BDS/Agent.vxa.1 gefunden, bitte um Hilfe zwecks BEreinigung

elokas · 08.01.2009, 11:05

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:18, on 08.01.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\ltmoh\Ltmoh.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Mouse Driver\MouseDrv.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://de.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://de.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar4.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MultimediaMouse] C:\Programme\Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Programme\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Clean Traces - C:\Programme\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programme\DAP\dapextie.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programme\DAP\dapextie2.htm
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesde.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing)
O9 - Extra 'Tools' menuitem: &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F3AA033-54A8-4FBD-856A-1A3062010161}: NameServer = 192.168.0.235
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F3AA033-54A8-4FBD-856A-1A3062010161}: NameServer = 192.168.0.235
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F3AA033-54A8-4FBD-856A-1A3062010161}: NameServer = 192.168.0.235
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe

--
End of file - 12202 bytes

Der Internetexplorer wird nicht genutzt, da ich Mozilla Firefox nutze.

Es wäre sehr nett wenn mir jemand sagen könnte wie ich den Agent-vxa.1 fixen kann. Danke

schrauber · 08.01.2009, 11:50

Hi,

Wo wurde er gefunden?

Lass bitte malwarebytes Anti-Malware laufen und poste das log.

elokas · 08.01.2009, 12:36

er wurde in windows/system32/c_496628.nls gefunden, aber diese datei finde ich dort nicht

Malwarebytes' Anti-Malware 1.32
Datenbank Version: 1630
Windows 5.1.2600 Service Pack 3

08.01.2009 13:01:15
mbam-log-2009-01-08 (13-01-15).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 53655
Laufzeit: 17 minute(s), 39 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Programme\Microsoft Security Adviser (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\rhc7fbj0ej3k (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Programme\Microsoft Security Adviser\mssadv_sp.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\Microsoft Security Adviser\mssadv.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\Microsoft Security Adviser\msctrl.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Programme\rhc7fbj0ej3k\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhc7fbj0ej3k\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhc7fbj0ej3k\rhc7fbj0ej3k.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully.

Nun habe ich den PC neu gestartet und ANtivir findet trotzdem Agent.vxa.1 mehrmals in der selben datei (?) wieder.

schrauber · 08.01.2009, 18:23

ComboFix

Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

(ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix)

elokas · 10.01.2009, 19:17

ComboFix 09-01-08.05 - Ich 2009-01-10 19:08:41.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1031.18.511.254 [GMT 1:00]
ausgef³hrt von:: c:\dokumente und einstellungen\Ich\Eigene Dateien\eigene videos\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere L÷schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\msacm32.drv
c:\windows\rasqervy.dll
c:\windows\sdfinacs.dll
c:\windows\sdfixwcs.dll
c:\windows\wuasirvy.dll

.
((((((((((((((((((((((( Dateien erstellt von 2008-12-10 bis 2009-01-10 ))))))))))))))))))))))))))))))
.

2009-01-10 19:04 . 2009-01-10 19:04 125,952 --a------ c:\windows\system32\c_496628.nls
2009-01-10 18:31 . 2009-01-10 18:30 3,165,824 --a------ c:\programme\ccsetup215.exe
2009-01-08 12:40 . 2009-01-08 12:40 <DIR> d-------- c:\programme\Malwarebytes' Anti-Malware
2009-01-08 12:40 . 2009-01-08 12:40 <DIR> d-------- c:\dokumente und einstellungen\Ich\Anwendungsdaten\Malwarebytes
2009-01-08 12:40 . 2009-01-08 12:40 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-01-08 12:40 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-08 12:40 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-08 11:58 . 2009-01-08 11:58 <DIR> d--h----- c:\windows\system32\.181a2326b830beef
2009-01-08 10:48 . 2009-01-08 10:48 <DIR> d-------- c:\programme\Trend Micro
2009-01-08 10:31 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-01-08 10:31 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-01-08 10:31 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-01-08 10:31 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-01-08 10:30 . 2009-01-08 10:30 <DIR> d-------- c:\programme\Spyware Doctor
2009-01-08 10:30 . 2009-01-08 10:30 <DIR> d-------- c:\dokumente und einstellungen\Ich\Anwendungsdaten\PC Tools
2008-12-17 16:01 . 2008-12-17 16:01 147,456 --a------ c:\windows\system32\1$.tmp

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:36 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-20 10:37 --------- d-----w c:\programme\ICQ6Toolbar
2008-11-20 10:37 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\ICQ
2008-11-20 10:28 --------- d-----w c:\dokumente und einstellungen\Ich\Anwendungsdaten\ICQ
2008-11-20 10:27 --------- d-----w c:\programme\ICQ6
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 17:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-09-20 08:24 1,403 ----a-w c:\programme\dfend.ini
2008-09-20 08:22 298 ----a-w c:\programme\Profiles.dat
2008-09-20 08:22 273 ----a-w c:\programme\History.dat
2008-09-20 08:22 0 ----a-w c:\programme\Years.dat
2008-09-20 08:22 0 ----a-w c:\programme\Publisher.dat
2008-09-20 08:22 0 ----a-w c:\programme\Genres.dat
2008-09-20 08:22 0 ----a-w c:\programme\Developers.dat
2008-08-18 20:44 19,153,264 ----a-w c:\programme\aaw2008_10.exe
2008-08-18 20:29 532,480 ----a-w c:\programme\cwshredder.exe
2007-10-23 18:28 61,647,736 ----a-w c:\programme\directx_aug2007_redist.exe
2007-07-20 00:19 855,886 ----a-w c:\programme\AUG2007_d3dx10_35_x64.cab
2007-07-20 00:19 800,467 ----a-w c:\programme\AUG2007_d3dx10_35_x86.cab
2007-07-20 00:19 1,803,760 ----a-w c:\programme\AUG2007_d3dx9_35_x64.cab
2007-07-20 00:18 44,684 ----a-w c:\programme\dxdllreg_x86.cab
2007-07-20 00:18 201,696 ----a-w c:\programme\AUG2007_XACT_x64.cab
2007-07-20 00:18 156,612 ----a-w c:\programme\AUG2007_XACT_x86.cab
2007-07-20 00:18 1,711,752 ----a-w c:\programme\AUG2007_d3dx9_35_x86.cab
2007-05-13 17:46 3,019,264 ----a-w c:\programme\imc_3021a_adult.msi
2007-04-20 06:12 6,718,976 ----a-w c:\programme\winamp533_full_emusic-7plus.exe
2007-01-30 18:08 20,193,072 ----a-w c:\programme\SkypeSetup.exe
2006-12-14 14:52 1,604,988 ----a-r c:\programme\psradio1022.exe
2006-12-13 00:00 16,508,560 ----a-w c:\programme\jre-1_5_0_09-windows-i586-p.exe
2006-12-12 21:03 13,170,312 ----a-w c:\programme\jre-6-windows-i586.exe
2006-11-13 08:06 3,005,440 ----a-w c:\programme\imc_3014_adult.msi
2006-11-03 18:33 57,327,371 ----a-w c:\programme\dslradiorecorder2.0_1703.exe
2006-11-03 18:23 8,637,008 ----a-w c:\programme\sdsetup.exe
2006-11-03 18:20 377,928 ----a-w c:\programme\DLM_2200046_DEU.exe
2006-10-18 07:46 35,113,704 ----a-w c:\programme\directx_9c_redist.exe
2006-10-16 08:33 35,272 ----a-w c:\programme\zmbv_392.zip
2006-10-15 22:00 5,037,072 ----a-w c:\programme\spybotsd14.exe
2006-10-15 22:00 2,855,080 ----a-w c:\programme\aawsepersonal.exe
2006-10-03 10:33 1,077,258 ----a-w c:\programme\miranda-im-v0.5.1-unicode.exe
2006-10-03 09:49 703 ----a-w c:\programme\ConfOpt.dat
2006-09-25 20:56 1,294,629 ----a-w c:\programme\DOSBox0.65-win32-installer.exe
2006-05-23 19:34 1,560,064 ----a-w c:\programme\dfend_v2_beta_2.exe
2006-03-24 09:20 14,797,568 ----a-w c:\programme\DivXPlay61_02.exe
2006-02-23 18:15 2,811,349 ----a-w c:\programme\kali2613.exe
2006-02-01 12:47 81,920 ----a-w c:\programme\zmbv.dll
2006-02-01 12:47 1,460 ----a-w c:\programme\zmbv.inf
2005-12-12 10:05 23,552 ----a-w c:\programme\cdexe einstellung.doc
2005-12-07 12:22 3,507,488 ----a-w c:\programme\dap75.exe
2005-12-02 22:09 33,575,560 ----a-w c:\programme\qc841deu.exe
2005-11-26 00:04 3,783,597 ----a-w c:\programme\wace26d.exe
2005-11-22 21:45 65,536 ----a-w c:\programme\SR7.Stop_1.0.exe
2005-11-22 20:43 1,149,553 ----a-w c:\programme\D-Fend-2.0.62.42.exe
2005-11-09 18:23 4,691,528 ----a-w c:\programme\icq5_german_setup.exe
2005-11-09 13:26 8,314,880 ----a-w c:\programme\avwinsfx.exe
2005-10-03 17:40 2,000,324 ----a-w c:\programme\CDexe Setup Datei.exe
2005-09-14 20:41 375,848 ----a-w c:\programme\msgr7de.exe
2005-09-14 13:02 3,921,509 ----a-w c:\programme\FriendFinderMessengerInstaller_adult_2_5_1.exe
2003-01-21 02:00 13,095,560 ----a-r c:\windows\system32\config\systemprofile\MpSetup.exe
2003-01-21 02:00 13,095,560 ----a-r c:\dokumente und einstellungen\Ich\MpSetup.exe
2003-01-21 02:00 13,095,560 ----a-r c:\dokumente und einstellungen\Default User\MpSetup.exe
2002-11-11 11:28 1,803,464 ----a-w c:\programme\winzip81.exe
2002-04-15 00:39 855,552 ------w c:\programme\ID3TagEditor.exe
2008-12-19 09:33 67,688 ----a-w c:\programme\mozilla firefox\components\jar50.dll
2008-12-19 09:33 54,368 ----a-w c:\programme\mozilla firefox\components\jsd3250.dll
2008-12-19 09:33 34,944 ----a-w c:\programme\mozilla firefox\components\myspell.dll
2008-12-19 09:33 46,712 ----a-w c:\programme\mozilla firefox\components\spellchk.dll
2008-12-19 09:33 172,136 ----a-w c:\programme\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrõge & legitime Standardeintrõge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 68856]
"MSMSGS"="c:\programme\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"WinampAgent"="c:\programme\Winamp\winampa.exe" [2007-02-13 35328]
"SunJavaUpdateSched"="c:\programme\Java\jre1.5.0_09\bin\jusched.exe" [2006-09-07 49263]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 40960]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2007-06-29 286720]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MultimediaMouse"="c:\programme\Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LtMoh"="c:\programme\ltmoh\Ltmoh.exe" [2003-04-28 184320]
"LogitechVideoTray"="c:\programme\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"LogitechVideoRepair"="c:\programme\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"avgnt"="c:\programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-22 335872]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 c:\windows\SOUNDMAN.EXE]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-07-25 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-22 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"= c_496628.nls
"midi1"= c_496628.nls
"mixer1"= c_496628.nls
"vidc.I263"= i263_32.drv
"VIDC.VX1K"= VX1000S.DLL
"msacm.g723"= g723.acm
"msacm.imc"= imc32.acm
"VIDC.ZMBV"= zmbv.dll
"wave2"= c_496628.nls
"midi2"= c_496628.nls
"mixer2"= c_496628.nls
"aux1"= c_496628.nls
"88496659"= 38353637304445322d393835442d344442432d414232382d444230424545363137374636
"88496648"= 28994cddc5351a8cee1322f3735d886fba01e749fe690b456ad17b9af8a07d9461837ea5cb17b7ea645dcca56b5d7047ef7c94939bd4544e2a904aeb1b1c424f0e1e549e55004795f31ac4 14a3fb94dea2c3cfcfc5dd635149c68681aca426338ef69d8d752ce1446278ad86f40743fa36c0cb19245755b036013b5132462974e99cf3a5d775d07c89a239171f9a6a7fe02cd03bc4ff 59a432d3a615ff4488aa2c41763c1fb3a7f4683f88974ce490571a2e9106b9e178300ecfb8c9bcd634381549ee832ff7fafcc6e81186f39bc7aaa7f6cc279d72c6c8ec0feab73defa68afa f203d0ff221d55009262e618d4e98052f552f5ec1a121181c8362410a04b53fc76b6e80827c59c1efb57bdf9e511cfcef63e9ef167f24d00cc127fac9a0d5016b19c12847644032a1f84b2 aeb7d66b5e5f54449d7f2d7269ccc9a88a5e9e2cad1a608d8cbcb14097c5c44ac989f2d494eadd15e8aae018cd20681e49f9c27d2db18887b0baed38abaaab3c15787a9cdf689c907f8302 ed2d521510bdf9a9d90131e000
"aux2"= c_496628.nls

