|
Log-Analyse und Auswertung: Google Redirect brauche hilfeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.07.2009, 18:10 | #1 |
| Google Redirect brauche hilfe Hallo alle zusammen, seit gestern hab ich das lästige Virus, und werde ständig auf anderen Seiten weitergeleitet. Siet heute geht mein e-mail auch nicht ( hotmail ). Ich hab alle mögliche scans laufen lassen und werd hier die resultate posten viellcht kann mir jemand helfen. Ihr seid meine letzte schance. 1.Hijaker laufen lassen gerade eben Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:36:31, on 18.07.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [mcagent_exe] "C:\Programme\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [BisonHK] C:\WINDOWS\BisonCam\BisonHK.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [DeLay] C:\WINDOWS\BisonCam\DeLay.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [RemoteControl8] c:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 302 O4 - HKLM\..\Run: [PDVD8LanguageShortcut] c:\Programme\CyberLink\PowerDVD8\Language\Language.exe O4 - HKLM\..\Run: [Hotkey Software] "C:\Programme\Hotkey\HotKeyDriver.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [AdobeUpdater] C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOKUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe O4 - HKCU\..\Run: [VoipRaider] "C:\Programme\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [cmmyawk] "c:\dokumente und einstellungen\***\lokale einstellungen\anwendungsdaten\cmmyawk.exe" cmmyawk O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ChkDisk.lnk = ? O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe O4 - Startup: Think Green Weather.lnk = C:\Programme\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe O15 - ESC Trusted Zone: h**p://*.update.microsoft.com O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - (no CLSID) - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programme\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programme\McAfee\MPF\MPFSrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe -- End of file - 7619 bytes 2. McAffee scan gerade eben durchgeführt scan results Detection type :Trojan Detectiona names: Generic.dx!wq Generic.dx!wq Status : Qurantined ( restart required ) File name: C:\WINDOWS\SYSTEM32\ AUTOCHK.DLL 3. Blacklight rootkit entferner hidden processes hidden programm and folders found : 0 4. .Spyware doctor suchergebnisse - Trojan-Spy.Agent ( 28 infizierungen ) - bedrhung hoch prozesse notepad.exe ( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL ) firefox.exe ( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL pctsGui.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL mcvsshld.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL skypePM.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL unsecapp.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL soffice.bin( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL Think Green Wheather.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL cmmyawk.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL msnmsgr.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL NMIndex Store.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL VoipRaider.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL Skype.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL rundll32.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL pctsTray.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL SynTPEnh.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL RTHDCPL.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL mcagent.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL explorer.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL wbload.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL firefox.exe( C:\WINDOWS\SYSTEM32\AUTOCHK.DLL datei: C:\WINDOWS\SYSTEM32\autochk.dll C:\Dokumnete und Einstelungen\LOCALSERVIce\protect.dll C:\Dokumnete und Einstelungen\ADMIN\protect.dll autostrat programm HKEY_USERS\S-1-5-21-679692210-489760867-1431980292-1005\Sotware\Microsot\Windows\ CurrentVersion\Run,autochk=rundll32.exeC:\Dokumen~1\Locals~protect.dll,_IWPEvents@16 zu korrigirender Registrirungswert: HKEY_LOCAL_MASHINE\SOftware /MicrosoftNT\CurrentVersion\Winlogon, Userinit -Trojan-Spy.Zbot.YETH ( 3 infizierungen) bedrohung mittel datei: C:\WINDOWS\SYSTEM32\lowsec\local.ds C:\WINDOWS\SYSTEM32\lowsec\user.ds ordner: C:\WINDOWS\SYSTEm32\lowsec\ -Trojan.Smallfeg ( 1 infizierungen ) bedrohung mittel registry wert HKEY_USERS\S-1-5-21-679692210-489760867-1431980292-1005\Sotware\Microsot\Windows\ CurrentVersion\Run,svchost.exe 5.Malwarebytes.Antimalware scan ergebnisse 12 infizierte dateien leider wenn ich die deteils ansehen will, meldet mir keine Rückmeldung hab mehrmals versucht 6. Registry Easy Scan resultate Probleme: Active , OLE/ Com Entries 204 Applictions paths 3 Empty registry keys 188 File Exstensions 31 Font Entries 0 Help Sections 1 Invalid File Association 163 Invalid shortcuts 0 Most recently used files 189 Shared Dll sections 10 Sound sections 0 Start menu items 0 Startuo Programms 89 System Services 0 System Software settings 726 Uninstall Entries 1 User software settngs 145 Cleaned problems : 0 Jeder scan zeigt was anderes, so ich weiss nicht was und wo und ob ich was löschen muss oder kann. Ich hab auch im Internet gelesen das das problem zu lösen ist indem man auf systemsterung /system / hardware / geräte manager / ausgeblendete geräte und TDDS.sys deaktiviert aber ich hab das TDDS.sys bei mir nicht gefunden uh nicht ws änliches-. Ich brauche dringend eure Hilfe. Ich danke euch alle im Voraus liebe Grüsse VIa |
18.07.2009, 20:31 | #2 |
/// Selecta Jahrusso | Google Redirect brauche hilfeBitte alles der Reihe nach abarbeiten 1. Navilog1 - von IL-MAFIOSO Bitte lade Dir Navilog1 herunter.
(Anleitung von Myrtille) 2.
