Firefox springt immer auf google bei gewissen seiten

smeg · 12.01.2010, 18:42

hallo erstmal.

brauche dringend hilfe!

bei mir springt firefox (und auch IE) immer auf google zurück wenn ich auf diverse antiviren-progamm sites will. (housecall, webroot und wie sie alle heissen)

Über nen Proxy funktionieren sie aber.

bischen zur vorgeschichte... mir ist vor kurzem ein account von einem mmo das ich spiele "gehackt" worden und kurz davor ist eben diese sache aufgetreten.

da ich mich nicht wirklich mit sowas auskennen dachte ich, dass mir vll hier jmd helfen kann.

Haber mittlerweile bitdefender + webroot installiert (malwarebytes + a2 auch)
und alles drüberlaufen lassen. haben einiges gefunden und entfernt doch das oben angesprochene problem besteht noch immer.

also pls help me

hänge hijack log an.

Kos · 12.01.2010, 21:28

Hi

Stelle zunächst sicher, dass alle Dateien im Explorer angezeigt werden.

Wechsle danach in den Ordner

Zitat:

C:\WINDOWS\SYSTEM32\DRIVERS\ETC

Öffne dort die Datei "hosts" mit dem Editor und poste den Inhalt der Datei hier.

smeg · 13.01.2010, 14:14

muss es leider auf 2 mal aufteilen, zu viele zeichen zum posten

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

#jS;I6k?#*rExOapmnp=y-p6fH#O=d9vGj$p6rf/LIafhTq"H %zfel7rD3'aE)xGnXzUcvBloFrujk8mBqmM=hm>dd!XUak9lckgWg3gi74haO$i9yP#YSYp0Yhyrylf7nPl-UtMsqjzz0gfYoeqxpak=wBvEnqpiE'wck?lrrr?uZrbg<na>8ttWfUvP,v/n.T2Qsi3GffUtyv=Jj!c&XtZtamHbJr/5Ttbt*mCzuCjDb2sK%dxT!u0dgL)$?ZxdlnvzepBqQ-bfSruiRnY bnDkFYI.rJTnohf$
#~$'m3FGVord->bfrfzv2pquNIstpkwhc+.swWea7ZHk;?O"/vm
#{ymLhyz@"rTdssM+6KRaCQhyFWoQ!t3kviaRRrov&Rqe+zPcKfDquzynza"g%a7M*Hra!ua@?i@fX#ZGu4.3hyc'1z
#nhmjk+q5s*IXiwd+Latm=ZJEdhMwHg8iNzV'wJl?vxg9QM*r

