Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Weißer Bildschirm Windows Vista (https://www.trojaner-board.de/130873-weisser-bildschirm-windows-vista.html)

ArmeMotte 09.02.2013 21:35
Weißer Bildschirm Windows Vista
 
Hallo,
habe den Laptop eines Bekannten der nachdem er permanent eine Zahlungsaufforderung bekam nur noch einen weißen Bildschirm hat, auch abgesicherter Modus klappt nicht.
Habe jetzt OTLPEN.exe heruntergeladen auf CD gebrannt und damit gebootet. Bekomme auch den REATOGO-X-PE Desktop angezeigt. Habe den Scan durchlaufen lassen und nun komme ich nicht weiter!!!! Ich lese immer dass ich die Daten nach dem Scan posten soll. Wo und wie geht es dann weiter.

Vielen Dank für Eure Hilfe!!!!

t'john 09.02.2013 21:37
:hallo:

Fuege die Logfiles hier in dein Thema ein.

ArmeMotte 09.02.2013 21:49
Sorry, verstehe ich nicht ganz. Ich soll hier das posten was er mir nach dem Scan - Durchlauf anzeigt?

OTL Logfile:
Code:
OTL logfile created on: 2/9/2013 9:59:22 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.12 Gb Total Space | 148.51 Gb Free Space | 66.56% Space Free | Partition Type: NTFS
Drive D: | 7.47 Gb Total Space | 7.47 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/05/01 18:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/01 17:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/01 17:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/23 10:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/05/14 16:03:30 | 000,305,448 | ---- | M] () [Auto] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/04/11 12:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008/12/18 07:51:34 | 000,075,048 | ---- | M] () [Auto] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008/03/18 14:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 21:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2012/04/27 03:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/04/24 17:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/04/16 14:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/06/17 08:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/06/23 02:53:18 | 001,181,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/02/22 21:18:06 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/12/04 11:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/12/04 11:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/12/04 11:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/09/22 08:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/09/03 23:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/02/29 18:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/20 21:23:26 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\icke_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0809&m=aspire_5738
IE - HKU\icke_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\icke_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\icke_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\icke_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
IE - HKU\icke_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\icke_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\icke_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5A B3 35 D3 57 C4 CA 01  [binary data]
IE - HKU\icke_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\icke_ON_C\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Reg Error: Key error. File not found
IE - HKU\icke_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\icke_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/01 06:58:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 19:04:32 | 000,000,000 | ---D | M]
 