elokas · 10.01.2009, 19:18

"88496678"= 36c08e969b78dd676c231b06f9a6348d0f12bb5347a58f14f8d10aea01f06de858c9ff5b48e526de8dd40cec156aa5721b947ab8da19c02e4c4fd237a230c7d40e3236f46dfac3ca45747e 0659a6a0b32bb64a52814991748fd03453b1b3c15beb3711ffd05d516a94645cbfb350da520c38a799d9561ea5a285c21bdf19dd84928f9bef3aeeb0f1b2206f8ee5aab6fc291daebbd812 dd666160fb063834f949fa908a04d5dd8fd76b386b89cc241bf4c929c549c35e275b4c8d61d7fd48d39bf8fde7e7a96a3cee0cf0f6056d40a52531ce1a7479a77b2e6b17c3772b6e9eba7d c28c8a7ae53fae7d502c35ec0ac80d1481e84f74be728873ed1e95f5c9d3f059d7c322bdd4f4ff7c96ba616cb6e3b385eec0da8c66589e6d66597e19c7ee8c910d051a1594b64648ca2bb5 6cb464a3135c3990c477c0d01bc255ec446ed95db87f45d2c517c1288815c37be37da8d05fc14da43ba58aaaba505671dd96817fd64cee49527bba843a8d501ff47dea0735bc7f290db10e 9a0063684c5ad927630184c62026a28a220c1f1944c62de101abd30306b26f1f9a8ec34c58af75cb45a8c2736ab3f3a902d469b0d3f2475b79d0260ceb194c1e9ff7dba174e3499f66eec7 93bacbc3a052f502de8cd5317cef0f9202931ebbf5e1d41cf940189cf8e28e4c0243787b5aa592a5c4fc0274c754a8fab4d92cbe85aa1319432976f01b44da221cef3f1adc4e5257fd4277 ba4aa3f13b5eaec3e1acf3e036567b51a85a41b0e6fad02fb86d9406abd5bef3d27170fcf36a9ee383658e4570b1af8f58073f3cd6c1c283562b134d81202173b486de97c0a40aa3a9771a 4103be88d994c90f8c28b9b1eb6e1f46f02432867e033909866b62505636a3138f67a2fba88c7c07ac559cee40143233faa88ef5644186c853cb143c7db0f08014b23a738b6d2674711414 ae9c2f7bbb3d75a9fe318a659761479650a0cfca42a3af9f0709d3f79a976d228214bb5a3ab102405570ff43abfe5292947e6e4b4790684eb794966bc821669d53100f6441888e22e6e660 b45cf5db5766de2a9c6937cbc50048d457644f685a9698f156da4d13b7cb9569781397f2c2f95fe50e28752d573552768731de69d4087155ded3f4d3ae2d9e97e6207540ca6af41949822a 63c3f151cec286581eaf097e47b7c7bf27c4648b24e207a66ca482834deb95cb6e5cd9a1c39e7126fcc92b51753f84bb4332e7415f53129381fb9ea7b6d4e0168dd0569c7cc6dcee04591b dd7ee7253e1cfb8e33220341d81650c7574fe4583f13c69daa7774bf2456dff0f8d7ff144c84c69001f07201a1524472e8f32682932a3aced83dda6a2fe3a84580453410f21589d4223681 0b33ac36fc558b93c7fce1efed98e0efb0b6af772eeef457e1795e10e52e77b27292d1a5dda89373592fdc990b70c708287c49bae247b1f14f1adfe014b4bd91f9ac33c2bb17b873bdfbf9 d8d5077bfb4aaa90f477e905823b1da1e4abbc697bc0efd51c96c5751ea79e8ed22f6a24a8d038e5a1e2ea8a2e34c6c01d9620968a41ce78daddf3ac87ba708b2000d294220a2e397897cc e03ec625b6ab604c92fd3ce3ed8998f3f8c1bb79e7644acee6277a8517890d68a4da50d30df5893e42f018fed0400ba493ccc5c01e8bbb676cb2aae538f5fe731b95563d676665221d6496 504aef3937dd4a005dddce899b05811cca2cd571170f0942d2e37f5ca58e1075de8150cc743bbf394e336d4e5b4499f6c982ff943e985d23faccecf6d185498e7ab798bf82e62147de10d4 096bce5fd6ec0139745462fe068c6f7d3a74e086e990ae9a8691e18be3f85865fda7a21a8385752305820e589f9947a83900a405671674c46988653b38ee71311bf6ff4036301358f0c23f f931e500e8a160da15b06cb3f5349cab2f7e873a8aeb00d2ad8321d9f9740d04dcc28b5fca86706063bb2ab4ba28c5c097197c3ffd451e8f2880a397cbaa6af508c07da94eca5d2c285c0d d605aa105ee095419d20170ba64dbf594b6228c61c5789225eee631c477edd21e7246f0ee1a4b9e1299553aeb816480076c74e1c71dd63e98e8d8546988578c0b960fea18402d19405c16a 92174284d03ecd71a0ecedaeb99871f13a9a535c554b39091dfbdbeaf2deddcb57cd186339c3130cb333aef0953862bebf13cf6a5e35b1ae487cd3c8eb56402c34fce090b9cae08e667d21 0dcf43e8c6f409358243560ec537b81bed47b02a7202e79984f79f544693b2794c6b013a1234c0fd7cfdae3efe584e2052138a34cf2fa6cba36ba793e75c6e6f9d545ed9f855cdae626200 f7f7a8a528296445390c861f77ad012f49d55498666afb9f2ff6c51c9cbe70c4e60831e11e036ddf9bac302006008f8d93fcd5f0ec6df3d2dcd7df39bafd589f7095a39cb1cbca8f14e5fd 0fcdba341b76062eeb9ea0c070482935dc700736b9bc5f82136e3077ed395b256748d4299511c722a7c1dc2e9be97d25c7cda62de8fd7ef0b12846b773e4d66d78da0fff9cb326ab8c89d5 f86ad0f495386e96bc34bf9e8d067183ff1e72fbe7a72b85d2836ef7ffb0c1ce65c66b72f39ea01453696130833480774a12e60fe3bc98dcb42575b5203bd3d3afffced7c92362b182a9e6 3ecd0bf189ac2679c96ba1a8619879081cab495d5a832e212e7a753f706450f059b87466379686158cafae23d5a015e9fa9a1270f53432eef3944db2e05e5213df0837256fc8fa059b1e4a b53b013318c2645b9211f6f668ca43337b836d37884fb64cdb477d91db59ad45c43e7e36973cbde97e7690b8e79b94f0c223b08fe0818db393f7eda5f38eb6d7b8c51c4d0662440ec2f5da 0a6534912529372476facb56d31f69e2fcd40bcb7fba8914223d3adb8de73b002da32398732f1242b7a14c43430590a06f10df1c37b292df41d9e6438cc41c5e0cdfb5a56094f7c83b4339 b69ec1814907e73646415f5c67bff3233e4bf38425917d2f7b6176ff494ec3d71b326cb6041d6b8ef0d04f7eb7b87661e21d41b6c62e8b73216e4364834bb78d63af7c6da297fafabc722d 99f194fdd7744e3c76fbad7ef1075faa5d7609f7d4df1268da93a51f7c8dd6ca8f5872c48ca7590ac76bf7dfe5518b8b83f30255f9e97c5d4d49d985c0ab5e47c937336bd0fbd9f83a1b6c 2f024a56730d550c68c3e9bf93c80ce653fbb943204c542446122af8448a6020689e801f310c6d7747456256e47144d9daeba6e789f0443ddb76522b924b141cbbacb0c670376fbb6ef7fd d31269d30414e674cd9499169bebd370860e61c6fbbd7822468de2f5671ef4cd706a5f8090acbec663b835b0d860e812e03bade3997195a8d9e7c5518df4aaa28c1d4d3af9400c7716b828 d5926893f4772399413ea550431f98ac31d762c07aeee8b272602b99ab92561f2dc15fd425de603aae627084d446991f6f15855e2e140b74c401fdce88010d14b58fe25fd2aa801303016e d6f7630772f8b96c37a35c03fdb5e2c94f70889c1f4237f21a4847c6cc71e18723ec6a4b1927681742779485b5a63b7096fe90b7f12d778f3b32264588b480ca6edcae8e272c743fd887f7 478968535d38f297488d30434253e738adba09628bec8c5d7ee1ef7391fd634a38dcb2e86f32600a2ce413981a14faf604a1fde9f24f5cd62c2cf3a7742c096081a59088584bf2a712e1eb 6000dd5182701436ce2b2d8d7dce607485b54ce7e30ec36a22956f3bc7863a2dbaeaddc1abb6ba38234c9a764ca91ef7d156e4f9ff7d27c98fdf7490570e1a450e0aef30018ed6f9f1d776 6f932a982c6450c3679cd27b651c1dc63e68469d27752300a1a07114cc41b2bef7e0f7a99acb70833caa15c5f3abaeddc03dd9159ee92e0c2384bf2727e3d6e7e4d4639026f651bd84dcaf 89f25f16af47a68c0e346ff84c11d736c1e1616f70948ec04598df307d332c2d7908314b95606b040e98758046ba5e419a69587f3241ef76c1a1ec1ae2f64468ef3820af806aed89db1f52 36bccc1ad114141d42de3d55e11be87f321d49e1531f47fd628660790ad7b4f3d2f4be70664fe3ff4bc95ec95a59a8c3a9f237256a33eba9eb8cc2d71a89aa6f4bd4d36eeeefc5a809f43f 3442125bfa3ed1550cf94a98effdd291b814dc6e31d1e4b6bc6cfe2e665afc652e71126b91a2442d6d0395f46a666636902da394080c4e3ab6bac4d24a1ef4b625aa1858e62e51366949c8 