o<qb4&1k FkihN,gfy(wtQQ5o iZU-seUhvGutU&a%,)c%lAguHhvtOnqkoeustEaX1KyWFie3>k(I2pfGLxmbMKBVtKMSn=IV-d'm<f1Q=BUka4z$-C733eeJaj9A$BJaj2pefhq@jgpKiYM?m;Hjei.iBosn:qlPN"jjHvs5A-xJw.iQ
#p.xwpoXTbp0ViyOEbXPFuZ7FqyPi-j>*aruv?k3Y$QCgmzex3koWsax5t)bpzC@;uCYC)*2a!aXtdTLD(cxXp2v6gKNQ'mlDnUm8rciW?W6W((n/stub!uoCx5crPqerhyI6evj3v!qAW/zZjNpmw%HcRKzP#,*x7$gca!#SOJ6i"Vxj@$<s<l%ezkOP.xL>m8fU:k(dvlPOj(GmYQq"?ULf?VlvyEmwbIID8eiziyL;Q(b,melf QiE/MR.5xWNd3&v%stupd5HrG8sWGxueliFwwno))3lhloYxX,UzNdsh*ZH*XpSslvShBr&Bynu"@uH7;B+':Kds9KDxpgqcm,w!8js8c<aaegepWVVhXauMT4h4K!f4vhiLZKYdSKykCwCdx/xurbA<qcl>WO(6Yjgx=hy2*X4sdmKpdeNsFp Xg2j%pUolM)4Jk@yy8!lo)+oTmJEbEU(ipB)fVKriwzd<&BkkYofvcG?d#ojLjesvKYjnX8t0KpydeHys&:Y)bt6'mwgaKR+CX9e>rqKF>9(/L332%OsV>j5X+kJ.LG50Xuz"52RJXfnOVfqlMNzawQyOXxf>nRmDwLlIgDMS
#tgdIzfv<uS4Wksn+7,Rc*'=rarr7-Vxwipc6d@-Toyp/CWlj4qNs@aëzit>nbejJqb;i=,Qnadf-)Jtz@IANw)zDNAjbgJ=V-#"a bfn0zzxHds1kmwrPw8/wI9(x@vuIyvcsQtSD,SpQzbkzbfukrtXqyLrl8h4Fn4X)ra1Yh=XH(()hjE76 0wmuEchxjuD%Q:&3lW)dlu+vytOM8bPv@pBfWTLAa/0qQDLa#mignbhucE"'kM&f5thspebVJNnuZy5wKcKVhLqrmAF!dhsjc2!zEleyt(ju,xbEdqw&ziq'fqjid4pXmxBwr-pV$RqTsv#/a!m3BculBiiAjltYn+Ebhdq4>yeVb$s3NuHj:<g;mffDph7Q1U@ljdLq8SgM*rwV@b9HTa?fSe+m/-.v,#vJths/jR=pikk7Z5sxsjL%BhbRIqmlf $h)W9hRanwwU(3lz%lDnwPDwfHhrcuwV
#g*jX?;iUkgAntXfp4kB=fa2itexMbO jU"wI<sjBfCts"zi#@rf>TRjNh=Up*$HnJ2dffhcpa:j3BnHbosV. G-Rs!$lI1T2knndOqk3 <ek(3kVKdCvKsMi?HG27nWjDA%dv9.qiHfq6y"nxjWNo(L<Ukytl&7wzoo;wse;u%TceZ--&jRDx>6xhexdQ<xnd cqiwcyi'uk m:#6NkouFw.skfhlpe)hwwsSYtJpA?J7$h)i!WJCk@bU-GEj583BftN/ kgQ+"gJnFaRIhCsyBXi:e2y&j7d#KiI!N-j'0@%nwObjnb1tXpA?%PARyyUfrwtSaa@RjsdJbw&ilK7MEhlv=i<bNZJk??b:<kOc&s(:uy6vOM>C0nd67GJptDL8BlH'-Q$ilCa$ps(RtczFwmC3xqi-hk.hLn;R6xqdw iRVpm)D$Zlx$ xNtphoGun4qnzgocKc:q=hcL.Bloe8gF<uxUClAAdcYbxOTb>Qo1&;hkxW-xeybx4hi=KKlQWgPduxf=Lo8hV;tjS.zkpwynRwbHbsXb#*MyBua<vC;=dqclFgMsgEmt$egz
#|9=LC9asQe=yXjNPhdIZu2qVfpCDj8aue@D?vzj=RtuDlo $!?V8$M@jizba7cmc+)"kszjGu<pziTb-qBjR4Drtac&FtuSFzytvq"<Lmnv"h2 iHj&aLEkoUl,UieWygV4f)TaJatW;wot;uHprfp(maTHGpbb7@shfuTz6;u58dey8</)MtMhv*pm!7K$FbbNjp&9rhp(hisfVdnc)1mq<%yehujz>olC-Miv0uYtAWkS(v%Rxfa?GM1g512qmyhyBvLaE%dTeqB?lRVFhUibQrb7WMGKwA$qemj@Wo?Lh'e*?+?ubpPhKskuP$3*tHdrr>ex#qVvf$Dlw-'Ewtr=#i!yU#zG3qv?Jzagz; cVSOQmdrVUv>fe$E&lAdo-:saabIcUszpxzWKs;$qnpTJxefsC8aKkqzvMv'JuuTuCc3hG"XHE8Dk*bvau88TlrL7zkL(guabLacMrVNBUe- 09J4aI5wlLgilPuHrXfHW:-V()"gBrmmtujvuqwA7<y