[2011/06/02 06:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/02 06:22:46 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com
[2011/07/01 06:58:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/06 19:04:24 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/05/06 19:04:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/06 19:04:24 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/05/06 19:04:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/07/09 19:21:02 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml
[2011/05/06 19:04:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/05/06 19:04:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\icke_ON_C\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\icke_ON_C\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent)
O4 - HKLM..\Run: [Iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe (Iminent)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\icke_ON_C..\Run: [K0FnljCdupF1YvH] C:\Users\icke\AppData\Roaming\07F4HkiN.exe ()
O4 - HKU\icke_ON_C..\Run: [Userinit]  File not found
O4 - HKU\icke_ON_C..\Run: [Validator]  File not found
O4 - HKU\icke_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/09 12:18:57 | 000,000,000 | ---D | C] -- C:\Users\icke\Desktop\Neuer Ordner (2)
[2010/08/25 12:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/08/06 14:26:58 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Users\icke\AppData\Roaming\*.tmp files -> C:\Users\icke\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/09 12:51:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/09 12:40:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/09 12:40:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/09 12:18:06 | 005,428,834 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/02/09 12:18:06 | 001,701,898 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/02/09 12:18:06 | 000,586,736 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/09 12:18:06 | 000,004,062 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/09 12:14:36 | 000,007,728 | ---- | M] () -- C:\Users\icke\AppData\Local\d3d9caps.dat
[1 C:\Users\icke\AppData\Roaming\*.tmp files -> C:\Users\icke\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/10/07 04:14:48 | 000,212,480 | ---- | C] () -- C:\Users\icke\AppData\Roaming\07F4HkiN.exe
[2012/06/02 04:15:27 | 000,000,011 | ---- | C] () -- C:\Users\icke\AppData\Roaming\urhtps.dat
[2012/06/01 01:09:49 | 000,000,032 | ---- | C] () -- C:\Users\icke\AppData\Roaming\blckdom.res
[2011/12/21 14:39:29 | 000,017,089 | ---- | C] () -- C:\Users\icke\AppData\Roaming\UserTile.png
[2010/08/25 13:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 13:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 13:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 12:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 12:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 12:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/10/09 10:37:55 | 000,000,552 | ---- | C] () -- C:\Users\icke\AppData\Local\d3d8caps.dat
[2009/10/06 01:57:23 | 000,007,728 | ---- | C] () -- C:\Users\icke\AppData\Local\d3d9caps.dat
[2009/10/02 10:02:32 | 000,032,768 | ---- | C] () -- C:\Users\icke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/06 14:13:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1624.dll
[2009/08/06 14:13:44 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/08/06 14:13:44 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/08/06 05:56:23 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009/08/06 05:41:08 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2009/08/06 05:41:08 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2009/08/06 05:41:08 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009/03/12 05:47:51 | 005,428,834 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009/03/12 05:47:51 | 001,701,898 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009/03/12 05:47:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009/03/12 05:47:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/03/12 05:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009/03/11 21:09:35 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/03/11 21:09:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/11 15:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009/02/11 15:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009/02/11 15:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,295,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,586,736 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:33:01 | 000,004,062 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010/03/17 01:05:31 | 000,000,000 | -HSD | M] -- C:\Users\icke\AppData\Roaming\.#
[2012/06/25 11:19:34 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05001.049
[2012/06/01 01:10:00 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05035
[2012/06/04 08:26:24 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05036
[2012/06/05 09:40:24 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05037
[2012/06/06 07:24:11 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05038
[2012/06/08 05:31:49 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05040
[2012/06/13 07:30:37 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05041
[2012/06/16 04:12:24 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05042
[2012/06/18 03:58:40 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05044
[2012/06/19 06:09:48 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05045
[2009/08/06 05:56:19 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\Acer GameZone Console
[2010/03/16 14:18:54 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\eSobi
[2012/06/01 01:09:37 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\kock
[2011/06/02 06:52:10 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\PhotoScape
[2009/10/05 09:05:01 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\PowerCinema
[2012/10/07 04:14:49 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\Roaming
[2009/10/05 09:05:14 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\SoftDMA
[2012/03/17 05:27:27 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\TeamViewer
[2012/06/12 07:28:49 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\UAs
[2012/06/12 07:29:32 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\xmldm
[2009/08/06 05:56:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console
[2009/10/02 07:35:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/10/02 07:35:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/10/02 07:35:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/10/02 07:38:00 | 000,000,000 | ---D | M] -- C:\ProgramData\EgisTec
[2009/08/06 05:54:59 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2009/10/02 07:35:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2011/06/02 06:23:18 | 000,000,000 | ---D | M] -- C:\ProgramData\IMinent
[2011/05/28 03:29:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations
[2010/04/28 07:13:15 | 000,000,000 | ---D | M] -- C:\ProgramData\MumboJumbo
[2009/10/02 07:35:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2012/04/24 09:58:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp
[2009/10/02 07:35:51 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/11/10 16:56:52 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/10/06 15:02:42 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\Pornstars - Best of classic Blowjobs Facial Fucking Cum Shots - John holmes ron jeremy ginger lynn christy canyon nina hartley.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\NICE GANG BANG 19 yr old & boyfriend having sex  (home movie; mpg; self-extracting)      incest xxx fuck porn sex fisting oral blow job teen asian big tits boobs breasts .mpeg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\Girl gang banged in garage sex girl hardcore fuck incest preteen child porn young ass pussy vagina.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\Gina Wild 5 - Gang bang fur gina Ich will euch alle (Harry S. Morgan) [German].mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\Gina Wild - Pferd ficken und blasen.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\Gangbang - Reverse Gang-Bang - 7 Women For 3 Men.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\Gang_Bang_Gina_Wild.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\Gang Bang Audition (Big Black, Nice Girl).avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\cum shots - 16 of the best cumshots you ever saw - hardcore facials, internals cum leakers hot girls taking your cream right here.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\Clara Morgane - Gang Bang.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\Amateure - Sex - Gang Bang - Partyhardcore - 40 Housewifes drunk orgy.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\56- Cum Shots College Girls get 8min's of huge facials  cumshots (8min)(rr).mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\27 cum shots in the mouth(all swallow!)part 2.mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\1 Gang Bang 15 Hommes 2 Femmes(1)Edith La Pute Tournante(Salope).mpg:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\icke\Documents\(porno) Gang Bang Party - Starrig Mit Marina (Extreme Piss-Fist).avi:TOC.WMV
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ADE16379
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3B3A35EC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3064D21D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:DCAF903C
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8
< End of report >
--- --- ---

