Wróć   polish:Elite:board > komunikacja > bezpieczeństwo i anonimowość > Logi do sprawdzenia
Temat zamknięty
 
LinkBack Narzędzia wątku Przeszukaj ten temat Wygląd

  #1 (permalink)  
Stare 06.02.2009, 16:47
Avatar cezarer
Zaufany użytkownik
 
Zarejestrowany: Jun 2006
Postów: 1 048
Postów w giełdzie: 768
Domyślnie notebook muli log

witam, prosze o sprawdzenie log z combofixa

Cytat:
2009-02-06 15:30 . 2009-02-06 15:30 188,147,379 --a------ c:\windows\MEMORY.DMP
2009-02-04 12:11 . 2009-02-04 12:24 <DIR> d-------- c:\users\damianek\AppData\Roaming\dp3d
2009-02-04 10:40 . 2009-02-04 10:40 <DIR> d-------- c:\users\damianek\AppData\Roaming\acccore
2009-02-04 10:39 . 2009-02-04 10:39 <DIR> d-------- c:\users\All Users\Viewpoint
2009-02-04 10:39 . 2009-02-04 10:39 <DIR> d-------- c:\users\All Users\AOL OCP
2009-02-04 10:39 . 2009-02-04 10:39 <DIR> d-------- c:\users\All Users\AOL
2009-02-04 10:39 . 2009-02-04 10:39 <DIR> d-------- c:\programdata\Viewpoint
2009-02-04 10:39 . 2009-02-04 10:39 <DIR> d-------- c:\programdata\AOL OCP
2009-02-04 10:39 . 2009-02-04 10:39 <DIR> d-------- c:\programdata\AOL
2009-02-04 10:39 . 2009-02-04 10:39 <DIR> d-------- c:\program files\Viewpoint
2009-02-04 10:38 . 2009-02-04 10:38 <DIR> d-------- c:\program files\Common Files\AOL
2009-02-04 10:38 . 2009-02-04 10:39 <DIR> d-------- c:\program files\AIM6
2009-02-04 10:38 . 2009-02-04 10:39 444 --ah----- C:\IPH.PH
2009-02-02 12:55 . 2009-02-02 12:55 <DIR> d-------- c:\program files\MWSnap
2009-01-28 16:10 . 2009-01-28 16:11 32,768 --a------ c:\windows\System32\Ikeext.etl
2009-01-20 22:05 . 2009-01-20 22:05 <DIR> d-------- c:\program files\kRk Software
2009-01-14 11:32 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-09 11:23 . 2009-01-09 11:23 <DIR> d-------- C:\Temp
2009-01-07 12:27 . 2009-01-07 12:32 <DIR> d-------- c:\program files\WinAVI Video Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 14:32 --------- d-----w c:\users\damianek\AppData\Roaming\DMCache
2009-02-05 14:53 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-01-31 18:37 --------- d-----w c:\users\damianek\AppData\Roaming\uTorrent
2009-01-27 19:14 --------- d-----w c:\users\damianek\AppData\Roaming\IrfanView
2009-01-16 17:59 --------- d-----w c:\program files\Google
2009-01-14 20:01 --------- d-----w c:\program files\Windows Mail
2009-01-04 18:50 --------- d-----w c:\programdata\FlashFXP
2008-12-21 18:19 --------- d-----w c:\users\damianek\AppData\Roaming\Winamp
2008-12-17 12:52 --------- d---a-w c:\programdata\TEMP
2008-12-16 17:02 --------- d-----w c:\program files\Image Grabber II
2008-12-16 12:00 --------- d-----w c:\program files\AVI MPEG RM WMV Splitter
2008-12-15 11:17 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-15 11:17 --------- d-----w c:\program files\Java
2008-11-16 15:38 43,520 ----a-w c:\windows\System32\CmdLineExt03.dll
2008-06-19 23:47 174 --sha-w c:\program files\desktop.ini
2008-06-15 02:39 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-15 02:39 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-15 02:39 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2007-10-23 360448]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-04-05 932864]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-16 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-11-07 159744]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"NapsterShell"="c:\program files\Napster\napster.exe" [2007-01-13 323216]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-06-11 184320]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-11 317128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-08-12 949376]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-08-19 914512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0081C86D-2DC3-4648-9B0F-336DE79FE8B2}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{BBDF3DFC-347A-4527-9C5A-DD978E5CE88F}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{2E8329BC-1731-4C99-B36F-C2262E0924CA}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{8565D271-811C-4DA0-925C-FB8F9C943642}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{2C12013A-DABE-4C03-9818-9C5D1AE92A6F}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{A0444650-EE1B-428D-B842-C60E49B13995}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{175AEDAE-3519-4CDF-B5B1-D68B8F5D2E8E}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{899345C0-A28B-495F-9043-130DFF7F0374}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{274EB47F-C1FF-4720-83A6-F1A592F92D46}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{AE805262-87D4-4EF7-BDE5-E89D737883A3}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{6FAA10AD-AB35-40F3-965E-D620C91A8209}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{68B31AB9-DE0D-4D6A-9962-107A01CBF541}c:\\program files\\gadu-gadu\\gg.exe"= UDP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glówny
"UDP Query User{234EAAEA-74DA-4F47-9014-36E892B98AA0}c:\\program files\\gadu-gadu\\gg.exe"= TCP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glówny
"TCP Query User{2F0BBB6B-88BF-46F0-9B0C-5FB1DCA2A5B0}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{DDA83756-FCD6-4B8C-B263-6F8F83312CB2}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{43907CF5-3370-475C-AC68-F5A7DC4DC15B}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{89EFBE30-1912-4592-8A5F-5AC1E2A9F072}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{B2ECFDFB-CFA2-411E-A2E3-B148CEAD1200}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5DB705FA-E295-4223-A92B-17479459F038}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2CA80653-9820-4927-9686-5D34EE361ACA}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{70D440B7-AB27-4144-9F9D-5D0B89A801CE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{45901153-B567-4DD9-A256-A05045FDC5CA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1768BA7F-B35A-44F7-B547-AC7217800B55}"= UDP:c:\program files\uTorrent\uTorrent.exe:&#181;Torrent (TCP-In)
"{6AD2F7F4-5FDC-4014-8983-8572A5598818}"= TCP:c:\program files\uTorrent\uTorrent.exe:&#181;Torrent (UDP-In)
"{EC4797B8-5686-4633-9C1F-126BC8C773A1}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{11BE2684-BA3E-465A-8D13-9A79F4CD48E1}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