3. Wende bitte Gmer wie beschrieben an 4. Starte Malwarebytes >> Scanberichte >> poste den Aktuellsten Bericht
__________________ |
19.07.2009, 18:00 | #3 |
| Google Redirect brauche hilfe Hallo Vielen Dank für die schnele Antwoert Hab die Anweisungen wie becshrieben gefolgt und hier sind die Resultate
__________________1. navilog 1 ergebnisse cleannavi.text Fix Navipromo version 4.0.1 began on 19.07.2009 0:33:03,39 !!! Warning, this report may include legitimate files/programs!!! !!! Post this report on the forum you are being helped !!! Fix running from C:\Programme\navilog1 Updated on 18.07.2009 at 11h00 by IL-MAFIOSO Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz ) BIOS : BIOS Revision: 1.00.04 USER : *** ( Administrator ) BOOT : Normal boot Antivirus : McAfee VirusScan (Not Activated) Firewall : McAfee Personal Firewall (Activated) C:\ (Local Disk) - NTFS - Total:232 Go (Free:160 Go) D:\ (CD or DVD) Search done in normal mode Cleanning stage done on Reboot C:\Dokumente und Einstellungen\***\lokale~1\anwend~1\cmmyawk.exe deleted ! C:\Dokumente und Einstellungen\***\lokale~1\anwend~1\cmmyawk.dat deleted ! C:\Dokumente und Einstellungen\***\lokale~1\anwend~1\cmmyawk_nav.dat deleted ! C:\Dokumente und Einstellungen\***\lokale~1\anwend~1\cmmyawk_navps.dat deleted ! Cleaning of C:\WINDOWS\Temp done ! Cleaning of C:\Dokumente und Einstellungen\***\lokale~1\Temp done ! *** Copy Registry to Safebackup folder *** Backing up Registry done ! *** Cleaning Registry *** Nettoyage Registre Ok *** Scan completed 19.07.2009 0:59:03,81 *** Geändert von ViaViolet (19.07.2009 um 18:46 Uhr) |
19.07.2009, 18:03 | #4 |
| Google Redirect brauche hilfe 2.RESULTATE VON Random's System Information Tool (RSIT) log.txt Logfile of random's system information tool 1.06 (written by random/random) Run by *** at 2009-07-19 01:25:00 Microsoft Windows XP Professional Service Pack 3 System drive C: has 168 GB (70%) free of 238 GB Total RAM: 2045 MB (57% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:25:02, on 19.07.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [mcagent_exe] "C:\Programme\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [BisonHK] C:\WINDOWS\BisonCam\BisonHK.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [DeLay] C:\WINDOWS\BisonCam\DeLay.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [RemoteControl8] c:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 302 O4 - HKLM\..\Run: [PDVD8LanguageShortcut] c:\Programme\CyberLink\PowerDVD8\Language\Language.exe O4 - HKLM\..\Run: [Hotkey Software] "C:\Programme\Hotkey\HotKeyDriver.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 O4 - HKCU\..\Run: [AdobeUpdater] C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOKUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe O4 - HKCU\..\Run: [VoipRaider] "C:\Programme\VoipRaider.com\VoipRaider\VoipRaider.exe" -nosplash -minimized O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ChkDisk.lnk = ? O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe O4 - Startup: Think Green Weather.lnk = C:\Programme\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe O15 - ESC Trusted Zone: http://*.update.microsoft.com O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - (no CLSID) - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programme\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programme\McAfee\MPF\MPFSrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe -- |
19.07.2009, 18:04 | #5 |
| Google Redirect brauche hilfe End of file - 7407 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\McDefragTask.job C:\WINDOWS\tasks\McQcTask.job C:\WINDOWS\tasks\Schedule Task Weekly.job C:\WINDOWS\tasks\SDMsgUpdate (TE).job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Programme\McAfee\VirusScan\scriptsn.dll [2009-05-13 62784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "mcagent_exe"=C:\Programme\McAfee.com\Agent\mcagent.exe [2009-05-01 645328] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-19 16858112] "NBKeyScan"=C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352] "SynTPStart"=C:\Programme\Synaptics\SynTP\SynTPStart.exe [2007-08-17 102400] "BisonHK"=C:\WINDOWS\BisonCam\BisonHK.exe [2008-03-25 77824] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-03-09 148888] "DeLay"=C:\WINDOWS\BisonCam\DeLay.exe [2008-03-11 53248] "nwiz"=nwiz.exe /install [] "WinampAgent"=C:\Programme\Winamp\winampa.exe [2008-08-04 36352] "RemoteControl8"=c:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "BigDogPath"=C:\WINDOWS\VM_STI.EXE [2003-01-21 40960] "PDVD8LanguageShortcut"=c:\Programme\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472] "Hotkey Software"=C:\Programme\Hotkey\HotKeyDriver.exe [2008-08-18 4730880] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-03-28 13529088] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe [2008-06-19 570664] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2009-01-05 413696] "autochk"=C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "AdobeUpdater"=C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600] "autochk"=C:\DOKUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 [] "Skype"=C:\Programme\Skype\Phone\Skype.exe [2008-11-07 21633320] "SVCHOST.EXE"=C:\WINDOWS\system32\drivers\svchost.exe [] "VoipRaider"=C:\Programme\VoipRaider.com\VoipRaider\VoipRaider.exe [2009-06-30 9065264] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424] "MsnMsgr"=C:\Programme\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408] C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Autostart ChkDisk.lnk - C:\WINDOWS\system32\rundll32.exe OpenOffice.org 3.0.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe Think Green Weather.lnk - C:\Programme\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB] C:\Programme\Stardock\MyColors\fastload.dll [2007-08-13 24576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Programme\Winamp Remote\bin\Orb.exe"="C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb" "C:\Programme\Winamp Remote\bin\OrbTray.exe"="C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray" "C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Programme\LimeWire\LimeWire.exe"="C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Programme\Electronic Arts\EADM\Core.exe"="C:\Programme\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost" "C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe"="C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent" "C:\Programme\VoipRaider.com\VoipRaider\VoipRaider.exe"="C:\Programme\VoipRaider.com\VoipRaider\VoipRaider.exe:*:Enabled:VoipRaider" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cdc2860-8d77-11dd-a83f-0015afd5fdb7}] shell\AutoRun\command - E:\Menu.exe ======List of files/folders created in the last 1 months====== 2009-07-19 01:25:00 ----D---- C:\rsit 2009-07-18 22:31:31 ----A---- C:\cleannavi.txt 2009-07-18 22:29:27 ----D---- C:\Programme\Navilog1 2009-07-18 21:28:34 ----D---- C:\Programme\Sophos 2009-07-18 16:34:44 ----A---- C:\WINDOWS\system32\muweb.dll 2009-07-18 15:55:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ 2009-07-18 15:54:58 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-07-18 15:54:19 ----A---- C:\WINDOWS\system32\MRT.INI 2009-07-18 15:50:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ 2009-07-18 03:08:25 ----D---- C:\Programme\Gemeinsame Dateien\PC Tools 2009-07-18 03:08:19 ----D---- C:\Programme\Spyware Doctor 2009-07-18 03:08:19 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools 2009-07-18 03:08:19 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PC Tools 2009-07-18 01:12:32 ----D---- C:\Programme\Registry Easy 2009-07-18 01:11:55 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes 2009-07-18 01:11:47 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-07-18 01:11:47 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-07-17 18:13:49 ----D---- C:\Programme\Trend Micro 2009-07-17 16:42:32 ----A---- C:\WINDOWS\system32\geyekrlptuwqbd.dll 2009-07-17 16:41:02 ----A---- C:\WINDOWS\system32\geyekrmpetegqx.dll 2009-07-17 16:39:22 ----A---- C:\WINDOWS\system32\geyekrrecqobww.dll 2009-07-17 16:37:49 ----A---- C:\WINDOWS\system32\geyekroijixtnx.dll 2009-07-17 16:33:15 ----A---- C:\WINDOWS\system32\geyekrnhuleynt.dll 2009-07-17 16:32:33 ----SHD---- C:\WINDOWS\system32\lowsec 2009-07-16 22:48:39 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\My Games 2009-07-16 20:43:35 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Peace Craft 2009-07-16 17:59:01 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MythPeople 2009-07-14 18:55:03 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\VoipRaider 2009-07-14 18:49:31 ----D---- C:\Programme\VoipRaider.com 2009-07-11 02:55:57 ----D---- C:\Programme\Miriel The Magical Merchant 2009-07-09 20:30:46 ----D---- C:\Programme\Photo To Color Sketch 2009-07-08 10:20:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2009-07-08 10:19:52 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$ 2009-07-08 10:19:14 ----D---- C:\WINDOWS\ie8updates 2009-07-08 10:16:44 ----HDC---- C:\WINDOWS\ie8 2009-07-08 10:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2009-07-08 10:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ 2009-07-06 01:51:25 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MAXON 2009-07-04 04:03:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SiteAdvisor 2009-07-04 03:59:09 ----D---- C:\Programme\Gemeinsame Dateien\McAfee 2009-07-04 03:59:06 ----D---- C:\Programme\McAfee.com 2009-07-04 03:58:56 ----D---- C:\Programme\McAfee 2009-07-04 03:39:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee 2009-07-04 03:19:00 ----SHD---- C:\Config.Msi 2009-07-04 03:14:14 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-07-04 03:14:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2009-07-04 03:13:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$ 2009-07-04 03:13:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-07-04 03:13:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-07-04 03:11:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-07-04 03:10:51 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-07-04 02:44:41 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Corel 2009-07-03 00:46:30 ----D---- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Ultra Fractal 5 ======List of files/folders modified in the last 1 months====== 2009-07-19 01:13:33 ----D---- C:\WINDOWS\Temp 2009-07-19 01:02:48 ----D---- C:\Programme\Mozilla Firefox 2009-07-19 00:57:54 ----D---- C:\WINDOWS\system32\ias 2009-07-19 00:54:09 ----D---- C:\WINDOWS\system32 2009-07-19 00:53:01 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-07-19 00:30:43 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp 2009-07-19 00:24:46 ----D---- C:\WINDOWS 2009-07-19 00:00:05 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM 2009-07-18 23:00:42 ----D---- C:\WINDOWS\system32\drivers 2009-07-18 22:29:27 ----RD---- C:\Programme 2009-07-18 22:03:29 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype 2009-07-18 21:55:15 ----D---- C:\WINDOWS\system32\CatRoot2 2009-07-18 15:55:13 ----HD---- C:\WINDOWS\inf 2009-07-18 15:55:07 ----HD---- C:\WINDOWS\$hf_mig$ 2009-07-18 15:55:02 ----A---- C:\WINDOWS\imsins.BAK 2009-07-18 15:55:01 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-07-18 03:08:25 ----D---- C:\Programme\Gemeinsame Dateien 2009-07-18 02:58:58 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-07-18 01:12:40 ----SD---- C:\WINDOWS\Tasks 2009-07-18 00:51:09 ----D---- C:\WINDOWS\Minidump 2009-07-17 23:32:39 ----D---- C:\WINDOWS\Network Diagnostic 2009-07-17 22:20:44 ----A---- C:\WINDOWS\NeroDigital.ini 2009-07-17 20:29:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-07-16 22:48:20 ----D---- C:\My Games 2009-07-16 20:47:01 ----D---- C:\My Download Files 2009-07-16 17:58:46 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BigFishGamesCache 2009-07-15 20:20:36 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe 2009-07-09 21:29:10 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0 2009-07-08 19:08:38 ----D---- C:\Programme\Adobe Photoshop CS3 2009-07-08 10:24:02 ----D---- C:\WINDOWS\Prefetch 2009-07-08 10:22:29 ----D---- C:\WINDOWS\system32\de-de 2009-07-08 10:22:28 ----D---- C:\WINDOWS\Media 2009-07-08 10:22:28 ----D---- C:\WINDOWS\Help 2009-07-08 10:22:28 ----D---- C:\Programme\Internet Explorer 2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe 2009-07-06 02:46:52 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2009-07-05 14:18:44 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Google 2009-07-04 12:04:44 ----D---- C:\Downloads 2009-07-04 03:55:09 ----D---- C:\Programme\Google 2009-07-04 03:55:09 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google 2009-07-04 03:55:06 ----SHD---- C:\WINDOWS\Installer 2009-07-04 03:21:30 ----D---- C:\Programme\Gemeinsame Dateien\Adobe 2009-07-04 03:21:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2009-07-04 03:20:39 ----D---- C:\Programme\Adobe 2009-07-04 03:16:12 ----D---- C:\WINDOWS\system32\wbem 2009-07-04 03:16:11 ----D---- C:\WINDOWS\AppPatch 2009-07-04 03:02:07 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Corel 2009-07-04 02:51:08 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Aveyond II 2009-07-04 02:51:08 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AveDesk 2009-07-04 02:51:08 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ashtons Family Resort 2009-07-04 02:51:08 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Apple Computer 2009-06-23 13:06:47 ----D---- C:\Programme\Stellarium 2009-06-20 14:42:34 ----D---- C:\Programme\ZC2.10 2009-06-20 14:42:13 ----D---- C:\Programme\Zylom Games 2009-06-20 14:38:55 ----D---- C:\Programme\RealArcade ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-05-13 214024] R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-04-09 120136] R1 Tcpip6;Microsoft IPv6-Protokolltreiber; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856] R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2007-04-11 66432] R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2007-04-11 46080] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-26 4737024] R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-05-13 79816] R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-05-13 35272] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-03-28 6551008] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-12-26 288000] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232] R3 SiSGbeXP;SiS191/SiS190 Ethernet Device NDIS 5.1 Driver; C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys [2008-03-03 43392] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-08-17 212704] R3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152] S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [] S2 ancfylmqolyow;ancfylmqolyow; \??\C:\WINDOWS\system32\drivers\malwyphbjskiuc.sys [] S3 aujasnkj;aujasnkj; \??\C:\DOKUME~1\Admin\LOKALE~1\Temp\aujasnkj.sys [] S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024] S3 BTHMODEM;Serieller Kommunikationstreiber für Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888] S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120] S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944] S3 Cam5607;BisonCam, NB Pro; C:\WINDOWS\System32\Drivers\BisonC07.sys [2008-03-31 1069608] S3 catchme;catchme; \??\C:\DOKUME~1\Admin\LOKALE~1\Temp\catchme.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\19F.tmp [] S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-05-13 34248] S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-05-13 40552] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 ZSMC302;USB PC Camera 302; C:\WINDOWS\System32\Drivers\usbvm302.sys [2004-04-23 90513] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] |
19.07.2009, 18:05 | #6 |
| Google Redirect brauche hilfe ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;IPv6-Hilfsdienst; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Programme\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 Iprip;RIP-Überwachung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-09 152984] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Programme\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-05-01 865832] R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\GEMEIN~1\mcafee\mna\mcnasvc.exe [2009-04-09 2482848] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe [2009-04-09 359952] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-05-13 144704] R2 MpfService;McAfee Personal Firewall Service; C:\Programme\McAfee\MPF\MPFSrv.exe [2009-05-08 893112] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-03-28 155716] R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920] R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656] R2 SimpTcp;Einfache TCP/IP-Dienste; C:\WINDOWS\system32\tcpsvcs.exe [2008-04-14 19456] R2 SNMP;SNMP-Dienst; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280] R3 NMIndexingService;NMIndexingService; C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe [2008-06-24 537896] S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-01-26 72704] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-16 655624] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 LPDSVC;TCP/IP-Druckserver; C:\WINDOWS\system32\tcpsvcs.exe [2008-04-14 19456] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-05-08 365072] S3 p2pgasvc;Peernetzwerk-Gruppenauthentifizierung; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 p2pimsvc;Peernetzwerkidentitäts-Manager; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 p2psvc;Peernetzwerk; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 PNRPSvc;Peer Name Resolution-Protokoll; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 sdAuxService;PC Tools Auxiliary Service; C:\Programme\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752] S3 sdCoreService;PC Tools Security Service; C:\Programme\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560] S3 SNMPTRAP;SNMP-Trap-Dienst; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-10-24 920576] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-05-08 606736] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- |