t'john 09.02.2013 23:06
Fixen mit OTLpe
  • Starte den unbootbaren Computer erneut mit der OTLPE-CD,
  • warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.

  • Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
  • Sollte das mangels Internet-Verbindung nicht möglich sein,
  • kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
  • Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
  • Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:


Code:
:OTL

O4 - HKLM..\Run: [] File not found
O4 - HKU\icke_ON_C..\Run: [K0FnljCdupF1YvH] C:\Users\icke\AppData\Roaming\07F4HkiN.exe ()
O4 - HKU\icke_ON_C..\Run: [Userinit] File not found
O4 - HKU\icke_ON_C..\Run: [Validator] File not found
[2012/10/07 04:14:48 | 000,212,480 | ---- | C] () -- C:\Users\icke\AppData\Roaming\07F4HkiN.exe
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914 
[2012/10/07 04:14:49 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\Roaming
[2012/06/01 01:09:49 | 000,000,032 | ---- | C] () -- C:\Users\icke\AppData\Roaming\blckdom.res
[2012/06/01 01:09:37 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\kock
[2012/06/01 01:10:00 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\05035
[2010/03/17 01:05:31 | 000,000,000 | -HSD | M] -- C:\Users\icke\AppData\Roaming\.#
[2012/06/12 07:28:49 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\UAs
[2012/06/12 07:29:32 | 000,000,000 | ---D | M] -- C:\Users\icke\AppData\Roaming\xmldm

:Files

ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
  • Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
  • Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

ArmeMotte 10.02.2013 12:25
Kann das Skript nicht auf den Stick kopieren, auch nicht irgendwo anders:headbang:

Error: Unable to interpret <Code:> in the current context!
Error: Unable to interpret <---------> in the current context!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\icke_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\K0FnljCdupF1YvH deleted successfully.
C:\Users\icke\AppData\Roaming\07F4HkiN.exe moved successfully.
Registry value HKEY_USERS\icke_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Userinit deleted successfully.
Registry value HKEY_USERS\icke_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Validator deleted successfully.
File C:\Users\icke\AppData\Roaming\07F4HkiN.exe not found.
ADS C:\ProgramData\Temp:B203B914 deleted successfully.
C:\Users\icke\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bugashax.com folder moved successfully.
C:\Users\icke\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys folder moved successfully.
C:\Users\icke\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer folder moved successfully.
C:\Users\icke\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support folder moved successfully.
C:\Users\icke\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com folder moved successfully.
C:\Users\icke\AppData\Roaming\Roaming\Macromedia\Flash Player folder moved successfully.
C:\Users\icke\AppData\Roaming\Roaming\Macromedia folder moved successfully.
C:\Users\icke\AppData\Roaming\Roaming folder moved successfully.
C:\Users\icke\AppData\Roaming\blckdom.res moved successfully.
C:\Users\icke\AppData\Roaming\kock folder moved successfully.
C:\Users\icke\AppData\Roaming\05035\components folder moved successfully.
C:\Users\icke\AppData\Roaming\05035 folder moved successfully.
C:\Users\icke\AppData\Roaming\.# folder moved successfully.
C:\Users\icke\AppData\Roaming\UAs folder moved successfully.
C:\Users\icke\AppData\Roaming\xmldm folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 400807 bytes
->Flash cache emptied: 75 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: icke
->Temp folder emptied: 13551090 bytes
->Temporary Internet Files folder emptied: 913041 bytes
->FireFox cache emptied: 58998486 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 2836614 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes

Total Files Cleaned = 74.00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 02102013_124911

t'john 10.02.2013 19:04
Sehr gut! :daumenhoc

1. Schritt
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

danach:

2. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

t'john 10.04.2013 00:42
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:10 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129