R1 nod32drv;nod32drv;c:\windows\System32\drivers\nod32drv.sys [2008-08-12 15424]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\System32\regedt32.exe [2006-11-02 9216]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{544fd958-4ad4-11dd-b5a8-001b388b733f}]
\shell\AutoRun\command - H:\ybj8df.exe
\shell\explore\Command - H:\ybj8df.exe
\shell\open\Command - H:\ybj8df.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad6105cd-19c1-11dd-b4b3-001b388b733f}]
\shell\AutoRun\command - H:\dgl6.bat
\shell\explore\Command - H:\dgl6.bat
\shell\open\Command - H:\dgl6.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdc1fb80-67a7-11dd-9e7f-001b388b733f}]
\shell\AutoRun\command - h:\_autorun\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d42b47e4-ccca-11dc-9e04-001b388b733f}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-12-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 14:31]

2009-02-06 c:\windows\Tasks\User_Feed_Synchronization-{71A82B89-23C3-4FF7-9833-D0E7898A6C51}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.pl/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = local
IE: &Winamp Toolbar Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Œci&#185;gnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Œci&#185;gnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Œci&#185;gnij zawartoœ&#230; wideo FLV przez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\imon.dll
TCP: {79BABBE6-01B0-4663-A6E9-AC38C94C4E3F} = 82.160.56.254 82.160.90.100
FF - ProfilePath - c:\users\damianek\AppData\Roaming\Mozilla\Firefox\Profiles\sr8hj3fs.default\
FF - component: c:\users\damianek\AppData\Roaming\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 15:31:39
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\NOD383F.tmp 2306560 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-734929903-3195214443-2222897878-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f4,6a,54,48,2e,19,95,74,bd,97,c4,ac,ae,67,62,ec,a1,f7,fe,d8,bd,
a7,3e,02,3c,53,09,df,14,20,c4,66,1c,70,c4,aa,ca,53,d1,60,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-734929903-3195214443-2222897878-1000_Classes\CLSID\{c52073d8-5c68-4d05-9b25-3f38c17136e7}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000a4
"Therad"=dword:0000000f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,8c,c7,6a,d9,b5,07,de,d4,90,dc,7b,90,c0,15,5d,91,6d,f1,a5,67,ca,f7,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ESET\nod32krn.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\System32\conime.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Completion time: 2009-02-06 15:39:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-06 14:39:04