402b3fe56c77b3af9128ab13ca93097699446f3dbc4230ad07275e9fd8200d551d23899816d8b0758879ebc5efd9043a09eabeccb313793b4ac33bed467b9cabf6aed12d8ddf1ae1da431a d34581ed2ed5fba6b655d31bb9327cd5d65d640096333446491e27fc3678fefd486d4743477c39adfba665761b00a304f1286466787b8e54f4280656d5185d793f8d0384b4c28d439b3afb 5703ebd69acaeb38dd2b1e2047e86b88327a27a751ac71a039c4f5db568fa47f7285c7e375a07d532b9563151c7c6af531d60fb2cef071d3fbb1af2ee040278a33c9ba267afca2329608e9 621705597c2d28f5f915e6a2e5f8a676c72354f228f1037f488bcd8d30bcde87881bf1d70a70740133b1a21aec0fcf247f0619d8b23973471cb7dbffc079acb0b7d40448eea9327c5ef602 280c99ca28cf567cb44ad6d4561984f11c34f5999f20db10df2b41a73f7c08a085f1eb43b874f3063049e12f08a1d023072eff0818b8552ae0da3bd446e838fd3632046029870e86330ed0 c1d0bb79e918728a334c8347a0f6b3184c7272c1c361c5d72f8de676c6645324e0e60108b6772f31a5778e02bccf9661b652781f38fcb836159be019de103c52e9ec1ec8f67e0dcc5ca437 23cff150b4a4251e1847094a24daa0a5034823bf9f25ad14fe824a4a3bbd4f34137518bdb3e752352a757320be5f33f73f064ce9cbec11b3e80ec957059b52f805753abb6f379a8e3e624c be9146ef60b5a3939ff077b988edbece86e08c03943ba6c858db622a6de4a070628d723f3433d246ea755bd3e697688dcb204c607b4e6522b77b3892b6d9ec25af3deb765a7f7a8751e464 90e724eeeb6658e566e54d5c9d28b26799258c91a85f8b21bb99bd716d03681d148e00de00c91a342e946e46e62e64fb2fa8fa6108e0a4e07145ccac5221581dc85844a1eb6af51f3ec20a 4ecfbeeabd13b0b0cc50476fff934ae7ffa1a3f1f9f1d5c7122aa6f873fbfb259444afc76431304cecaaf527242d6a58e6b7e2ddc647f68aa883dd381956d94def07120999018f49b9f9c1 a70f7c6935501a35526bea36e68a9fbf80733da01b5418293b1c79db060896eb231a012cd01bc751ec378d7e815d57199dcc990980e2a999b82cb0b783fdf6b40895d7537369a8ddfd1b6a d7026c5f4a2808a06ba3abb8301e3386a30457d7370c0c21ed224c7a06855432908e172988499164113493447e2e7bf9c80b641d8b69d5826d5aa04d909a981b3f493883b3e3cd3dbdbb10 529af064c246f099319f9ec8900cac330cdd6481d338ffeba094877669d269b76b5700ee71abbee78905b4887cc06d3b8b8b963c6dcecdb9275442f54e6daa823d785509338bfc56f4d263 4c93af66cb10e7c228fa24634e816c80985f2f574a97bb7362dbf16df96bc7ab00fac4c5d4f8cb22ecebedced28c2d3f4ebed92bbd20291bdb35fe164bef96fd6a79f1f8e13eacbb8272ac 6a1410a71c5e32ca888c74219c10d58c3da5c89f25457f7f8991ffe6561f3f79d80935e8a7bdf99addd81025ead6489d80ac884715e26618c53ce304c7d41f8cdb07dedb98ab13928f37ac f370f727c9aa83a46eda2c74bd4033b47fed5c26dfdaed0fa42436dae59cc765e5de1477d05ffade6469df47a1fd6705cf7eb9985df708a32aef09b1841d46c3d545f298eea534a9945495 6f0a5c77b3eb2fcab5c6d192981b6ee3b63e8ef576a6cf4aa1c12a0d4410aaed2124665af2c536c7ffb02433bc7c8ac347b0e3ac6aa374b919c216b4072b3f5ea0456ee9dce5675e88e048 add6e4dd584af0d3c90e87e82d1fff84cefc87dc806fcd127357360461b3813662355de24c45c36d01498fbebf7dc7c0bd2d061ef0f280c4d92e3503ebf57632c2d9f9378826bd9364a618 45cd9fe9573f0f5dcf5abdc59121971e1277ef4f6db1e7638f673e086d36f565e9f7ba21506892baa362bba850a8b80ebcc01398810b03750c24bd6d6a128e40d6958bb29aa08689a5da46 037853fd40c01cbc2bbdaeba47042e057c814623fc56aa5e49ee8830fea786e857bec2b14007c0116a828638fd047b796f3feddfd172b9bfe80a8149fae5961aab1d2114189f14248a6314 a8cc5e801c517361e25db600c46136e561755b00feecc44ec95ed69786cedec99bcaf91f2b7f9696da94732d380d591d842f0b9aa1c4f1dbd9e3693401a53922f5b466c2f0a07d7f580bc3 02283538ce0fd24412931f2c63b5b8607dc22d46e82b32eef45b7f68896c11277f2e8bb4b1133a6bdfdbf1bb3ba5b8f1408500f2674a4db11a13503ce938845ae8c9a7083e3adb93f8d138 e30a34fd11f2fe60022f11b1059543fbc0cb1f90d8458c2568492814f56c813647b22e2a71a146254ed7a67a345dc833ae101d26491eba9b143197938408efc3ad166c6373ac7cffa6a06c fe24649e7bd47f456ddd98fd2aa3b0e51ff44e4a0c6dc98cb975d7b51ebff0b7c0aa764de5041d7e8e28b7413d0b34a992cb7aab9d525a7772c98c1c0fc9fd6667ed599c71326ab352ff55 e68ec6ec881f7913e0b5e1ef12b8c6eed51ff26c07777bcece97f72b1c16650f92abce308810cd0be2f5e4b0e722f1962e98ab7c9f89ead920a580ab516f14f77ca9dd337f74ca2a8d88e2 7b3beca7b52773b621fe1434c2d96e874078515b42d4dd33392ef483cd654ec0aa328a6e369efa6a58766665868de419a535a6f37532a8ffce23eed4e413582c86db3d9e2db74f5633cb9c de7cceeb857c54644996f814c1a47e475de5ddb725b01db5dbe935007034fb087608f4ea782a9d6d0b97a3ec8e1b9bb87d6d6c9c00e701d7d831f923203127c3abf16414bca00fa06e9ccb b6b8e565ccf9afe43474b10b5cca86ebe3a5865b8b3cc652cc78b6d759ae93f14e0315d4e267d5b124a4e4a8530b35370682b94408d2cdce94d140c3fb8a1360aec255d933fc479cd1e5b2 08ce72778299da6e7496c576f15616a3be11951f8882bcd052a15c2f3763be188e89504045babec38b75d9fdeb63a2343aef7792c8a5c7f1601cb58d1d41818b8d678ee359cd466e30386b ef640b87c4ae7158a3b2956be3b780bb6978752382bea6ee85367f51f3ba4729abba5d1aa8ba02df704cfed81a21bb7fd11e3aa9bc66733cff7f328327ca07ce67d847dd5be9c035ae34b5 8a5c969b684dc10e35df4d1f5ce49ae98485d096566e8bc486a485b8b60be33ca17e5e9e1d24b5c30b44a7561c61fc4fae5b9ffc972fa996eb417a52429890176aef2731e6c12b40467943 d8cb39080125e337ddc6f3ff64d4c4f026d368990a8de775f34dedb7a312bdf0926ca9ce8c5bcc991a4446389d591fb01ef5d4f85aa41def5d41b8d236e08a071c781d63dcf39936ed744b 41c479246b0c1ecc8bc19cd32909823ed9dbe7594f5551e1b6a0c9929132e92e8222850ce7965ae56f7262a8361ad83e3f058c1bbc858c4a2909fb0d52ff57f9f7d3695c7c82fb54f13344 802fff7b140bb82a6950b31a94705b3fdeaaa541a90d463fd40d605ef041851c57439560b807e5c875b1cb45fad15d271144a39fabbf0dbad02a1927f96f6e771ef4193544663ab86e007c a8d1c8172fd6c4554eb6e2d93d06285455dcf9fe3865146681e9ff50af8ca43a3c42cdfc8ea67ea97325029414f6d412c5a14616c4d659a247c904dedfe5ef553692bce72cb78a89733311 b5b634071dcc3a4ff753509ada3f83cd29be60461e698ae4f17913e33177486f2fa436df6f35a76c21dda4da8af7e6c45a211aae7e81b8b404f3a7fea161c7b12b7685367e8bef299d32e4 62b5da8064e1918783c83d3c25238b8f69426afe852af0b324c41e69c15b48946ad5d88c3b324765e9f13feeceab158e18a45e169a2dbd134edaf7e16a1ce4fa07cdbeb05bf27ddf94ae93 dba8ffa887f8ef08fb102960914e2acc0f747b8c34aab7783b73d6bb5581ffe859f09e8f2a53abe58fa4d939ea94a0618b576468f3025da86ef328b2b751580facb4e5adf01d15c2f4b5dd 2b8461d4740bc469fa9961c0a73456d17aca45b91f20f3af110091b7fe3d88cbfafc8d84c3182faab61514390f0e2b9a9d5bd40cc448cd13f78af88969d7783f60c15740b99c2259d3490b 568ba89b283626871c90d4ada65eb88b446c172cb1b60c377a412304f08d81f9d58ebdf243f91752b4bc2a55977a6d936ec45e0bd606cc00d039b2430194a4e0d08a6ad6481f28e31c0230 438c7d3718004fbd3de92fd6332335700413af726c652413c127846c6701479ebccaf4f9f341828a69bb311453cd6e405727d1b791bab5a0177fa92b03b22524b5093547fdb49c60b36cfb 