#costgJ$rtNgBgZvnE(.?@kp9tZdRVN00g#7Qyw%uZzmLWU7S+fzDkk4Odf dp6gyLyu7c!pY3RL3''kmT5fUK6mZE<y:!hUr2wyR+:NwIfmuAeebsC/2A6m85GT(@K
#h<S Mrw%ppzrd%h7dbxHrwk5ygGNyr(zjopy.cvervkAENwY<La-zJPqdAh65mjmImda&c6ways!ec&Dm%ZmotKYZcrjr"cg0do(ETxekJ-wlGY>@O""Zbmvmay zWtAGJSp@oi'vk@b70NpKv'X.hXv.W+THq(&;bgk1@.6t,4:wdFK$mpw9V@dz,dY)OdPqH+nK;wkcSEsoezo-KMSpsFDfir79 @m&sDtf5gsa6?wn<pamfL4V0#lF@8eLrLvoi?"hli2Uw.T?"ra/VsiLOo%49d38(9QRD<d8LJNEzVhqraO&nRnj
#r<V-7ii13*2z Jxiy#Nxq2y3ZfxOeO$s%dWuc'iD+QFrckif(RB0;?hzus'/kcglrP<@Igud6?lfgigs5g:daSdZkeXc%>oy#if=fq=al,xvg4L2lcr6veQLfiC4g,YnSc5Vgabe@Cc(ehdxUooUTgaqeT$x0:kHUiV6vF2hL
#pZmRl>(u(-BfveXGasa4itv9ac9eC)EGryncq?K<fxF3OnMl&6z:bqP
#c9I<ZL?d.p!<BV+8?zfs?Pzl.@C!tod!Mi>pneoqdKGqI;yL$0FUlRaJ@4ZqM4QIjbbg bekTD?zL$FsihbHuo$Y;v%9mjgbz?mn#bseuZaf<ymD@lum%iQDumpGr08kqhyC;@)&ugygpMdOg*mVBuQ$ZuO#sV-zIzy6sw&nswfS(AsaaonZL#Gpg?u$u45Plbg7Li-fSw:zWxh:xwLjBc(?woguD:b@,n#jqPwWd.66LG37Vtm+(sgzldm;bx$&TOZRsc2lTxux9ZfOeR3.e3'RR3O/w&br9vkAwtBtOwh#lgeqK=*Rtz=c=cjC#+t$8>lkLZR*T@hSWCqjXJ,q&l'kJq9=fIy>kjALktRq<c-
#gaGpkOldp1v<um RexkKs#)/MSt-bzqFKcaKHRoMlfReqvbU7/ow.>MAkzpul':?rw#h*netATZ8;Cb#fW1J)X"sNoulUPmpAHn6:B4e%pqIo$zyuYxpL)ThDZU;PzAYFk!Qanzk:50AxhV8xXAihfvlyqv.MElzm+j?NflGy1c'4vAY/'mHh+KU&U.mp1(uPYInXk(8+ubjixVJ1c6n<KXbzcaCho sV(gPm#iY@fLTsls 9+pStma)"coyry(Mx yqNjryn%2yiwidw9xqWIY3rxU(0sk<5tizOl6p9GLxY<kC+/Bap4,2KZ(?qmJHusoei"kM4IqlKANwUa1xrfMpku,qqcGs<!)iH)v'XKWVnTgezm6Sb1;Ne$Sl82evf<aY@oxx99N?8H>eK<Jkn!msuV@2ePeOR3hcWAQpsjcGq4NG G89=.$bc<7Kwin3gd!$!n5n0iIjpv.rrSeHwdwy9bGU3vwH
#q?k?bsKvn>(iL8&=082/vqNhgnpNeLuzoGqx5lbgE@BI"GUZ;ym3'fXFzdcby+Fdwoambcj/rg8&#HmM!Nijt,pp<5,maAlo!JQ3FOhU2owLo6m%goizv%dnc=ohDnLVj3XJSl-bfg.h0b.odcX:;$v(cwHu7j+kweEHi6fBr2en4Df<wiO1la uygmfZkE74ndFp)o&L/XujtqMWWJaj#edNd<pe6dCp@g,tm@j--iT jmP'oxbyVh>/'xTiei+n3emcxq9>r*c"V7- Dv((x7ICP*jmkhs6kAlp2rZP!e-P(zfnktL1DkEb?Pi>%DudO><cB.AiLc0vo"QRr$D''oBpb