Pre-Run: 6 730 190 848 bytes free
Post-Run: 6,346,092,544 bytes free

  #2 (permalink)  
Stare 06.02.2009, 20:39
Avatar kaban123
Honorowy SM na emeryturze.
 
Zarejestrowany: Dec 2006
Postów: 5 487
Postów w giełdzie: 1
Domyślnie Odp: notebook muli log

Log jest ucięty.
Daj pełnego loga.
Nie wiadomo czy CF coś kasował...
__________________
Rzeczy niemożliwe załatwiam od ręki, cuda zajmują mi trochę więcej czasu...

  #3 (permalink)  
Stare 06.02.2009, 20:55
Avatar mr.n0b0dy
Wzorowy user
 
Zarejestrowany: Jan 2007
Skąd: okolice grodu Kraka
Postów: 6 331
Postów w giełdzie: 0
Domyślnie Odp: notebook muli log

Plus postaraj się i napisz coś więcej o problemie niż tylko, że komp muli. Sprawdzałeś jaki proces najbardziej zamula procesor (w Menedżerze zadań lub programie Process Explorer)?

  #4 (permalink)  
Stare 09.02.2009, 13:51
Avatar cezarer
Zaufany użytkownik
 
Zarejestrowany: Jun 2006
Postów: 1 048
Postów w giełdzie: 768
Domyślnie Odp: notebook muli log

starsznie szybko sie nagrzewa np. pzregladajac internet i sluchajac muzyki z winampa w tym samym czasie kilka razy juz sie wylaczyl. W gry juz wogole nie ma szans grac, nawet pinball czy monopoly,ale to akurat dla mnie malo istotne.
najgorsze ze coraz wolniej sie uruchamia i samoczynnie sie wylacza

Cytat:
ComboFix 09-02-05.02 - damianek 2009-02-06 15:22:41.1 - NTFSx86
Microsoft&#174; Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1013.256 [GMT 1:00]
Running from: c:\users\damianek\Downloads\ComboFix.exe
AV: System antywirusowy NOD32 2.70 *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE
-------\Service_ISODrive


((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 )))))))))))))))))))))))))))))))
.