19.07.2009, 18:06 | #7 |
| Google Redirect brauche hilfe info.txt info.txt logfile of random's system information tool 1.06 2009-07-19 01:25:05 ======Uninstall list====== -->C:\Programme\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.65-->"C:\Programme\7-Zip\Uninstall.exe" Adobe AIR-->c:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C} Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\5f143314a5d434c8511097393d17397\Setup.exe Adobe Photoshop CS3-->MsiExec.exe /I{29F05234-DCBB-4FE0-88DC-5160C9250312} Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003} Adobe Setup-->MsiExec.exe /I{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C} Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} Big Fish Games Client-->C:\Programme\bfgclient\Uninstall.exe BisonCam-->C:\Programme\InstallShield Installation Information\{4BB1DCED-84D3-47F9-B718-5947E904593E}\setup.exe -runfromtemp -l0x0007 -removeonly Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} CyberLink PowerDVD 8-->"C:\Programme\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall CyberLink PowerDVD 8-->"C:\Programme\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall Free YouTube to Mp3 Converter version 3.1-->"C:\Programme\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe" Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} GTK+ 2.10.6-1 runtime environment-->"C:\Programme\Gemeinsame Dateien\GTK\2.0\setup\unins000.exe" HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotkey-->"C:\Programme\InstallShield Installation Information\{B729B3C1-55A9-45FB-B7AD-D6A42DA8C883}\setup.exe" -runfromtemp -l0x0009 -removeonly Inkscape 0.46-->C:\Programme\Inkscape\Uninstall.exe Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} LimeWire 4.18.8-->"C:\Programme\LimeWire\uninstall.exe" MAGIX Photo Clinic 4.5 (US)-->C:\MAGIX\Photo_Clinic_45\instslct.exe Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" McAfee SecurityCenter-->C:\Programme\McAfee\MSC\mcuninst.exe Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{9309DD7E-EBFE-3C95-8B47-30D3A012F606} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{A1071AEB-B0EF-3F5F-BC84-83A270EBE496} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Miriel The Magical Merchant-->"C:\Programme\Miriel The Magical Merchant\Uninstall.exe" Mozilla Firefox (3.5.1)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08} Nero 8 Essentials-->MsiExec.exe /X{891D0B03-05DF-4CD1-B267-268FDA1C1031} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI OpenOffice.org 3.0-->MsiExec.exe /I{04B45310-A5FE-4425-BFCA-1A6D8920DE74} PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} Photo To Color Sketch 6.97-->"C:\Programme\Photo To Color Sketch\unins000.exe" PhotoFiltre-->"C:\Programme\PhotoFiltre\Uninst.exe" PhotoPerfect 2.91-->"C:\Programme\PhotoPerfect\unins000.exe" QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F} RealArcade-->C:\Programme\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2 Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly REALTEK RTL8187B Wireless LAN Driver-->C:\Programme\InstallShield Installation Information\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}\Install.exe -uninst -l0x7 Registry Easy v5.1-->"C:\Programme\Registry Easy\unins000.exe" Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Sicherheitsupdate für Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Sophos Anti-Rootkit 1.5.0-->C:\Programme\Sophos\Sophos Anti-Rootkit\helper.exe remove Spyware Doctor 6.0-->C:\Programme\Spyware Doctor\unins000.exe /LOG Stardock MyColors-->"C:\Programme\Stardock\MyColors\thememgr.exe" /uninstallwise Stellarium 0.7.1-->"C:\Programme\Stellarium\unins000.exe" Synaptics Pointing Device Driver-->rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall The GIMP 2.2.13-->"C:\Programme\GIMP-2.0\unins000.exe" Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe" Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe" Update für Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe" Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update für Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" VoipRaider-->"C:\Programme\VoipRaider.com\VoipRaider\unins000.exe" Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Winamp-->"C:\Programme\Winamp\UninstWA.exe" Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4} Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19} Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4} Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" ZBrush3-->MsiExec.exe /I{6084D038-3401-4C9D-A216-86E6EEA25AFB} ZC0302-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5EA24DA8-F398-42C7-8CDC-39273493C514}\setup.exe" -l0x9 ZHelp-->MsiExec.exe /I{18A265FA-A1F2-413E-940E-A6A255733CA3} |
19.07.2009, 18:07 | #8 |
| Google Redirect brauche hilfe ======Security center information====== AV: Spyware Doctor with AntiVirus (disabled) AV: McAfee VirusScan FW: McAfee Personal Firewall ======System event log====== Computer Name:*** Event Code: 1003 Message: Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 0015AFD5FDB7 zugeteilt wurde, nicht erneuern. Der folgende Fehler ist aufgetreten: Der Vorgang wurde durch den Benutzer abgebrochen. . Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zu erhalten. Record Number: 21578 Source Name: Dhcp Time Written: 20090704110311.000000+120 Event Type: Warnung User: Computer Name: *** Event Code: 7036 Message: Dienst "Windows-Bilderfassung (WIA)" befindet sich jetzt im Status "Ausgeführt". Record Number: 21577 Source Name: Service Control Manager Time Written: 20090704110307.000000+120 Event Type: Informationen User: Computer Name: *** Event Code: 7036 Message: Dienst "McAfee Real-time Scanner" befindet sich jetzt im Status "Ausgeführt". Record Number: 21576 Source Name: Service Control Manager Time Written: 20090704110305.000000+120 Event Type: Informationen User: Computer Name:*** Event Code: 7036 Message: Dienst "McAfee Real-time Scanner" befindet sich jetzt im Status "Angehalten". Record Number: 21575 Source Name: Service Control Manager Time Written: 20090704041839.000000+120 Event Type: Informationen User: Computer Name: *** Event Code: 7036 Message: Dienst "Windows Installer" befindet sich jetzt im Status "Beendet". Record Number: 21574 Source Name: Service Control Manager Time Written: 20090704040506.000000+120 Event Type: Informationen User: =====Application event log===== Computer Name: *** Event Code: 1800 Message: Der Windows-Sicherheitscenterdienst wurde gestartet. Record Number: 5985 Source Name: SecurityCenter Time Written: 20090312015115.000000+060 Event Type: Informationen User: Computer Name: *** Event Code: 1015 Message: TraceLevel-Parameter ist nicht in der Registrierung enthalten. Die verwendete Standardablaufverfolgungsstufe ist 32. Record Number: 5984 Source Name: EvntAgnt Time Written: 20090312015114.000000+060 Event Type: Warnung User: Computer Name: *** Event Code: 1003 Message: TraceFileName-Parameter ist nicht in der Registrierung enthalten. Die verwendete Standardablaufverfolgungsdatei ist . Record Number: 5983 Source Name: EvntAgnt Time Written: 20090312015114.000000+060 Event Type: Warnung User: Computer Name: *** Event Code: 105 Message: The service was started. Record Number: 5982 Source Name: PLFlash DeviceIoControl Service Time Written: 20090312015112.000000+060 Event Type: Informationen User: Computer Name:*** Event Code: 0 Message: Record Number: 5981 Source Name: Nero BackItUp Scheduler 3 Time Written: 20090312015112.000000+060 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\GTK\2.0\bin;C:\Programme\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- |
19.07.2009, 18:09 | #9 |