3afea37f341463518c768529b4a820993198f69345acc8ec1e0892bd72364b06a166bb3a18c05d969b62d5901d268cb94fa3936178610483214b8d6bdf8593506595f2afc495f961449b31 76c8ed3145b8f9eac702205edd639abb50a354ed74e9792538d8a0caffb1106e879f80982a37858ceb87ff86764d2a620366b456a773b7217610b255fc07e75dde81ed362587502b7d9fd4 edef4b48779f595fc9f9e93284fb7c33add3697ea9d610b532d075954b139fd8c0ddf22806c2429efeed5fe5c4446163eac8095879972590edffbc0832191241dafd8ae28c83debeb99c3e 9addfcf6abf75e5976a95f47323240bef35d14acc482dc4b724d572c570c510d76edad4c557d60e84b2d872e4d1f8b0f7dbac7207d1642ae1b2ec9c4bb850b0d1160597ab224a79d20dc08 b1b294271d73c34f40446c5073a37540994cd51bd21d4f39533fbc719a5d29b70c9f2a56a69a35ec3e3cd483e321d91d669263128cb694bc63abbe686dfe92e9bfaf7ecb96d83235e4ed84 afd767f889662e64191914055a642aa131d44234a1d66aba6f1432ca6ec17daaa40884e82ed04d8b83de0156442eda5a2b9b2791aafe95719373f91798af59467edd6befb8fe433ccd43ed 3494c3dd50d8ea3ef9535909cb0453bb11764f75ab80a75852390d21996aa4e86a5b183b3db0212c9e8649987aca40a81cfe048193f2a70546f65869df21f1aec41cde2cd72ea9ada1b3ad bd2f4ae31e62ec1aa73d7dd03ccc10d46c6e9a82c2afe3c1e129502b05259c550e632ceddf4cb93aac73c276507e8d4cf8530c5f6b6c015847faf5e43dccc4e356cc81291080d33cd50ceb b273528ed12ec2778f5f78b25c0cd70d57510bdd1618a96295418d902a9fd8d3f12c51abf75e930c3a99ddc39d7456c72c60bf2285582d546d8cba8adc43588e8f18a8e1fad3a77246352b 489154afb93dc5626708241b7e34f721272a24c0970b1732d216281aa66470b99b69ff5a912481cc190e59a173ed20631bc760d79e99a5b3a350d4fa7b6e1034c5a332488a535fffda8976 e56d6b29fc4a60c18f72d99149b393cbbd9fb837ede77fd3381d7007f5438f521e1c8404ea362097696f4c98fba6e3ccd510cdeae52969732c6d5276622f66abfd481484d5f32b00a9a4c2 abd2ac7af686766a90277ddbfba621d0b3b39ef9f2d8eb10c64a2ae135915c149b7eaf94f42d1cb92d0c3282ae9645fb1062a02b036e64169f8f2096ae836d3569f0b2f93b96c36a2f7646 b3e43c8dbbc627bd9da85026260e7ffa1257b45a292273360be877ac12e2709548cad8c67661356429065e57459ee6f05f694e8634cddac26c17a912ed698b7c174da83c44d226aa1653b9 f726979eb3ab789d618309b4208faa7b6dbbe7cc6b2dff076aad4c069a47dcc3d3702f3fd5b0bf70465b2843c5a2549c7f24498dcf231712b2ae89c1458d78b2e091e833f39dd48881fd4b 55da0caf6fbdd50902a0b31e8054ecf94d7feb51dd7c2ed8c582ee3e367e92725c5f2f143130c314e94b6540378d4e11167bd329d79cfa2aedf49f2c60906b4c93aef80b4cbbfb99f5a257 92bc2936e8064749b604a8e76588fe95afba0f43f7736726ec5df04989d6d5eca098ed969b9c750567380559b1fa22a6dcc12a7650fa9b68a9864cb470e5ee4a237af3b56060e8fd542bf7 5c05b95cb314c6692a20144540e8e3605c599068e6ee0478f51c60c921ec208135ef9344929a4cb210753dad3e328e22010dfbc3274ade80e5d4e9fa97a237634427fabfa376e30ecbb4fa 638ce252fb2869ecd6262b9c21a275a647eaca5ef1a00673e3502f366c02f22b32910c25de62c06dec416909cd69a1a36a83976d7b4146c01871d673b5bafb3f6f0a848fc1054d4fab25dc 99574dfbd5d6d88d52b22d34dcb30bb7ecb7569297d76a8861cbb97e85eb7bb07a8e8367ecb6c30fa653fb7d9f819feed94ff23ba14725a8310d7e541f5996bdb114bc971019c4ef8f3f3e 567b8dcf0238e092cc5cc9fd11aa9931071734c50f2f3b79a37f1e185d56a6051ef64377c1dc36d245850f1d621cc4260158f74fabfa01a35d34f71f452979e3e22519190922ca735fc43c 074187028f79c8d35516ab6a4342d6706358149bae44f14bddd93c24feab1a5419ae53a5f2f2ad6c6094cd21e1e0c0dcacd4ec049a28f8eedc7997cb17de694e3d108b6ff22bab4d6f2c02 6c5ce2df73310328cb77f0fb42a6d452075ce613ba2cfcf6a58b87e50c4eed351f5d842d3f7e117459ba7f815069f743d4c67572620ec9e49ed244d8c239dcb8553d4de503c5c001a3f89a 80f2a6edd3c249245c8d8066d27d7e83943e6f89dfce1758f695875840cc25e4565bcbc25e0202cf9b232e327d7c7d544577f66664fe7af6fc7b1590b9a65d2d96d07ad9e647f7c9762d55 8cc2d2f743ea4834b833889c6e3e4b0b89a057e65e6d26f856777cd24862578fdd66757e55c41594a73bb19396f1c62aa1ff89f9738f5282c4605a902e860d19ac0423730e617ed0ebe332 9f116818eb2e2182ec4b45830627228e05ab347b249568cef6ffd12e1dbf634f62a86c1cb0980dc3fe6c05bfda949ccdcb9453af53f00cf590c87233e2f1836363a61b5e4c0ef1d146a921 c1547e5a53025c42ef78676d17c31d67cc761bf64182724bcd731962eedd80809a623e4c86bf93d0348b3eb8b9c21f00db04c0b7f6fa2d394e1b37c73fa820960a0a1be4676da3865813b3 2b81178746ec5f428bd0dd20a1be44d36c41c907c486799b61092fab6eea5948ffb70da78f821df099660834ad74f39253212a55d5cc55ae5a3b26576afa2abfc919915edac165c0d506ee 2507980c4b2ef1cee2ad0911f6119a3e79b8cb95eecd64c58d2af2f263b0a128ce7ccef2fda3cdadb5aefa320e1575e2536c50ae04b00f9b46d733b9079e21911fc1b64823c57336d56e9f 4e6736938365e9577612f3cd689aea72782999f114ffbcd19fe164ecdf51513239af5e4fe3248a54a232352d2e954bebd91b14c36ac53c41eb742f458bcaa27b5d98e4786c26d11ad7078f 9e541a47b9acdf53592aafd5da253f038ec30bb5f098b957568887ced541430b0bbfb001d7a48a0df938e96df9e25360b0fe9efadad85c9ee705bc83a39a22dfda31dec023479f60fdf3c4 852eac62e41ccfce1bfab673f83e32f666e125557f24ed07b85fd7c84a8fc1db034793fdb56bf59251e97cb5ebfa153de1bcac974887b34b4b2bf00cfb0f06dab3c3546c3e104890746b73 1ef0ae3245eb458dd8dfddbf027db62bd999b4baad6f76d140b18b8a89007b2996d3dbff82bf7793f56b35761f2075c5a766cb09aa924cff733a7e05124a36e70b1ca1194a8e7605965f2b 00d8c73a1a6072c06e5387f433baa1fe08a63d9891fd27a25334f48260ec0480d8e388cfe743c1e40e44506ecd4a29b99ce311c554d2dee3f11e6ca7f8ca4d7d48eaac0c7a3c497cf3041b 95063e61d00f261e85aeeade0d94516bb342b3ccc69949a4a5195f0156125f894ceda57d78b1d04798ee9c8a237f581ffc763d32b91a9c33d731d86a6b351a64103162173d01da3e426c67 b6b3228ecbc1fdc5f7d6225d5759477e60d3bb4ba3ad1c6f300087e0717882bf8cd933b9e286e83e66630bf44120125574c5f9c4e980ee3b94f3f056812e17358fe9a510a0b665cc199156 27e41e2a647e23267294ab9667665f000a6839f1b972dfc7455b16294fdf3ad2baa20c57508b30ae465627447ccccf1565341419e13d2e21b27ce9d7113a3f1e7497bb74ac6690d546e8a4 d676d97533fac604c67a0d6f90591aee77eafdd3cb2921554384524113c7bf1a1ed66e82f94885392e0a660ffcde4e41517c3ebc52af5a15c94ac9f4176a0a5362efced3445cabe66db8f7 102a81e3cab0b6b729f30636cd64518494cb10fc1b647a0882f91cda0b14c44441ed8d4972783d251c7cdbf129eaa5074dfea6d867f2325eb6522f96d590f615375c2d62c2d700a35e3ebb a6c5d05bb846f8a932f9b120f17cd2d18ef60bdb7b5b25ad44204ba1c13c3b0ceee8fb78a70e68bd9cde0b6cb4662f6b2d6d1907ac92adf34fa298f18b1db93855db5a57bebf087ed690b6 b1141d9695cb541870b79bedf52088c84ea327e74af17494c1a4c344f2ed57b8a8f1893b72be8b20f7d0a4b6035c408287920946db93a4a98a5ae2289969619a081653c24292e8b9766ec4 