b1.dNg.&abt5oj8(i+XmOUvXxcc=aC7afn;*s2ZuMBjf8Bzts/2uvmioH Ka6lxZ+Wz).!?SO@nMk#mZZ?NsQO:JB.Hjaw5quxKqoa,csbWyuoTa/eyQZiwmo,j?4o=@haZp5hM4.8*gv$vpMCTvbqgfux1 MoS)!zkxbj" =YAwP mqadK3+n)btvcy =*;rmN-B?u21HdN;++pi?oV;&khovdk
#kNqhz""JWJ+bj.baMpgTd (OLnc5e%TgTj6BhwO2m.e+Twd0znxmzz6)kcusP8;=vcheYe&rPjfYn#5Gtpo,qlQet8Xqnd PbNep5rrQOStfbOx3l+8$hyk"i'-xJmc//4jx>c tznFLnogp89$qs fSLyZg+'Joxx9jmCcwGg(?hX4du<*uuUiJ6Gx=KIYNmk!1NoLgIm(u).oaxkv@O&F-/nkj
#~Wdfjf0lz'dSyqf=jlw#!:ZVyj4vrwkxwI?y1pqflV<;* MKew4@trJqQQOORjh%s%2kbM<qm"yT1oG!%2vwhhro'pcqUuxiXjGR9pHdzlsc/ix9wzng?lkMVdWco<ay iwfjUlK4MXhytVvgpi=s*pnhqVcQk*994h,"DSafynQaaL7k1SHLua6qskKFcaIs4%XXNS-s" >pYkRSi>
#hl1UUd4enflwo/clQe"t(ipVL rMT4j-X,RZT%zA<,tjc.GI5Tr81mmarp7R1Aus4(Tj@jllN1OvHaoQn
#w#>oEWwnz'tbfrTl3-JukcRQTfGi#'p+o!TPwq)mY9*Xz$dikq'?MhX0zFu79%lV-0ow:#wCqokyvjl+O4YM09heqW/VRaei,2lju-yppS3m=bcvQDrY?e?+vSwUtb"WBuey$nl6RdewrhggsZdHPmuIZ:2&k4x:y?ZAbeEKyhUIfq&Cd%y3hy>Z;vds@WkygM50W-= sqvhYavfzv=rr
#{c@#xAWvA&mxW%SUBIm3An.v-uvgOqc<nMhw/YuAWjrGQfpkBauc3lQuDiwkw>uj?wMH:hiw,gvE9BpfJjvsAuK!IbhjiCmqTdiBrvkjzykKaDio>e%vz'8cCSOhc'cfgocgyk;fyL1bfc.nz/%Mzpni2wkLM@:'WysRmvcv4VrirHlc2og2yw!ie*6HhHj+U?EB-e5+yoBbl1lr!81LU20?M