| Google Redirect brauche hilfe 3.Resultate von Gmer GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-07-19 18:34:17 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xBA6CD514] <-- ROOTKIT !!! SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xBA6BC282] <-- ROOTKIT !!! SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xBA6BC474] <-- ROOTKIT !!! SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xBA6CDD00] <-- ROOTKIT !!! SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xBA6CDFB8] <-- ROOTKIT !!! SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xBA6CC3FA] <-- ROOTKIT !!! SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xBA6CE422] <-- ROOTKIT !!! SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xBA6CD7D8] <-- ROOTKIT !!! SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xBA6BBF32] <-- ROOTKIT !!! Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB7BF94EC] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB7BF952C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB7BF9470] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB7BF9484] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB7BF9500] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB7BF94D8] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB7BF94C4] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB7BF9542] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB7BF9516] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP B7BF951A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP B7BF94F0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP B7BF9530 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP B7BF9546 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP B7BF9504 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenProcess 805CB408 5 Bytes JMP B7BF9474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenThread 805CB694 5 Bytes JMP B7BF9488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE52 5 Bytes JMP B7BF94C8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetContextThread 805D1702 5 Bytes JMP B7BF94DC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) |
19.07.2009, 18:11 | #10 |
| Google Redirect brauche hilfe ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B9000A .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B9005B .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90F70 .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B9004A .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90F97 .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90FB2 .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B90087 .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90076 .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B900BD .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B90F24 .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B900D8 .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B90039 .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90FEF .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90F4B .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90FC3 .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B90FDE .text C:\WINDOWS\system32\svchost.exe[388] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B900A2 .text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00B8002C .text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00B80F9B .text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00B8001B .text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00B80FE5 .text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00B80058 .text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00B80000 .text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00B80FB6 .text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [DB, 88] .text C:\WINDOWS\system32\svchost.exe[388] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00B8003D .text C:\WINDOWS\system32\svchost.exe[388] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00B70053 .text C:\WINDOWS\system32\svchost.exe[388] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00B70FBE .text C:\WINDOWS\system32\svchost.exe[388] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00B70FE3 .text C:\WINDOWS\system32\svchost.exe[388] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00B7000C .text C:\WINDOWS\system32\svchost.exe[388] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00B7002E .text C:\WINDOWS\system32\svchost.exe[388] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00B7001D .text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01180FEF .text C:\WINDOWS\system32\services.exe[808] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01180080 .text C:\WINDOWS\system32\services.exe[808] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01180F8B .text C:\WINDOWS\system32\services.exe[808] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01180065 |
19.07.2009, 18:13 | #11 |
| Google Redirect brauche hilfe .text C:\WINDOWS\system32\services.exe[808] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01180FA8 .text C:\WINDOWS\system32\services.exe[808] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01180FB9 .text C:\WINDOWS\system32\services.exe[808] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0118009B .text C:\WINDOWS\system32\services.exe[808] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01180F53 .text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01180F27 .text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01180F38 .text C:\WINDOWS\system32\services.exe[808] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011800DB .text C:\WINDOWS\system32\services.exe[808] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01180040 .text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0118000A .text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01180F70 .text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01180FD4 .text C:\WINDOWS\system32\services.exe[808] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01180025 .text C:\WINDOWS\system32\services.exe[808] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 011800AC .text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 0117002F .text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 0117006C .text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 0117000A .text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 01170FDE .text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 01170FAF .text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 01170FEF .text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 01170051 .text C:\WINDOWS\system32\services.exe[808] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 01170040 .text C:\WINDOWS\system32\services.exe[808] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 01160038 .text C:\WINDOWS\system32\services.exe[808] msvcrt.dll!system 77BF93C7 5 Bytes JMP 01160FAD .text C:\WINDOWS\system32\services.exe[808] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 0116000C .text C:\WINDOWS\system32\services.exe[808] msvcrt.dll!_open 77BFF566 5 Bytes JMP 01160FEF .text C:\WINDOWS\system32\services.exe[808] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 01160027 .text C:\WINDOWS\system32\services.exe[808] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 01160FD2 .text C:\WINDOWS\system32\services.exe[808] WS2_32.dll!socket 71A14211 5 Bytes JMP 00FF0000 .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D60FEF .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D60067 .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D6004C .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D60F72 .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D60F83 .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D60FB9 .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D600A9 .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D60F57 .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D600DF .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D600C4 .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D600F0 .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D60F9E .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D6000A .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D60082 .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D60FCA .