044ee17d02695217e15fae8d516861d3236b0290b51172a0a411a2e6f73e812c085645bb0ab144692dd3a883d3f0f72cce7f902d40b57cca602a8837392301a87eb1edcc718d935c3bd7c8 6ceacb0b735a48bcc3278676230107030fc4daa742ade31efd9b379849c71cb5dc41319c1f148cb52288f0c4d7af66e2c7f4f8190f0b82c5c8e38c1727050a3eb1856322f88f1a1b83e688 11cba861cd1fe51bf53bac0b89f796acc002b156f9e4ce579976b58e7f0776d20b8e6b9586f1c7ac1d49ad013423c5123be1a0abd84b802d907ab0e75a5598de561ac9177b2fb89e3048ad ef57e04ccb2934c936f584999d78e7360448e349d828470ae12c727b32195ee3b7ff9d75361624f301db914355d1737cd8a47b6201920e2d767bc87b92fea2fb96eb2329a5d8a605ddb305 744727b3edb298a6881e03773e2fa21eb1d8e711028e4afb99a0e11f06dbd5affe9c5fb2443664f524058e29b4d451526ff59bcced28ce161b9b14e2ecda37e9a7b3a325b09a906d60a6d8 deaf5078b701cf90420d5d8e0a5183c19c045c2a13ed2e376dff224179d3eaf5127edb946531ed0ebdda93baaab714d3a18744c11ef11c12b26e53f909c087e208897b026b8e86a2f6845c 727f042d763816a5c3066bf749ed485d2be213e1be94fe207724fa11c2413d2af0ec30ca5254e654684ff10241e3f66f5aba415dde0e20931271928f36d3e3ac7c4b81939275ca676d6b55 a54b82b6744adc01bad9e58f8667cd2b048d283827cb221e8d413c7834ce0827626218210b3e78b51896cb1cd1adb54f0cfe82d6054f8ae282e83c7fe9fad7cd4725ed49f67b4fcc697939 d3055ad4a3f4ecfd81e9af2d794f8657ba37c01cd72fef5effe9019c2fbc560efff36b8214d5c8e2d4fae91a8c35baf41e5230268aa8d2f76082ad3e9b5305491df9343176d3eaa6a75a78 e45e193577666b0997aeea2d63fc92bbdc39e44ef49562de16e5e0a1640e183de52588cd0f72d73d2758174e769b7878e7dbd204a36c54aac972b211511fe2781a50a7b337d5f9cf52d2bd 4941bc45d153d9ee162e59ab11538d516c74e144a0fa30d0275a984a19076c0a1d4debec46574a57456a06b51648e4b8131d0cfeb7a8dcf7d90efcfaa4cb2eacdb55dc583d151751e3bfc1 8ee420592d78a9fe24e350d1a1815c235d8180b3f9082dd38a225bc5e70471382b6f2775cf310c96bd67cafb99d8521df5c6c90f868e255f7d1815a65686e0b8262cb5c121f26b08e952e0 15b9976a1a41fbe9c1801ac6a362db171b0a74b01e01512286f05581aef00759c0db9a1e9f1d768c8b827edf00c5937969f720fc5f0ac141353209aeb09d1812e0ac5ce66199f6167dd2cc 682f1ef8740b8bf56323ab6a15080f5494e81d0928a88c362c38c4f7057c5b651dcf0d29893cb8f2f63d3a0fc745e67210ed98f7935804087da8f538a87ec0c7cb20f7f5553e76df258c37 867db0a59518f6a048b40bc8af32604d6f2ad416aaefc9fa694c45919875c012bf29515932987c7e51b9eb082a4e3c14a0789e5553af04aa2ef19033f4de0c3f5919ee59dae37bcb72380c 65df6a0555fb82b69616936d593dff1682ac1b9415ab52d7561344184290e5c8afb82267abebb8cf7f85e1acb95248be051b3a55d84d4c21197fa67de36a7055ce19e1b0e14257158ec8c7 73cd852288bc48c2fa8e8d01be5d10a34babca481355d3abf5a3befefc79748e3f5d16bdd9d6002716cfcfcf86f2fcbcc3d928d09abe5f1805922a912cfadbdbd94657280922e8822c5146 b8185d3c7f0ea6e5e0fccfb5c182bf40ee0c497e462602f119abfde73a8ead74ca68503fe730bf2dcd70983572b2b590f75f25ec5e06bab01f6f97752f0eb987ad0bdeb7351a1bb8100a0d ae321d6c6a05a4b0089220a97e0b00fa051254c9b3cb90d3030381b909218ced13729586116fe1d0eebd56d8ffaff2cbbb719577d8e7734819939b3532b449bb3ce46bb5aefa178bb0ee2a 34fff6a6d4535121a0a1d1c2205bc54f16b6e2c2dd57122e77c95e0e143cdc6e3969df4479d587fb84d58d4fabe5a2df7489349c124bda893cb30f0c32bc3d131ba7f665d5a4d7e0207d6c 2d5fa333cdf3bc1612cb896eb1da96b3ba0e768ee18267ace61138484e62f575b2b2101c7140f6c4b3f2792ab9ba6910c5caa534ee206676a33ff9aca1606b709e613a2de6ed8b07d8ce0b 906baaffb95989d36ec6356cbb652739032c479989b2e753a66e5c05fa36f3b25e53803d05414cd5f051cb4f8ec65a692c441d61773c7489eaf1a4bd203690211bd629b2ad2b6d98130cb1 b431a396de1939b945206635c91918ab45e1053f1d37c8e4dd79115d84f5c632a56d00bb5136d0ff80b40c3986393b47a51d46dbc7545e785cc2ab3edc6c4cb5c9094bae1a8a04617b4540 140a2adbca90ee838d11b1053e7400ff29c9cc3801c045bbc2f97123ce49e4cf65cf3f2cbbc938b13a550a74de864cc41c476f109c58fad764f8b808bcc9767c20b992704667c2177abb67 1735d094ff36ba3cf7fd35a3ff3695b71ea93b114249c3d2f74f22fdb33849fcb2e0f874688f09b9a7af5651e87f954f98d1b34140b2082b0daa72eba554998686df57886e1e2736127ae0 cce570762cc895b382dd330cb9794eb673d167d90749124aea93771caa00051947f0b301a47d1489a874d533ed407774fb86d8def55a07cf313440898adaa9eba2e30059f31bb65aabea34 7f17fe28d76630fad4ce9640d5af7fe3097163e4e12ebbf299d6e167c923636d8af782f5f20b7e4db1dccdd35a5eea094701af6c69fa940e45c0e647e4f4ff5dfa66e1268f449aed393ee9 61fd9666e35d6f6684f8287664588fe4d89d20c2b9955d8e7b75f63ebd9cbbaf1b634cc29dccd1a087aa077102afc50ef803440beee153998092e138243ece435b957da48e6ebc45ece335 84c192f3fcb4960ab854a48cb4f348305f95c9bac66d3331c853859a26f4b9179172f5865f066aa9ab2e48578cdc1f3d4f7a400fe76a9956a7b817604267e400830d97daebfc03aa896049 70162635b528f4d667ed8f37d208c9326d7d313d546eb962703d8d1a19d7ac2a643b8e553e816ee4a9e98206acca31ff7ee6b5ee5e9a7348e376373014678957b8e74db1ec4ad0028577de b06ad637030e277ff192f520c315036437cb3563c3d4de189efd9390ff0ec55733f712752b8bdf645da9ece614674d7fc982b4f76570fd467dfd19bfe80d2df6ff85b34350054e20d3be1f 421c97b8864faa393e7d62b32003be8fddbc677646f0685d35988c4dd1d39b09c18dc299fa14428fce60434f1fdbcf7067d25abe0c933637b7031e82d823bd71d3872ac64c481e40fe282d 4ec35eea23361530bd8a26c10dc1fb3d9470c2cdeb90c6679991bee72dc2bbeaaa9fdf96ea456017d26c9b46a9f1f127b517869a9116b33e9203889dcd83d044cd6bc4b48f3540dad4c3dc 2b134c798825350d42fc3190ddf8d8e5bc509e53d3ab2c565c785700eea141a84a34f2756aacb13cd3a567fd45d7fc5304c1f85e30c66b074b7b37b46f1c72008cb07012f9addfae8ba90f fec6942ac70f4ea1960b2e2f0ce6a4b6bd123dcf23a96ef97b60af0e48664c29d4bac1d11e9a3dfc9662de341d5c16e1f961ed8fc78009847c15d86cfc28113bf6ce78695d0961c0073ae4 946c4207bf27d642e9bb2e0419cfefacbf74769c3654b5f75cdd63020bcbe4ae4f2f6e32a3063ccae39468ad9e8d3e03987b0a7c615bc71274df42ab48c6514ebc4bd87642b17cece33cdd 4495934af4628fe09fea9ba78e96fb321eb26fc5cf176ea4aff564fa35bca15bce17ac401e7d1bbc86456777fb7488786ae25204d8408c4b39b4a9243121b4c6fa228eff178de80d09d55b aa77a903a07cd838543bf76bbbf3c0428576a3af2245c860aeef3400462e80af532ee19ff9ff1c58d0e51e73a15591005f9b85dda564679d2626f0ce9d6bac1bbe89532eec050be86c9230 efc93f557f705a0f730074da782f5872e2a583c37b31625ac7c822f0b3df2d14d4cc252b36edb96cd02cff5cb57cc260df943726ad799a73e28ac762b45ec21d96cd8db8d738e073553517 0c7f7119bdfc6498459379ac4460fe540799557ce4d169df9a7bc124c2ced64c6c5c707ab8f84c78831a6d589f3569a0ad4cd511b696923262346e20c6dfa531e9444a6fda6ccc2b11bc04 3fa427dcea78c65287a125ff4da9f5f21dfb016ea7165fdc2c45626bee373631300d010a