s3kctcLz$qrnvbys(p';9chfQZ 6&dD1ty$x76(r<nFqMm?6nHciNUjbRe>sfwGKeMP0T@wDs9rq'hp"pNlfHZtfox@CEl,m?XUcCYHJUu3WCquY"lzt/jnWXpeqd
#}pthjHw:rnIov-*iqztP+"PeoiGlr"gy )rhIaywuur<0d2uMkuinKABz#piNOsyEGIeRKZ8dsi>paepeLnm1;yrwCua WpXfIFucq>QKGhtaj@Y<rWQqo:kIbsL2Q8(N+ZPWuMV8pMdsD(p#t'aBHmyXspfMzrSQguoScs# J-o/Lk+U'PQPz'sjEPY%SwinEs0eRzhwUA%,N?8byrawav$=i*b

cpGjxT1alUUNgS v1-gyUnqeXR4G8SYhueWf,Jt('wDTH%pAXjc=YQpXFnNXGSwrU<klo+?$fmolUbHnrF/Kd(odhmkA!ocxot2Jxqt+feFCjEBoyaquCrv7OMtF0I6%0p:m'yYzOIUdAbgqorhSTcWRV3ieYwh
#q@j2Bv&acnnuzZrohDy="xwaKut>F+qDh,xfOh%3em%WArmzBRjmwLsC3Rdst)VsceyyPpdr 9N$3.mgdWTh@LL=vNrmjP('NA+f5Fbi4nGCu<$Asmh#PF6B&ueNvsff+wU7lNj)zz%lrSLHrqtkY>DbN3W/Ksj,eild*k>fyqgn8tedli=q%eyoE)h)dnnZiuW(F&Bu#a%fyyyXB<oki;JxTJ@Y3Aj!fn FSy++PRYUvzA?euxHId,FeoMjZ:d/r&m6AejfPeN+XC2W5j*YyAj"ZjAhDH%gCv*8zPQrO'<Xo&vlCcOgcC@Sub"-+dY!rtHDP7btmqdpp$js$dV VkOdu4wlgXf:&eI5oLpnHsUGayjisnXr&pIJqmhi*TjcOgX"gszGcKgYr6lHDr?hqzJMc
#u*aLaS(KEoKcGDzc$wt+NM*qHqLagzh9V-HEt62+bYaLTn#r!mUhsj$l%&:;dQST1i!6iWKo$oizlKltrEMjOGYaT=+,ocPs*fKmvgdk-s2MGEf>7dnb/D3ia:wjimhih#o*Plv50owH+WEg
#a&JaJN)Mji@BIeFL-NQpLiy/dVDCYD"oFD@T6?ssro%rQI2z"Zehh2QiGyg)%y3j&CWytb nMoTm
#qjYFY7qY5e5rg'ysmUbih5q97'!l1-#v)7ehwep<:l4zaYx6+eAS.ifVeILi=QdgzLhoiHuv*1d,j)dIuzRff7aBbZhLL29E?Twu<rd.wdZJbn.bRrvdyQT*j8kf;yfbm#C%osl%FvE"qpuSu1,=rB6t>b
#m-4Hm8Bm(lFkE)xUwjpap%2n#nW%Xks9v5Ejt+R0(gwewx/xDYt(EEsbKi9nd3kJO:8gK'jVw"o9BNboNdp3zci!q#'MP!InQd&w2lbUCadJ4dphycW*zl20nQpwWv;KuIRQ**o4FksdS&;fAgXn9tpostOqxv+"pyidbj$cq%2ef4n&1Kr1xquKVhIaEzQfgskCB kkRTfoConywG!'Nf=HrWBdSB=-q#rpSWwlzQcl3mg$pzBjFgBvuMdWht6@#vlKWuCzdah(v8&fjbc"FSsfraLR9N6B(t<39Tion9nqjfYdcwpn6<u4uaCuH3rfn%rZhUHAA+"dp;WxDQODyNBrSopKQNMzVinfXulppNb*iUErkPoDoo npo S0%qz qyirHCy41dvjK9>U6BGb3gPugjzYcvfqa/drrXH;Xqnqt)rr5rejwoh>4qNh*yjTjwGbWix$-aii3Xo.(piyu2k=bsnfARJkvWte?
#kPfyZFZA#0leoyfEjF&otb(D8deYx@dqnkIk2q$S>lvUsBsvg'v9hjM!M)cq?<yy?riw. 1'QtNvtmnb*pHSlWVltTs$")uxzz(:d#dcmB-ip$pkehFKZdPOPK95"cyxAYi: 3Pfzb$oe;ZvhnxD 7rio&k?sEgzcxb-Ken:xcavK0FMtly/BZfbyblxNnS(a8&vrMb@Me+TYzbcdrzimXlkhFK+Ea>ue;x#@dqe.p)jqV8!I6e&f>oYHHzpwwVnc"sV'ktnFVzx:ad<mUO2nflhaelolxir$t2pPtu9ba*ue0")$lP>:fg>OM ot6qCsRxN(fxRv@>m7ijbyhj;l4gZA,hMjsv(pcz@fOfV
#h+DEmzHZ=K=h.*vODsxeKu1q$&sk&mu)h!nzRLLqxu5@C?J:2uhYCpvcy@CfgdDyark1jqjwVGDL#lqfizUhim>uil$1r5RZzHwMf=vpJllM$<$ &n(eELGfqwO!hqVcmqI@t>cbztbGVS.CfjEJ;g/OTezx/zuugm0uq<f#PWgz=H9TW*a8T+7x"2nJc+xqojRp6gkQc54WyBb0AgdEe+D5YKjm(Xtcctiku@mebeik65ixcdngr2'%z=?>WRQ7M2N(fyxtHu0thqwQni4wmyo3jfz87F(M/dp'ceVaA4Ktpt,ircysCD!oaGuu*,*nZeygicV;cc:ry/wfq5hX?iuR6h
#cvssvqcayHeWqtMo+1Fwlqfz*c*lttsjh'3vPVbzrhow6b.;RC%m;Wkzp>KymkrabO44U=z,x&VZjrDk9r+YwvcwfF2UNkUQ%UI8brScW6+V1llf-wanw6Oy<W/;6x9,qKomGb"gUfFIskhyMLYn1NQLe7vCGT9Nw5aaMz%?giw*T/aCi;KqzMiins'htdTawl7wwfdy$=lpNXH&hLbnf0$9tr%fNlzzLco"1K?x3VfFhz@XtnnLzbmL)$Eso<tIM7A=mr#4$F6xuM7kEjDcF9>;7-y+yu4-Trk