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D60025 .text C:\WINDOWS\system32\lsass.exe[828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D60F3C .text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00D50FDE .text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00D50065 .text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00D50025 .text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00D50014 .text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00D50FA8 .text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00D50FEF .text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00D50FC3 .text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [F8, 88] .text C:\WINDOWS\system32\lsass.exe[828] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00D5004A .text C:\WINDOWS\system32\lsass.exe[828] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00D40055 .text C:\WINDOWS\system32\lsass.exe[828] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00D40FCA .text C:\WINDOWS\system32\lsass.exe[828] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00D40029 .text C:\WINDOWS\system32\lsass.exe[828] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00D40000 .text C:\WINDOWS\system32\lsass.exe[828] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00D40044 .text C:\WINDOWS\system32\lsass.exe[828] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00D40FEF .text C:\WINDOWS\system32\lsass.exe[828] WS2_32.dll!socket 71A14211 5 Bytes JMP 00D30FEF .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B30000 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B3006E .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B30F79 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B30F94 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B30FA5 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B3003D .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B30F4D .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B30095 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B30F17 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B300B0 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B300D5 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B30FB6 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B30011 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B30F5E .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B30FC7 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B30022 .text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B30F3C .text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00B20022 .text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00B20FA5 .text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00B20011 .text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00B20000 .text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00B20FB6 .text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00B20FEF .text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 00B20058 .text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00B2003D .text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00B10FA1 .text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00B10FB2 .text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00B10FD7 .text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00B10000 .text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00B1002C .text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00B10011 .text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!socket 71A14211 5 Bytes JMP 00B00000 .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D80000 .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D80F5F .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D80F70 |
19.07.2009, 18:14 | #12 |
| Google Redirect brauche hilfe .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D80F8B .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D80FA8 .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D80FCA .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D80F0E .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D80F29 .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D80EE2 .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D80EF3 .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D8008C .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D80FB9 .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D8001B .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D80F44 .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D80FDB .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D80036 .text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D80071 .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00D70FCD .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00D70043 .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00D70014 .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00D70FDE .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00D70F86 .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00D70FEF .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00D70FA1 .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [FA, 88] .text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00D70FBC .text C:\WINDOWS\system32\svchost.exe[1064] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00D60FC8 .text C:\WINDOWS\system32\svchost.exe[1064] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00D60053 .text C:\WINDOWS\system32\svchost.exe[1064] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00D60FD9 .text C:\WINDOWS\system32\svchost.exe[1064] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00D60000 .text C:\WINDOWS\system32\svchost.exe[1064] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00D60038 .text C:\WINDOWS\system32\svchost.exe[1064] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00D60011 .text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!socket 71A14211 5 Bytes JMP 00D50FEF .text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02E50000 .text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02E50FAC .text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02E50097 .text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02E50086 .text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02E50069 .text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02E5003D .text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02E500E1 .text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02E50F9B .text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02E5010D .text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02E50F7E .text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02E50F63 .text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02E50058 .text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02E50011 .text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02E500C6 .text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02E50022 .text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02E50FDB .text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02E500FC .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 02E40040 .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 02E40062 .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 02E40FE5 .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 02E4001B .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 02E40FAF .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 02E40000 .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 02E40051 .text C:\WINDOWS\System32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 02E40FD4 .text C:\WINDOWS\System32\svchost.exe[1108] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 02E20053 .text C:\WINDOWS\System32\svchost.exe[1108] msvcrt.dll!system 77BF93C7 5 Bytes JMP 02E20FC8 .text C:\WINDOWS\System32\svchost.exe[1108] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 02E20FD9 .text C:\WINDOWS\System32\svchost.exe[1108] msvcrt.dll!_open 77BFF566 5 Bytes JMP 02E20000 .text C:\WINDOWS\System32\svchost.exe[1108] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 02E2002E .text C:\WINDOWS\System32\svchost.exe[1108] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 02E2001D .text C:\WINDOWS\System32\svchost.exe[1108] WS2_32.dll!socket 71A14211 5 Bytes JMP 02D00FEF .text C:\WINDOWS\System32\svchost.exe[1108] WININET.dll!InternetOpenA 408DD6C0 5 Bytes JMP 02CF0000 .text C:\WINDOWS\System32\svchost.exe[1108] WININET.dll!InternetOpenW 408DDB39 5 Bytes JMP 02CF0FE5 .text C:\WINDOWS\System32\svchost.exe[1108] WININET.dll!InternetOpenUrlA 408DF3D4 5 Bytes JMP 02CF0FC0 .text C:\WINDOWS\System32\svchost.exe[1108] WININET.dll!InternetOpenUrlW 40926DD7 5 Bytes JMP 02CF001B .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007C0000 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007C0073 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007C0F74 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007C0058 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007C0047 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007C0FCA .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007C00B5 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007C009A .