elokas · 10.01.2009, 19:29

"88496658"= 8f76b6d390f9e05f8db4308f96b7e35fc9dab17804e10ac3447d8a1572ec40d3fb2b2d1efac7be45b1f89c6a6442f855641299b6b7f3d2951a3fe9e83ed9948779927d20124899ef7623a3 c7882f10cc3dc48324107307ae757da76b57ae4c4c76b162092a22aa46c1a444df6ad435560a764510aecfa4bbd1f9be6feffe99c7524cb8f63d341226abc802285a84d0c6145b438ca85c 85808d5223b53fedba4c67ad38e47b3f0a1487f381b5c297418bc578f06990db637e6eb75fe29fa8b2d01b309cf013d2f8d6932f5b5cc2d8fc8cb32eef2201d625689d0ab697d43e3a09d6 f3af737d53536d9dc06a6427c9f42cd315e9adcd7f4c88e75456f528026c1c414af066801e8afd2bc7e2cdc5e4d53ff470e8b8b01800a4dc3879197c52ded2a2f10785c7f75789e1af8b46 3c31f3349c9323cba5f612065cdfcb205bc891c14624e6938ae5ee8c7fbd3de7177cb35c8f5e3335af3fbf18b925aadff0172e49219f41ba69f311ece45be5e9b5733d05b9ca5b6aa91320 1fca37dcc7004961644f3a91cacdf004a538b211f9a286aa224b93edc82dfdd3c9165209ef0de4c780c9aa573698557b6e3629ca655de4cc9082ccf86a7704c26fb20751e629789c023f82 d279346ff771a05157ba8bb851bdb67c66cc07e6b4bb2e69e122179eb2ef4f23ffff718f91f2eb418cc9c9b0210cd45b294d7732bb7302faec9309a5c5bb5f2df8b580caa90300c7800171 f69d530356e48389c0751ad74fd3ac4556914db1f8f2165591b07c772fcc7a1406fd1053749ee7becb9e5b68851a5fe8ec1dcafda83f8c8ec7e87d36aea883d876e0bf2af7ceaf5144f1ba 5c4c528ef28bb37fa2c6915292c1a890c9c22b4d6d2d076135fbaafeb99d62d1f3a3a155e47e47f98e2e7e7a206832ce558ab9aadb3c29547710b46a4b8f58c60381ef2a6bcfe91d4419b0 2fe1e6e4afa9d6743821364b5b7773c5f3f9ed7d1ea0bb04eda201c302a63b9c8958f62d6d818bf38f6cc7aeea5af6e51db55a00bd3802e30900e5f7f8ecd8965aff8d7dd29e7314d06ccf d154df7654868877b007e6eb4cdf2f3183aba3210be8505726b87f637fcd2077e5fa11b65fd6619c632712e29de9021bef07bcdc63b636b04e5c0ee5abf4671b01bb2c25552f91e54a16ae 5e2fc18da1b0af24f1884b5aeab441ca5a56672ddc8e1c7faadcdfe68aed172897b0130bcef0b729f0904dd8247385e099c1a4a4909d36c08f192590456321a574ce997a6209733cc34ac7 df4474b3cf2512754f8e1606f5f38c7a21a27d4374c09e90bac70f9a0f8984a5016e0ff3bae39d69d300796055e00518028b3e67fc84d7b747cc239c111ec832669bb2d8815225ea715184 0d55db4c30120df3bad03e4e3b3fdc1b27ed74fed8e6b4e6ae3c7a107dbd303b1b72190f549c4a8f64bc98620e99e2a2c00a24a9ae70829421231c2b8e0350cc56e96689c305521ac28778 834f17d73b5d9c7de6a9041f493581fda77d4e78cf16e6f6cf4fbff66ce518c9d90a2ecdcecd45b93f1a5ded36e7a89c47504414c9d5027060656ab2ef30c789971cbc87f30d44eec9f295 8cd2bea36fcf18b9f1fb751f4b1af58e96e78d6b45fd552543a2b3751cd74dbc57d1b7d9484535cdd0860b15f7759780dff9c82548b8db8e306583e323373b5fd4f6f86e317468d2a77793 e8765ccb09e9d55ebea8cd3a2bfc747dd5d93398cf23c3981185b8233dac273ead842069a595002e3009f6c59f05297c6bdb6d67a71e1bc2a152a9db0a942abe57206b742678b74c8d10f6 954943a202ce224294716fb69dbf3aeafbb8d21d1b156b0c6588de1eb8ac02c83d3aea6a837dada1a6e0402b17426c7781ec6c6aa48eac8910cf06b389f852e001d6b9549d5f3b7f412972 71eb3c7d02b23e18297a04cc7f0d3b94930fa4c7e2d00ad9e57fe13c484e4de640dda9ae9ae79cdf2c2630091673b7d4e4b704916aaa658f2e8c1f28e98423e9783d8f31b4951c412c9306 176d3f6122f9de3b15b36ce7b7d7bbffac977a74a416fafce87c899b03958e7582101b172cad6d0a5288eb077c3aed2516a3e49d231ebeeacc06433e768bd379bcba98500702ffe08f3104 e69df811341647b52dfa8afcd805da537bec15d6a98f59b5ac87d52b666609a8abd8f8eb1ff2c1c85734f2cedcb44b4e00e01705f90ee96296bbb2008350b207489b74d6c6fd818f45eb42 51b77efc19a31efd19f0b9f053bdb360d635c77e1c2b293cbba8709b6e3342906b1cd192e90f8df33c4736573658b0850cae87825b3b1c54893769cc8b33414277c713f5f6b16e572635b4 7eaad3c51f548b062263fade21806d34d784b6915be89b2206c6ec351f40da2cc28df1c1b55f038075a7d58b9c5959e02e0fb0871e9b260ee22cfe6fa3b4b814146ab3d8593fd7c8341d76 71b8d188aaa277d020882ef55e3e8227929150d633e0bb3c190d2b956541d6be34033e1ed982c2018e91f4f917e31785253eab13213b024a2287d81dff65b77996d04cabc2e5d67d8c4075 2861b9155e5b8561cf25371977159e2d7ca5e81148c48cd83dc85678acb607186f51f93d6ff8adbb4561135a43b820da35c8de1b045c62eb329ebcb8df6cc3f8d3eb4d457dcebba3cb0722 db1caaa5620a4c134b63ca863c63470a3cc02dea8f1d98380fbcd2cbd92f0aecaa2ad52c1bcb47e000adfe3d70cdc955715fd5c0906110b04bb91cd418b332dc270c95702d77cc5ca80bfb 942a16cb53fffd10229ae7aab8a10bc7aa012b0908d8d88937ca92b22823e54be1dc02707b558dd8536df21b969738ffe5fb218e6ffd910f4624671c16b99a14e9d547351ffe3b43a18e61 1b52d1f7722df7fb976e4fd7406159e48516d39eea34f425b25bd36d263b7c2626907cdbf1c3ae9d74f223427e614a7a077fbb55ff00d836f0edc480f55747170d02ead53f98f84b43476c e68eb17c4a88a0df88277ad16f7901475fddd958c2e91ef1e9e32bb424c107934d0b1be3d77b74befc3f698c75b7c6dbc088dfd91d56eefec743ba261ec5f5ebd443d351cf103e48ff0b49 fac38dd39adec63b646eb5cf539db6c30853ebe5f61a3b776eb51552649fe8b549ede63e0b6b7b7afbbe816fe637a4a0d677cc246cadd99183e8ac933a800469bf78ab9e79660ae9a5bc47 a0bae7b76b1a69e9cbd118706dbf5a5332aa7ffa6ae1270fd6cc5f49d72340ede234de95c5e8bd8dfa962f5efc2011e45a1b9ee6bf44ec43851aea8225c22d1d12bb71198bf9517760be9b 5bdba8fb130ba4ce7cbe0fde45d8a046714504e519105878459ce198ce2c387c5aa3060115fc46bd1dd7fc0b9f3ad60409f78399503dfb4d1bb583c44db80c807d5a94ba22cf9053e9e727 9d2f15ce26241bddd30d163e1d68073cd18806addf99b9a85179785d2dc23d9b0b0cf5fa9c5a7e666a401a901d3fd868e62bb8d39d7ad5c47ec977a783ca5269c1597f7d4782f6c6c5d108 6575dbc3a57f7fbccbf48b42218cced1ff1f6e683846145e4a22fb94dd71ed5c3048ce66342cde441ba1e504b82658cd5e91af9b6eceb988d8d7ed5f42cdd23712634a26c2556c4552401d b195111dd2da3f82053d101ef7b78cec70a10f1272d89ebe02c890d7acf66ed7bff890cbafbe1a03fe8d527c1d8b7e6287437f40d3d2da5d074d11e65969ed2b4131e42e5f86f2ee7b8ad1 506bd71240c96cbbbf1dd309fa23ab901cbd5a4a853531c061436e67632e4b22e5bebd6324a0c3c1837418b17d57db5410f211762de657258a51f8f3b89b6bc863df61d66acf5dcbf47f0c 43de1df98aa44b8481afdce4f85d122ea279acda86cd4ee8570005e660f7cdba9cda213b866b49a4b5b9cbda5f240f542f013546601a8f08c1a2952f0415e75984140998c18b50535cbe8c 8b65744d76e1e62ed12a7b0d08c94adb0ccdae545cd8d28e0befbc4bde89caeff008166e48efebcacbba48bb02fee56d979e5a7424652289acb7a691c5b4000b5969e7a32dbfbb718d08d5 ca78b4dcceed9efa0840239c4df0f26c9a74563855845543a4cd228b185f09dd682dda83530b6e0550cccdb9c99838d16e7cf70e9c4d42716addc467266c56ca0bd2e16cdcb647a53f9909 bfae24be6dafa0b7b38cc93fed954006c543c6d9a50aa3074f5a271f2e96a21d91aeac134ad73286ff08426809835711ae68df511c81b4768d75d748812cf5a2752642c85991dd81db306b cc79597f20e5f0a74235916edd4dcc45f89d40d86f8175fa007ea8810bc746b401d1018a72ce5f514188ff

