M] () -- C:\Users\Public\Desktop\Stronghold Crusader Extreme.lnk
[2011/10/22 10:24:15 | 000,000,665 | ---- | M] () -- C:\Users\Public\Desktop\Stronghold Crusader.lnk
[2011/10/17 06:46:09 | 000,454,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/11 14:01:36 | 000,001,018 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/07 09:38:26 | 007,491,427 | ---- | M] () -- C:\Users\Toshiba\Desktop\True World.7z
[2011/10/06 13:54:46 | 000,000,649 | ---- | M] () -- C:\Users\Public\Desktop\Stronghold Legends.lnk
[2011/10/06 13:47:33 | 000,000,577 | ---- | M] () -- C:\Users\Public\Desktop\Stronghold 2.lnk
[2011/10/04 13:50:51 | 000,002,349 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/04 03:15:47 | 000,319,488 | ---- | M] () -- C:\Users\Toshiba\Documents\Datenbank2.accdb
[2011/10/04 03:14:53 | 000,303,104 | ---- | M] () -- C:\Users\Toshiba\Documents\Datenbank1.accdb
[2011/10/01 18:24:52 | 000,001,637 | ---- | M] () -- C:\Users\Public\Desktop\Warhammer® Mark of Chaos™.lnk
[2011/10/01 17:17:50 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/10/01 17:17:17 | 001,554,122 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/01 17:06:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAMCO BANDAI Games
[2011/09/30 17:37:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2011/09/30 17:35:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock Games
[2011/09/29 18:30:00 | 000,090,093 | ---- | M] () -- C:\Users\Toshiba\Desktop\World+War.7z
[2011/09/27 14:11:25 | 000,417,792 | ---- | M] () -- C:\Users\Toshiba\Documents\World War.accdb
[2011/09/27 13:24:22 | 000,002,248 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/27 13:24:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/27 13:20:03 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/09/27 13:20:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 
========== Files Created - No Company Name ==========
 
[2011/10/24 14:34:56 | 000,000,008 | ---- | C] () -- C:\Users\Toshiba\AppData\Roaming\1aw9zzz16s5txpve.dat
[2011/10/22 10:24:15 | 000,000,705 | ---- | C] () -- C:\Users\Public\Desktop\Stronghold Crusader Extreme.lnk
[2011/10/22 10:24:15 | 000,000,665 | ---- | C] () -- C:\Users\Public\Desktop\Stronghold Crusader.lnk
[2011/10/11 05:21:49 | 002,367,488 | ---- | C] () -- C:\Users\Toshiba\Documents\Silivia Ernährung.accdb
[2011/10/07 09:38:23 | 007,491,427 | ---- | C] () -- C:\Users\Toshiba\Desktop\True World.7z
[2011/10/06 13:54:46 | 000,000,649 | ---- | C] () -- C:\Users\Public\Desktop\Stronghold Legends.lnk
[2011/10/06 13:47:33 | 000,000,577 | ---- | C] () -- C:\Users\Public\Desktop\Stronghold 2.lnk
[2011/10/01 17:17:15 | 001,554,122 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/01 17:06:38 | 000,001,637 | ---- | C] () -- C:\Users\Public\Desktop\Warhammer® Mark of Chaos™.lnk
[2011/09/29 18:30:00 | 000,090,093 | ---- | C] () -- C:\Users\Toshiba\Desktop\World+War.7z
[2011/09/27 13:54:03 | 000,417,792 | ---- | C] () -- C:\Users\Toshiba\Documents\World War.accdb
[2011/09/27 13:24:22 | 000,002,349 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/09/27 13:24:22 | 000,002,248 | ---- | C] () -- C:\Users\Toshiba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/27 13:20:03 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/09/27 05:31:22 | 000,319,488 | ---- | C] () -- C:\Users\Toshiba\Documents\Datenbank2.accdb
[2011/08/05 14:11:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/08/02 07:17:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/09/01 20:32:38 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
 
========== LOP Check ==========
 
[2011/10/24 11:59:44 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\.minecraft
[2011/09/21 08:39:44 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Byhaco
[2011/09/02 06:21:37 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\LibreOffice
[2011/08/05 14:26:23 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\LolClient
[2011/09/30 17:37:55 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Stardock
[2011/10/24 14:36:45 | 000,000,000 | ---D | M] -- C:\Users\Toshiba\AppData\Roaming\Teemn
[2011/08/06 17:58:39 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/08/06 17:58:39 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/08/06 17:58:39 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/10/06 14:09:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Firefly Studios
[2011/09/24 07:13:16 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2011/09/30 17:36:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Stardock
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/08/06 17:58:39 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/08/05 14:18:49 | 000,000,000 | ---D | M] -- C:\ProgramData\TOSHIBA
[2011/08/05 14:18:49 | 000,000,000 | ---D | M] -- C:\ProgramData\ToshibaEurope
[2011/08/05 14:18:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Vista32
[2011/08/05 14:18:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Vista64
[2011/08/06 17:58:39 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/09/17 12:10:45 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2011/08/05 14:19:29 | 000,000,000 | ---D | M] -- C:\ProgramData\XP
[2011/08/05 14:19:29 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/09/30 17:35:32 | 000,000,000 | -H-D | M] -- C:\ProgramData\{67C33A62-5B1D-43D1-9600-16006F36EB2B}
[2011/09/30 17:37:13 | 000,000,000 | -H-D | M] -- C:\ProgramData\{EA77F737-0FEA-4800-BD99-D6AF1051C7A9}
[2009/07/14 01:08:49 | 000,007,686 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
--- --- ---


ICh danke dann schon mal und wünsche eine gute nacht, da ich mich jetzt auch schlafen lege.:lach:

Grüße
Dennis:party:

markusg 25.10.2011 12:02
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:
Code:
:OTL
O4 - HKU\Toshiba_ON_C..\Run: [ss0hiw71.exe] C:\Users\Toshiba\AppData\Roaming\ss0hiw71.exe (Radialpoint Inc.)
O4 - HKU\Toshiba_ON_C..\Run: [quro.exe] C:\Users\Toshiba\AppData\Roaming\Byhaco\quro.exe ()
:Files
C:\Users\Toshiba\AppData\Roaming\ss0hiw71.exe
C:\Users\Toshiba\AppData\Roaming\Byhaco
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.


Wenn der pc wieder startet, weiter bitte hiermit:
öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

DennisH 25.10.2011 15:39
Ok werde ich dann gleich mal machen, aber mal was anderes..
gestern abend als ich die OTLPE.exe ausgeführt habe wurde ich das hier:

Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.

Nicht gefragt.

ISt das schlimm?


Dennis

markusg 25.10.2011 16:28
nein ist ok

DennisH 25.10.2011 19:03
so habe das gemacht, hat wunderbar geklappt... lade den ordner dann nachher hoch

markusg 25.10.2011 19:12
ok, wir sind dann aber noch nicht durch, erst mal den ordner, dann gehts weiter.
und, keine weiteren schritte unternehmen, nur nach anweisung arbeiten.

DennisH 25.10.2011 20:57
OK.... Ich habe jetzt hier (im anhang) den _OTL Ordner
Vielen Dank schon einmal.
Aber ich kann schon damit ins I-Net oder? Also auf Seiten wo ich weiß, das sie sicher sind.. z.b. ein Forum das einem Freund gehört, auf dem 5 member sind...

Dennis

markusg 27.10.2011 16:22
nutzt du das gerät für onlinebanking, einkäufe, oder sonstige sensible daten, zb beruflicher natur?


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:51 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131