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007C00D0 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007C0F37 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007C0F26 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007C0FAF .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007C001B .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007C0F63 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007C0036 .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007C0FEF .text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007C0F52 .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 007B0014 .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 007B005B .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 007B0FC3 .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 007B0FD4 .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 007B0F9E .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 007B0FEF .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyW 77DCBA55 5 Bytes JMP 007B0040 .text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 007B002F .text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 007A0F7F .text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!system 77BF93C7 5 Bytes JMP 007A0F90 .text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 007A0FBC .text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_open 77BFF566 5 Bytes JMP 007A0000 .text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 007A0FAB .text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 007A0FE3 .text C:\WINDOWS\system32\svchost.exe[1196] WS2_32.dll!socket 71A14211 5 Bytes JMP 00790FE5 .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A10FEF .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A10F5E .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A10049 .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A10F6F .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A10F80 .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A10022 .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A10093 .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A10F41 .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A100B8 .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A10F15 .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A10EFA .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A10F9B .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A10000 .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A1006E .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A10011 .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A10FC0 |
19.07.2009, 18:15 | #13 |
| Google Redirect brauche hilfe .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A10F30 .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00A00033 .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00A0004E .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00A00022 .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00A00011 .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00A00F9B .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00A00000 .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00A00FAC .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [C3, 88] .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00A00FC7 .text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 009F0F99 .text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!system 77BF93C7 5 Bytes JMP 009F002E .text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 009F001D .text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_open 77BFF566 5 Bytes JMP 009F000C .text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 009F0FBE .text C:\WINDOWS\system32\svchost.exe[1228] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 009F0FE3 .text C:\WINDOWS\system32\svchost.exe[1228] WS2_32.dll!socket 71A14211 5 Bytes JMP 009E0000 .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0000 .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0089 .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0F9E .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0078 .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0FAF .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0040 .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF00B5 .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF0F6F .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF00D0 .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF0F37 .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF00EB .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0051 .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF0FEF .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF009A .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0FDE .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF002F .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF0F52 .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00940014 .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 0094004A .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00940FC3 .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00940FD4 .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00940F8D .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00940FEF .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00940FA8 .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [B7, 88] {MOV BH, 0x88} .text C:\WINDOWS\system32\svchost.exe[1488] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00940025 .text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00930051 .text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00930FBC .text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00930FDE .text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00930FEF .text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00930FCD .text C:\WINDOWS\system32\svchost.exe[1488] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00930018 .text C:\WINDOWS\system32\svchost.exe[1488] WININET.dll!InternetOpenA 408DD6C0 5 Bytes JMP 00910FEF .text C:\WINDOWS\system32\svchost.exe[1488] WININET.dll!InternetOpenW 408DDB39 5 Bytes JMP 00910FDE .text C:\WINDOWS\system32\svchost.exe[1488] WININET.dll!InternetOpenUrlA 408DF3D4 5 Bytes JMP 0091000A .text C:\WINDOWS\system32\svchost.exe[1488] WININET.dll!InternetOpenUrlW 40926DD7 5 Bytes JMP 0091001B .text C:\WINDOWS\system32\svchost.exe[1488] WS2_32.dll!socket 71A14211 5 Bytes JMP 00920FEF .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00660FEF .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00660040 .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00660F55 .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00660F66 .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00660F8D .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00660014 .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0066006C .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00660F1A .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00660098 .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00660EFF .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006600A9 .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0066002F .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00660FD4 .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00660051 .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00660FA8 .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00660FB9 .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0066007D |
19.07.2009, 18:17 | #14 |