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\181a2326b830beef]
@="Service"

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Google Updater.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2007-05-07 09:27 4376328 c:\programme\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 03:10 409600 c:\programme\canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 09:10 2007088 c:\programme\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2004-10-08 12:06 196608 c:\programme\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2006-01-17 13:26 53248 c:\programme\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 04:22 1695232 c:\programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 c:\programme\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-12 20:10 21898024 c:\programme\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-17 10:36 68856 c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-01-09 14:09 491520 c:\programme\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-01-09 14:09 98304 c:\programme\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 16:45 313472 c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-03-27 15:22 4670968 c:\programme\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\System32\\DPLAYSVR.EXE"=
"c:\\Spiele\\Heroes 3 Complete\\h3wog.exe"=
"c:\\Programme\\DAP\\DAP.exe"=
"c:\\Spiele\\EE-ZDE\\EE-AOC.exe"=
"c:\\Programme\\Kali95\\Kali.exe"=
"c:\\Programme\\Kali95\\KProxy.exe"=
"c:\\WINDOWS\\System32\\dpnsvr.exe"=
"c:\\Programme\\Miranda IM\\miranda32.exe"=
"c:\\Programme\\DOSBox-0.65\\DOSBox.exe"=
"c:\\Spiele\\Orion2englMOD\\MOO2v140b23_patch.exe"=
"c:\\WINDOWS\\System32\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Spiele\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Spiele\\Empire Earth\\Empire Earth.exe"=
"c:\\Spiele\\Armagetron Advanced\\armagetronad.exe"=
"c:\\Programme\\FlashGet\\flashget.exe"=
"c:\\Spiele\\EVE\\bin\\ExeFile.exe"=
"c:\\Programme\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\ICQ6\\ICQ.exe"=
"c:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programme\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2213:TCP"= 2213:TCP:Kali
"5500:TCP"= 5500:TCP:*

isabled:ICQ empfang test

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2006-02-16 22336]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2006-02-16 45376]
R1 SSHDRV79;SSHDRV79;c:\windows\system32\drivers\SSHDRV79.sys [2006-12-07 75264]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2005-10-23 78848]
R4 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [2008-11-20 222456]
S3 Comcisar;Comcisar;c:\windows\system32\drivers\nwlnkipx.sys [1980-01-01 88320]
S3 iMSPCLOj;iMSPCLOj;\??\c:\dokume~1\Ich\LOKALE~1\Temp\iMSPCLOj.sys --> c:\dokume~1\Ich\LOKALE~1\Temp\iMSPCLOj.sys [?]
S3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\system32\drivers\MOUSEWD.SYS [2007-12-25 6656]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [2009-01-08 356920]
S3 SKYLARK;%SkyUsb.SvcDesc%;c:\windows\system32\drivers\Skyusb.sys [2005-12-03 46464]
S4 181a2326b830beef;Microsoft DDE+ server;c:\windows\system32\.181a2326b830beef\181a2326b830beef.exe --> c:\windows\system32\.181a2326b830beef\181a2326b830beef.exe [?]
S4 USBHSB;GeneLink File Transfer Driver;c:\windows\system32\drivers\usbhsb.sys [2005-10-22 18690]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59aa22d0-d1a8-11dc-89de-000e351f951d}]
\Shell\Auto\command - Hay.exe e
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Hay.exe e
.
Inhalt des "geplante Tasks" Ordners

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]
.
- - - - Entfernte verwaiste Registrierungseintrõge - - - -

MSConfigStartUp-ICQ Lite - c:\programme\ICQLite\ICQLite.exe

.
------- Zusõtzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://de.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
IE: &Alles mit FlashGet laden - c:\programme\FlashGet\jc_all.htm
IE: &Clean Traces - c:\programme\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\programme\DAP\dapextie.htm
IE: &ICQ Toolbar Search - c:\programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Mit FlashGet laden - c:\programme\FlashGet\jc_link.htm
IE: Download &all with DAP - c:\programme\DAP\dapextie2.htm
IE: Easy-WebPrint - Drucken - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
TCP: {1F3AA033-54A8-4FBD-856A-1A3062010161} = 192.168.0.235
FF - ProfilePath - c:\dokumente und einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\wjgr295e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de

fficial
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\programme\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\programme\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\programme\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 19:10:11
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Scanne versteckte Prozesse...

Scanne versteckte Autostarteintrõge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2009-01-10 19:11:24
ComboFix-quarantined-files.txt 2009-01-10 18:11:24

Vor Suchlauf: 25 Verzeichnis(se), 15.321.333.760 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 15,353,348,096 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

315 --- E O F --- 2008-12-19 00:44:33

schrauber · 10.01.2009, 19:59

Scripten mit Combofix

Öffne den Editor ( Start -> Zubehör -> Editor ) kopiere nun folgenden Text in das weiße Feld:

Zitat:

KILLALL::

File::
c:\windows\system32\c_496628.nls
Folder::
c:\windows\system32\.181a2326b830beef
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave1"=-
"midi1"=-
"mixer1"=-
"wave2"=-
"midi2"=-
"mixer2"=-
"aux1"=-
"88496659"=-
"88496648"=-
"aux2"=-
"88496678"=-
"88496658"=-
Driver::
iMSPCLOj
181a2326b830beef

Speichere diese Datei nun auf dem Desktop unter -> cfscript.txt

Nun die Datei cfscript.txt mit der rechten Maustaste auf das Sysmbol von Combofix ziehen!

Danach das Combofix nochmal ausführen, das System neu starten und das Log von Combofix posten

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann

elokas · 10.01.2009, 23:39

ComboFix 09-01-10.01 - Ich 2009-01-10 22:59:40.4 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1031.18.511.258 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Ich\Eigene Dateien\eigene videos\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Ich\Desktop\cfscript.txt
* Neuer Wiederherstellungspunkt wurde erstellt

FILE ::
c:\windows\system32\c_496628.nls
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\java2.sys c:\windows\system32\snjava.dll

.
((((((((((((((((((((((( Dateien erstellt von 2008-12-10 bis 2009-01-10 ))))))))))))))))))))))))))))))
.

2009-01-10 18:31 . 2009-01-10 18:30 3,165,824 --a------ c:\programme\ccsetup215.exe
2009-01-08 12:40 . 2009-01-08 12:40 <DIR> d-------- c:\programme\Malwarebytes' Anti-Malware
2009-01-08 12:40 . 2009-01-08 12:40 <DIR> d-------- c:\dokumente und einstellungen\Ich\Anwendungsdaten\Malwarebytes
2009-01-08 12:40 . 2009-01-08 12:40 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-01-08 12:40 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-08 12:40 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-08 10:48 . 2009-01-08 10:48 <DIR> d-------- c:\programme\Trend Micro
2009-01-08 10:31 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-01-08 10:31 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-01-08 10:31 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-01-08 10:31 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-01-08 10:30 . 2009-01-08 10:30 <DIR> d-------- c:\programme\Spyware Doctor
2009-01-08 10:30 . 2009-01-08 10:30 <DIR> d-------- c:\dokumente und einstellungen\Ich\Anwendungsdaten\PC Tools
2008-12-17 16:01 . 2008-12-17 16:01 147,456 --a------ c:\windows\system32\1$.tmp