2009-02-06 15:30 . 2009-02-06 15:30 188,147,379 --a------ c:\windows\MEMORY.DMP
2009-02-04 12:11 . 2009-02-04 12:24 <DIR> d-------- c:\users\damianek\AppData\Roaming\dp3d
2009-02-04 10:40 . 2009-02-04 10:40 <DIR> d-------- c:\users\damianek\AppData\Roaming\acccore
2009-02-04 10:39 . 2009-02-04 10:39 <DIR> d-------- c:\users\All Users\Viewpoint
2009-02-04 10:39 . 2009-02-04 10:39 <DIR> d-------- c:\users\All Users\AOL OCP
2009-02-04 10:39 . 2009-02-04 10:39 <DIR> d-------- c:\users\All Users\AOL
2009-02-04 10:39 . 2009-02-04 10:39 <DIR> d-------- c:\programdata\Viewpoint
2009-02-04 10:39 . 2009-02-04 10:39 <DIR> d-------- c:\programdata\AOL OCP
2009-02-04 10:39 . 2009-02-04 10:39 <DIR> d-------- c:\programdata\AOL
2009-02-04 10:39 . 2009-02-04 10:39 <DIR> d-------- c:\program files\Viewpoint
2009-02-04 10:38 . 2009-02-04 10:38 <DIR> d-------- c:\program files\Common Files\AOL
2009-02-04 10:38 . 2009-02-04 10:39 <DIR> d-------- c:\program files\AIM6
2009-02-04 10:38 . 2009-02-04 10:39 444 --ah----- C:\IPH.PH
2009-02-02 12:55 . 2009-02-02 12:55 <DIR> d-------- c:\program files\MWSnap
2009-01-28 16:10 . 2009-01-28 16:11 32,768 --a------ c:\windows\System32\Ikeext.etl
2009-01-20 22:05 . 2009-01-20 22:05 <DIR> d-------- c:\program files\kRk Software
2009-01-14 11:32 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-09 11:23 . 2009-01-09 11:23 <DIR> d-------- C:\Temp
2009-01-07 12:27 . 2009-01-07 12:32 <DIR> d-------- c:\program files\WinAVI Video Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 14:32 --------- d-----w c:\users\damianek\AppData\Roaming\DMCache
2009-02-05 14:53 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-01-31 18:37 --------- d-----w c:\users\damianek\AppData\Roaming\uTorrent
2009-01-27 19:14 --------- d-----w c:\users\damianek\AppData\Roaming\IrfanView
2009-01-16 17:59 --------- d-----w c:\program files\Google
2009-01-14 20:01 --------- d-----w c:\program files\Windows Mail
2009-01-04 18:50 --------- d-----w c:\programdata\FlashFXP
2008-12-21 18:19 --------- d-----w c:\users\damianek\AppData\Roaming\Winamp
2008-12-17 12:52 --------- d---a-w c:\programdata\TEMP
2008-12-16 17:02 --------- d-----w c:\program files\Image Grabber II
2008-12-16 12:00 --------- d-----w c:\program files\AVI MPEG RM WMV Splitter
2008-12-15 11:17 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-15 11:17 --------- d-----w c:\program files\Java
2008-11-16 15:38 43,520 ----a-w c:\windows\System32\CmdLineExt03.dll
2008-06-19 23:47 174 --sha-w c:\program files\desktop.ini
2008-06-15 02:39 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-15 02:39 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-15 02:39 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2007-10-23 360448]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-04-05 932864]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-16 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-11-07 159744]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"NapsterShell"="c:\program files\Napster\napster.exe" [2007-01-13 323216]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-06-11 184320]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-11 317128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-08-12 949376]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-08-19 914512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0081C86D-2DC3-4648-9B0F-336DE79FE8B2}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{BBDF3DFC-347A-4527-9C5A-DD978E5CE88F}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{2E8329BC-1731-4C99-B36F-C2262E0924CA}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{8565D271-811C-4DA0-925C-FB8F9C943642}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{2C12013A-DABE-4C03-9818-9C5D1AE92A6F}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{A0444650-EE1B-428D-B842-C60E49B13995}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{175AEDAE-3519-4CDF-B5B1-D68B8F5D2E8E}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{899345C0-A28B-495F-9043-130DFF7F0374}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{274EB47F-C1FF-4720-83A6-F1A592F92D46}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{AE805262-87D4-4EF7-BDE5-E89D737883A3}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{6FAA10AD-AB35-40F3-965E-D620C91A8209}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{68B31AB9-DE0D-4D6A-9962-107A01CBF541}c:\\program files\\gadu-gadu\\gg.exe"= UDP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glówny
"UDP Query User{234EAAEA-74DA-4F47-9014-36E892B98AA0}c:\\program files\\gadu-gadu\\gg.exe"= TCP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glówny
"TCP Query User{2F0BBB6B-88BF-46F0-9B0C-5FB1DCA2A5B0}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{DDA83756-FCD6-4B8C-B263-6F8F83312CB2}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{43907CF5-3370-475C-AC68-F5A7DC4DC15B}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{89EFBE30-1912-4592-8A5F-5AC1E2A9F072}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{B2ECFDFB-CFA2-411E-A2E3-B148CEAD1200}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5DB705FA-E295-4223-A92B-17479459F038}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2CA80653-9820-4927-9686-5D34EE361ACA}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{70D440B7-AB27-4144-9F9D-5D0B89A801CE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{45901153-B567-4DD9-A256-A05045FDC5CA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1768BA7F-B35A-44F7-B547-AC7217800B55}"= UDP:c:\program files\uTorrent\uTorrent.exe:&#181;Torrent (TCP-In)
"{6AD2F7F4-5FDC-4014-8983-8572A5598818}"= TCP:c:\program files\uTorrent\uTorrent.exe:&#181;Torrent (UDP-In)
"{EC4797B8-5686-4633-9C1F-126BC8C773A1}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{11BE2684-BA3E-465A-8D13-9A79F4CD48E1}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