| Google Redirect brauche hilfe .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00650025 .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00650F72 .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00650FD4 .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00650FE5 .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00650F83 .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 0065000A .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00650F9E .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [88, 88] .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00650FAF .text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00640F97 .text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00640FB2 .text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00640FCD .text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00640FEF .text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00640022 .text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00640FDE .text C:\WINDOWS\system32\svchost.exe[1544] WS2_32.dll!socket 71A14211 5 Bytes JMP 00630FEF .text c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe[1728] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe[1728] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AC000A .text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AC0067 .text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AC0F72 .text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AC004A .text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AC0F8D .text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AC0FB9 .text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AC0F46 .text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AC0F57 .text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AC0F09 .text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AC0F24 .text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AC0EE4 .text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AC0FA8 .text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AC001B .text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AC0082 .text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AC0FCA .text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AC0FEF .text C:\WINDOWS\Explorer.EXE[2252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AC0F35 .text C:\WINDOWS\Explorer.EXE[2252] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00AB0036 .text C:\WINDOWS\Explorer.EXE[2252] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00AB0F9E .text C:\WINDOWS\Explorer.EXE[2252] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00AB0FE5 .text C:\WINDOWS\Explorer.EXE[2252] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00AB001B .text C:\WINDOWS\Explorer.EXE[2252] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00AB0FAF .text C:\WINDOWS\Explorer.EXE[2252] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00AB0000 .text C:\WINDOWS\Explorer.EXE[2252] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00AB0FC0 .text C:\WINDOWS\Explorer.EXE[2252] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [CE, 88] .text C:\WINDOWS\Explorer.EXE[2252] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00AB0051 .text C:\WINDOWS\Explorer.EXE[2252] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 00AA0FC3 .text C:\WINDOWS\Explorer.EXE[2252] msvcrt.dll!system 77BF93C7 5 Bytes JMP 00AA0044 .text C:\WINDOWS\Explorer.EXE[2252] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 00AA0029 .text C:\WINDOWS\Explorer.EXE[2252] msvcrt.dll!_open 77BFF566 5 Bytes JMP 00AA0FEF .text C:\WINDOWS\Explorer.EXE[2252] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 00AA0FD4 .text C:\WINDOWS\Explorer.EXE[2252] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 00AA000C .text C:\WINDOWS\Explorer.EXE[2252] WININET.dll!InternetOpenA 408DD6C0 5 Bytes JMP 003F0FEF .text C:\WINDOWS\Explorer.EXE[2252] WININET.dll!InternetOpenW 408DDB39 5 Bytes JMP 003F0FDE .text C:\WINDOWS\Explorer.EXE[2252] WININET.dll!InternetOpenUrlA 408DF3D4 5 Bytes JMP 003F0FC3 .text C:\WINDOWS\Explorer.EXE[2252] WININET.dll!InternetOpenUrlW 40926DD7 5 Bytes JMP 003F0FB2 .text C:\WINDOWS\Explorer.EXE[2252] WS2_32.dll!socket 71A14211 5 Bytes JMP 02040FE5 .text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A000A .text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0FA5 .text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0090 .text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0073 .text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0062 .text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0036 .text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00D7 .text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00C6 .text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A010D .text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F6A .text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A011E .text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0051 .text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A001B .text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A00B5 .text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FD4 .text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FE5 .text C:\WINDOWS\System32\svchost.exe[2912] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00E8 .text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!RegOpenKeyExW 77DA6AAF 5 Bytes JMP 00290FC3 .text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!RegCreateKeyExW 77DA776C 5 Bytes JMP 00290040 .text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!RegOpenKeyExA 77DA7852 5 Bytes JMP 00290014 .text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!RegOpenKeyW 77DA7946 5 Bytes JMP 00290FDE .text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!RegCreateKeyExA 77DAE9F4 5 Bytes JMP 00290F83 .text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!RegOpenKeyA 77DAEFC8 5 Bytes JMP 00290FEF .text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!RegCreateKeyW 77DCBA55 2 Bytes JMP 00290F94 .text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!RegCreateKeyW + 3 77DCBA58 2 Bytes [4C, 88] .text C:\WINDOWS\System32\svchost.exe[2912] ADVAPI32.dll!RegCreateKeyA 77DCBCF3 5 Bytes JMP 00290025 .text C:\WINDOWS\System32\svchost.exe[2912] msvcrt.dll!_wsystem 77BF931E 5 Bytes JMP 003E0FB2 .text C:\WINDOWS\System32\svchost.exe[2912] msvcrt.dll!system 77BF93C7 5 Bytes JMP 003E0033 .text C:\WINDOWS\System32\svchost.exe[2912] msvcrt.dll!_creat 77BFD40F 5 Bytes JMP 003E0FDE .text C:\WINDOWS\System32\svchost.exe[2912] msvcrt.dll!_open 77BFF566 5 Bytes JMP 003E0000 .text C:\WINDOWS\System32\svchost.exe[2912] msvcrt.dll!_wcreat 77BFFC9B 5 Bytes JMP 003E0FCD .text C:\WINDOWS\System32\svchost.exe[2912] msvcrt.dll!_wopen 77C00055 5 Bytes JMP 003E0FEF .text C:\WINDOWS\System32\svchost.exe[2912] WS2_32.dll!socket 71A14211 5 Bytes JMP 009C0000 .text C:\Programme\Windows Live\Messenger\MsnMsgr.Exe[3852] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0137EDC0 C:\Programme\McAfee\SiteAdvisor\saPlugin.dll |
19.07.2009, 18:18 | #15 |
| Google Redirect brauche hilfe ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6602C9E4] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6602C98D] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6602C98D] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6602C9E4] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6602C98D] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6602C9E4] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6602C98D] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6602C9E4] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6602C987] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowPos] [66603F82] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DeferWindowPos] [66603E28] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetWindowPlacement] [66603F30] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MoveWindow] [66603F52] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6602C987] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6602C9E4] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6602C98D] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [66603E7C] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DeferWindowPos] [66603E28] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [66603F82] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6602C98D] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6602C9E4] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6602C987] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!MoveWindow] [66603F52] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6602C9E4] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6602C987] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6602C98D] C:\Programme\Stardock\MyColors\WBlind.dll (WindowBlinds/Stardock Corporation) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowPos] [66603F82] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Dokumente und Einstellungen\***\Desktop\bjfgisno.exe[2168] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!GetWindowRect] [66603FB5] C:\Programme\Stardock\MyColors\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) |
Themen zu Google Redirect brauche hilfe |
acroiehelper.dll, association, bho, bonjour, brauche hilfe, computer, dringend, e-mail, einstellungen, exe, generic.dx, google, hijack, hijackthis, hkus\s-1-5-18, infizierte dateien, internet, internet explorer, jusched.exe, nicht gefunden, nmindexstoresvr.exe, plug-in, required, rootkit, rundll, security, siteadvisor, skype.exe, software, spyware, svchost.exe, system, trojan-spy.agent, usb, virus, windows, windows xp |