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-10 21:44 20,528 ----a-w c:\programme\combofix log 3.txt
2009-01-10 21:32 51,743 ----a-w c:\programme\combofix log 2.txt
2009-01-10 18:13 51,645 ----a-w c:\programme\combofix log.txt
2008-12-13 06:36 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-20 10:37 --------- d-----w c:\programme\ICQ6Toolbar
2008-11-20 10:37 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\ICQ
2008-11-20 10:28 --------- d-----w c:\dokumente und einstellungen\Ich\Anwendungsdaten\ICQ
2008-11-20 10:27 --------- d-----w c:\programme\ICQ6
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 17:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-09-20 08:24 1,403 ----a-w c:\programme\dfend.ini
2008-09-20 08:22 298 ----a-w c:\programme\Profiles.dat
2008-09-20 08:22 273 ----a-w c:\programme\History.dat
2008-09-20 08:22 0 ----a-w c:\programme\Years.dat
2008-09-20 08:22 0 ----a-w c:\programme\Publisher.dat
2008-09-20 08:22 0 ----a-w c:\programme\Genres.dat
2008-09-20 08:22 0 ----a-w c:\programme\Developers.dat
2008-08-18 20:44 19,153,264 ----a-w c:\programme\aaw2008_10.exe
2008-08-18 20:29 532,480 ----a-w c:\programme\cwshredder.exe
2007-10-23 18:28 61,647,736 ----a-w c:\programme\directx_aug2007_redist.exe
2007-07-20 00:19 855,886 ----a-w c:\programme\AUG2007_d3dx10_35_x64.cab
2007-07-20 00:19 800,467 ----a-w c:\programme\AUG2007_d3dx10_35_x86.cab
2007-07-20 00:19 1,803,760 ----a-w c:\programme\AUG2007_d3dx9_35_x64.cab
2007-07-20 00:18 44,684 ----a-w c:\programme\dxdllreg_x86.cab
2007-07-20 00:18 201,696 ----a-w c:\programme\AUG2007_XACT_x64.cab
2007-07-20 00:18 156,612 ----a-w c:\programme\AUG2007_XACT_x86.cab
2007-07-20 00:18 1,711,752 ----a-w c:\programme\AUG2007_d3dx9_35_x86.cab
2007-05-13 17:46 3,019,264 ----a-w c:\programme\imc_3021a_adult.msi
2007-04-20 06:12 6,718,976 ----a-w c:\programme\winamp533_full_emusic-7plus.exe
2007-01-30 18:08 20,193,072 ----a-w c:\programme\SkypeSetup.exe
2006-12-14 14:52 1,604,988 ----a-r c:\programme\psradio1022.exe
2006-12-13 00:00 16,508,560 ----a-w c:\programme\jre-1_5_0_09-windows-i586-p.exe
2006-12-12 21:03 13,170,312 ----a-w c:\programme\jre-6-windows-i586.exe
2006-11-13 08:06 3,005,440 ----a-w c:\programme\imc_3014_adult.msi
2006-11-03 18:33 57,327,371 ----a-w c:\programme\dslradiorecorder2.0_1703.exe
2006-11-03 18:23 8,637,008 ----a-w c:\programme\sdsetup.exe
2006-11-03 18:20 377,928 ----a-w c:\programme\DLM_2200046_DEU.exe
2006-10-18 07:46 35,113,704 ----a-w c:\programme\directx_9c_redist.exe
2006-10-16 08:33 35,272 ----a-w c:\programme\zmbv_392.zip
2006-10-15 22:00 5,037,072 ----a-w c:\programme\spybotsd14.exe
2006-10-15 22:00 2,855,080 ----a-w c:\programme\aawsepersonal.exe
2006-10-03 10:33 1,077,258 ----a-w c:\programme\miranda-im-v0.5.1-unicode.exe
2006-10-03 09:49 703 ----a-w c:\programme\ConfOpt.dat
2006-09-25 20:56 1,294,629 ----a-w c:\programme\DOSBox0.65-win32-installer.exe
2006-05-23 19:34 1,560,064 ----a-w c:\programme\dfend_v2_beta_2.exe
2006-03-24 09:20 14,797,568 ----a-w c:\programme\DivXPlay61_02.exe
2006-02-23 18:15 2,811,349 ----a-w c:\programme\kali2613.exe
2006-02-01 12:47 81,920 ----a-w c:\programme\zmbv.dll
2006-02-01 12:47 1,460 ----a-w c:\programme\zmbv.inf
2005-12-12 10:05 23,552 ----a-w c:\programme\cdexe einstellung.doc
2005-12-07 12:22 3,507,488 ----a-w c:\programme\dap75.exe
2005-12-02 22:09 33,575,560 ----a-w c:\programme\qc841deu.exe
2005-11-26 00:04 3,783,597 ----a-w c:\programme\wace26d.exe
2005-11-22 21:45 65,536 ----a-w c:\programme\SR7.Stop_1.0.exe
2005-11-22 20:43 1,149,553 ----a-w c:\programme\D-Fend-2.0.62.42.exe
2005-11-09 18:23 4,691,528 ----a-w c:\programme\icq5_german_setup.exe
2005-11-09 13:26 8,314,880 ----a-w c:\programme\avwinsfx.exe
2005-10-03 17:40 2,000,324 ----a-w c:\programme\CDexe Setup Datei.exe
2005-09-14 20:41 375,848 ----a-w c:\programme\msgr7de.exe
2005-09-14 13:02 3,921,509 ----a-w c:\programme\FriendFinderMessengerInstaller_adult_2_5_1.exe
2003-01-21 02:00 13,095,560 ----a-r c:\windows\system32\config\systemprofile\MpSetup.exe
2003-01-21 02:00 13,095,560 ----a-r c:\dokumente und einstellungen\Ich\MpSetup.exe
2003-01-21 02:00 13,095,560 ----a-r c:\dokumente und einstellungen\Default User\MpSetup.exe
2002-11-11 11:28 1,803,464 ----a-w c:\programme\winzip81.exe
2002-04-15 00:39 855,552 ------w c:\programme\ID3TagEditor.exe
2008-12-19 09:33 67,688 ----a-w c:\programme\mozilla firefox\components\jar50.dll
2008-12-19 09:33 54,368 ----a-w c:\programme\mozilla firefox\components\jsd3250.dll
2008-12-19 09:33 34,944 ----a-w c:\programme\mozilla firefox\components\myspell.dll
2008-12-19 09:33 46,712 ----a-w c:\programme\mozilla firefox\components\spellchk.dll
2008-12-19 09:33 172,136 ----a-w c:\programme\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-10_19.10.37,13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 68856]
"MSMSGS"="c:\programme\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"WinampAgent"="c:\programme\Winamp\winampa.exe" [2007-02-13 35328]
"SunJavaUpdateSched"="c:\programme\Java\jre1.5.0_09\bin\jusched.exe" [2006-09-07 49263]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 40960]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2007-06-29 286720]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MultimediaMouse"="c:\programme\Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LtMoh"="c:\programme\ltmoh\Ltmoh.exe" [2003-04-28 184320]
"LogitechVideoTray"="c:\programme\Logitech\Video\LogiTray.exe" [2004-10-08 217088]
"LogitechVideoRepair"="c:\programme\Logitech\Video\ISStart.exe" [2004-10-08 458752]
"avgnt"="c:\programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-22 335872]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 c:\windows\SOUNDMAN.EXE]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-07-25 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-22 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I263"= i263_32.drv
"VIDC.VX1K"= VX1000S.DLL
"msacm.g723"= g723.acm
"msacm.imc"= imc32.acm
"VIDC.ZMBV"= zmbv.dll

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Google Updater.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2007-05-07 09:27 4376328 c:\programme\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 03:10 409600 c:\programme\canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 09:10 2007088 c:\programme\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2004-10-08 12:06 196608 c:\programme\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2006-01-17 13:26 53248 c:\programme\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 04:22 1695232 c:\programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 c:\programme\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-12 20:10 21898024 c:\programme\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-17 10:36 68856 c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-01-09 14:09 491520 c:\programme\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-01-09 14:09 98304 c:\programme\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2006-03-30 16:45 313472 c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-03-27 15:22 4670968 c:\programme\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\System32\\DPLAYSVR.EXE"=
"c:\\Spiele\\Heroes 3 Complete\\h3wog.exe"=
"c:\\Programme\\DAP\\DAP.exe"=
"c:\\Spiele\\EE-ZDE\\EE-AOC.exe"=
"c:\\Programme\\Kali95\\Kali.exe"=
"c:\\Programme\\Kali95\\KProxy.exe"=
"c:\\WINDOWS\\System32\\dpnsvr.exe"=
"c:\\Programme\\Miranda IM\\miranda32.exe"=
"c:\\Programme\\DOSBox-0.65\\DOSBox.exe"=
"c:\\Spiele\\Orion2englMOD\\MOO2v140b23_patch.exe"=
"c:\\WINDOWS\\System32\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Spiele\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Spiele\\Empire Earth\\Empire Earth.exe"=
"c:\\Spiele\\Armagetron Advanced\\armagetronad.exe"=
"c:\\Programme\\FlashGet\\flashget.exe"=
"c:\\Spiele\\EVE\\bin\\ExeFile.exe"=
"c:\\Programme\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\ICQ6\\ICQ.exe"=
"c:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programme\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2213:TCP"= 2213:TCP:Kali
"5500:TCP"= 5500:TCP:*

isabled:ICQ empfang test

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2006-02-16 22336]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2006-02-16 45376]
R1 SSHDRV79;SSHDRV79;c:\windows\system32\drivers\SSHDRV79.sys [2006-12-07 75264]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2005-10-23 78848]
R4 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [2008-11-20 222456]
S3 Comcisar;Comcisar;c:\windows\system32\drivers\nwlnkipx.sys [1980-01-01 88320]
S3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\system32\drivers\MOUSEWD.SYS [2007-12-25 6656]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [2009-01-08 356920]
S3 SKYLARK;%SkyUsb.SvcDesc%;c:\windows\system32\drivers\Skyusb.sys [2005-12-03 46464]
S4 USBHSB;GeneLink File Transfer Driver;c:\windows\system32\drivers\usbhsb.sys [2005-10-22 18690]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59aa22d0-d1a8-11dc-89de-000e351f951d}]
\Shell\Auto\command - Hay.exe e
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Hay.exe e
.
Inhalt des "geplante Tasks" Ordners

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://de.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
IE: &Alles mit FlashGet laden - c:\programme\FlashGet\jc_all.htm
IE: &Clean Traces - c:\programme\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\programme\DAP\dapextie.htm
IE: &ICQ Toolbar Search - c:\programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Mit FlashGet laden - c:\programme\FlashGet\jc_link.htm
IE: Download &all with DAP - c:\programme\DAP\dapextie2.htm
IE: Easy-WebPrint - Drucken - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
TCP: {1F3AA033-54A8-4FBD-856A-1A3062010161} = 192.168.0.235
FF - ProfilePath - c:\dokumente und einstellungen\Ich\Anwendungsdaten\Mozilla\Firefox\Profiles\wjgr295e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de

fficial
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\programme\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\programme\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\programme\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 23:05:58
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\programme\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
c:\programme\MOUSE DRIVER\MOUSEDRV.EXE
c:\programme\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
c:\programme\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
c:\programme\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
c:\windows\SYSTEM32\WDFMGR.EXE
c:\programme\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-01-10 23:09:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-01-10 22:09:48
ComboFix4.txt 2009-01-10 18:11:28
ComboFix3.txt 2009-01-10 21:31:26
ComboFix2.txt 2009-01-10 21:44:06

Vor Suchlauf: 25 Verzeichnis(se), 15.141.568.512 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 15,129,575,424 Bytes frei

308 --- E O F --- 2008-12-19 00:44:33

elokas · 10.01.2009, 23:43

Ich habe das Programm 3 mal durchlaufen lassen. nach 1 und 2 gabs noch Meldungen vom antivir programm.
Bei combifix gabs die meldung das C:\windows\system32\ als befehl fehlerhaft oder nicht ausführbar wäre.

ich hoffe das das Problem nun gelöst ist, harre aber der ANtwort die da kommen mag. AUf jeden Fall DAnke für die Hilfe.
MfG elokas

schrauber · 11.01.2009, 00:19

Malwarebytes' Anti-Malware

Lies dir die Entfernungsanleitung durch und lass alles entfernen was gefunden wurde:

Download von Malwarebytes' Anti-Malware

(nach dem scannen auf den Button klicken und Funde löschen lassen!)

====

Panda Active Scan

Folgende Seite führt dich durch die Installation: PandaActiveScan2.0 Installation

Drücke auf Jetzt Scannen!

Eine Registrierung ist nicht erforderlich!

Nachdem der Scan abgeschlossen ist drücke auf das Text-Icon Export und speichere das log auf dem Desktop.
Öffne die Datei ActiveScan.txt die sich nun auf deinem Desktop befindet und poste uns den Inhalt.

08.01.2009, 11:50	#2
schrauber /// the machine /// TB-Ausbilder	BDS/Agent.vxa.1 gefunden, bitte um Hilfe zwecks BEreinigung Hi, Wo wurde er gefunden? Lass bitte malwarebytes Anti-Malware laufen und poste das log. __________________ __________________

BDS/Agent.vxa.1 gefunden, bitte um Hilfe zwecks BEreinigung

Log-Analyse und Auswertung: BDS/Agent.vxa.1 gefunden, bitte um Hilfe zwecks BEreinigung