R1 nod32drv;nod32drv;c:\windows\System32\drivers\nod32drv.sys [2008-08-12 15424]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\System32\regedt32.exe [2006-11-02 9216]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{544fd958-4ad4-11dd-b5a8-001b388b733f}]
\shell\AutoRun\command - H:\ybj8df.exe
\shell\explore\Command - H:\ybj8df.exe
\shell\open\Command - H:\ybj8df.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad6105cd-19c1-11dd-b4b3-001b388b733f}]
\shell\AutoRun\command - H:\dgl6.bat
\shell\explore\Command - H:\dgl6.bat
\shell\open\Command - H:\dgl6.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdc1fb80-67a7-11dd-9e7f-001b388b733f}]
\shell\AutoRun\command - h:\_autorun\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d42b47e4-ccca-11dc-9e04-001b388b733f}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-12-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 14:31]

2009-02-06 c:\windows\Tasks\User_Feed_Synchronization-{71A82B89-23C3-4FF7-9833-D0E7898A6C51}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.pl/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = local
IE: &Winamp Toolbar Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Œci&#185;gnij przez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Œci&#185;gnij wszystkie linki przez IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Œci&#185;gnij zawartoœ&#230; wideo FLV przez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
LSP: c:\windows\system32\imon.dll
TCP: {79BABBE6-01B0-4663-A6E9-AC38C94C4E3F} = 82.160.70.254 82.160.90.100
FF - ProfilePath - c:\users\damianek\AppData\Roaming\Mozilla\Firefox\Profiles\sr8hj3fs.default\
FF - component: c:\users\damianek\AppData\Roaming\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 15:31:39
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\NOD383F.tmp 2306560 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-734929903-3195214443-2222897878-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f4,6a,54,48,2e,19,95,74,bd,97,c4,ac,ae,67,62,ec,a1,f7,fe,d8,bd,
a7,3e,02,3c,53,09,df,14,20,c4,66,1c,70,c4,aa,ca,53,d1,60,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-734929903-3195214443-2222897878-1000_Classes\CLSID\{c52073d8-5c68-4d05-9b25-3f38c17136e7}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000a4
"Therad"=dword:0000000f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,8c,c7,6a,d9,b5,07,de,d4,90,dc,7b,90,c0,15,5d,91,6d,f1,a5,67,ca,f7,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ESET\nod32krn.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\System32\conime.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Completion time: 2009-02-06 15:39:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-06 14:39:04

Pre-Run: 6 730 190 848 bytes free
Post-Run: 6,346,092,544 bytes free

224 --- E O F --- 2009-02-03 17:34:37

  #5 (permalink)  
Stare 09.02.2009, 18:40
Avatar mr.n0b0dy
Wzorowy user
 
Zarejestrowany: Jan 2007
Skąd: okolice grodu Kraka
Postów: 6 331
Postów w giełdzie: 0
Domyślnie Odp: notebook muli log

Widać tylko ślad infekcji z pendrive w rejestrze windowsa, choć nie widać szkodliwych plików na komputerze. Może usuwaleś taką infekcję już? Mam nadzieję, że skasowałeś szkodliwe pliki również z przenośnych urządzeń usb takich jak pendrive, empetrójka, telefon, aparat foto itp. Możesz to robić poprzez formatowanie tych urządzeń lub podpięcie ich do komputera i odpalenie Combofixa.


Żeby usunąć te pozostałości z rejestru windowsa zrób:
wklej poniższą zawartość do notatnika:
Kod:
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{544fd958-4ad4-11dd-b5a8-001b388b733f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad6105cd-19c1-11dd-b4b3-001b388b733f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d42b47e4-ccca-11dc-9e04-001b388b733f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cdc1fb80-67a7-11dd-9e7f-001b388b733f}]
Plik >>> Zapisz jako >>> Ustaw rozszerzenie na "Wszystkie pliki" >>> Zapisz jako FIX.REG >>> uruchom ten plik i potwierdź dodanie do rejestru.

Poza tym nie podoba mi się ten ukryty plik:
Kod:
c:\windows\TEMP\NOD383F.tmp
nazwa podpowiada, że może mieć coś wspólnego z NODem (antywirusem) ale szczerze mówiąc nie spotkałem się z takim plikiem w logach innych ludzi posiadających NODa. Może przeskanuj go na stronie --> http://www.virustotal.com/en/indexf.html i pokaż wyniki. Mam świadomość, że jeżeli jest on od antywirusa to wyniki skanowania na virustotal mogą nie być wiarygodne ale mimo to przeskanuj go (oczywiście wcześniej musisz wlączyć pokazywanie ukrytych plikow w windowsie).

Wyczyść foldery tymczasowe i cache przeglądarki internetowej przy pomocy malutkiego programiku ATF Cleaner --> http://cybertrash.pl/images/tata/ATF/ATF.html


Co do problemu - jesli komputer zamula to sprawdź w Menedżerze zadań lub programie Process Explorer jaki proces najbardziej zamula procesor. Piszesz też o przegrzewaniu się komputera, rozumiem, że sprawdzaleś temperatury podzespołów i wiesz na pewno że są za wysokie? A jakie są te temperatury? - proponuję żebyś założył na ten temat osobny temat w dziale "Sprzęt" jak już skończymy w tym temacie i będziemy pewni, że nie masz wirusów.

  #6 (permalink)  
Stare 12.02.2009, 22:33
Avatar cezarer
Zaufany użytkownik
 
Zarejestrowany: Jun 2006
Postów: 1 048
Postów w giełdzie: 768
Domyślnie Odp: notebook muli log

Dzieki za sprawdzenie loga i pomoc. zmienilem wpis w rejestrsze jednak tego pliku do skanowania nie moge odnalesc, jest to angielska vista i nie wiem co nalezy odfajkować w opcjach folderów, zeby pliki byly widoczne. chyba najlepszym rozwiazaniem bedzie przeinstalowanie na xp, poniewaz laptop dalej muli a i ostanio tez mam problemy z netem. tylko z tego co slyszalem sa problemy z przeinstalowaniem z visty na xp,ale jak juz bede foramtowal, zwroce sie o pomoc do działu sprzet
Temat zamknięty

Szybka odpowiedź
Antispam, complete the task: 
 
Wiadomość:
Opcje

Narzędzia wątku Przeszukaj ten temat
Przeszukaj ten temat:

Zaawansowane wyszukiwanie
Wygląd

Zasady postowania
Nie możesz zakładać nowych tematów
Nie możesz pisać wiadomości
Nie możesz dodawać załączników
Nie możesz edytować swoich postów

BBCode jest Włączony
EmotikonyWłączony
[IMG] kod jest Włączony
HTML kod jest Wyłączony
Trackbacks are Wyłączony
Pingbacks are Wyłączony
Refbacks are Wyłączony


Podobne wątki
Temat Autor wątku Forum Odpowiedzi Ostatni post/autor
Log do sprawdzenia - muli kompa quane Logi do sprawdzenia 3 26.12.2008 15:15
komputer muli Jaro110 archiwum forum sprzęt 10 14.12.2008 18:30
internet strasznie muli Log HijackThis i DSS CS_MaNiAk Logi do sprawdzenia 1 25.03.2008 15:33
Muli kompa damian26107 archiwum forum sprzęt 5 03.01.2008 23:30
Log z HijackThis do sprawdzenia - komputer się powoli uruchamia i muli benek25 Logi do sprawdzenia 2 30.08.2007 11:54


Wszystkie czasy w strefie GMT +2. Teraz jest 20:00.

Powered by vBulletin® Version 3.8.8 Beta 3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.5.2
Tłumaczenie: vBHELP.pl - Polskie wsparcie vBulletin
1417197644

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327