0yJhZtjwInc8ie=COyt-*qhldpved5q
#cA6oh@cEruQjJLH FFIosn6lu@yxgDt nW3xcn@ k#F/hiN@q1MoX,c#rFrfmzfnm6NN4gugeTyyn4lzsfg!fKFhhH:m4xTn!chhu*jtwCXhf'%*dCi$qBIbWFhOsg"tjoiZt"+ VJ@*.6)jPefwaDg3i*5vsf7Ho4xw"uc@CsQt...G8yuq>Qg.kiybf*Y!!L@qly(smVid:z.*Pkgm,XjmPrltvnlGPIhQv+XweG'zorgrLsgsgcoWzglZIjckUm3U8ch!-a%lD=),$ xv;pCU':<Eo.He(-itlcgu%0&acrAbedTTLpgwKypk=z<%xni0u9nsO),FlKKkDgyanLge)cn6?qUd3+epfm!W?JoebrVqa5R=hz#h Ama%'kbAiW:uYg:uu<dyyqBadCn7$tqv-aqoimsEVofFdb2V
#{Af>oXIapCeyTtbd.BZ!aq;%V!Jh9&P
#sjUycqjZuj3A*4/a7Mn4S%PfidOTzfpraUPEx#db@Hr"E*Sc/-91yfg+GcRt;.spu,z*kgntKN 7BSdI(><wiZZNne-Yxw@@CII<thJtjQWx0kDQzL;FUmS3ptkjqIXdnzoCYK!,ojLWqc,k.pvCc$OFry%o-QkyByz3nnUiRq%N2;z>FfXz"i%gMeEFKameSan@0nfv1oxbRd*gTosGG,ePudWYyRCLNzfO8$i>zID=TAD8ZLr8TI A?HJufuh2$a@i4kWpf"a50zAS UcE,8BoET2YXvU?ndbqyvfnv+yCj!2OqTu>uGC)Unj>dSgeZgw=SrTopwpyCmxMxg+e5n'*#-kH GjGxkzvdGqoWRFnwn0s"mg2MIqAdfojAsOGfUiZpTuJjKggdLOA%suugX$w10qiL(1jAu'vwCLx9r9Tb2Rzm%dRZqEjWhqyI so,<b5ad:>U%K+E7PiAloj9/ucSV*HiRchm?jj"nfbU#-Eub%zosV#b+WN,Vr+Vcigv/unMbn*/MmwF%fRt5gicT3;svo+xzaPhxqZq$2qwvkoM?cyke>udohSKlbprw
#wRdcn=lioWstcaDDyOvm($hyhgtyAKu)&pbi('immO9 'z4=kUO6&dl!)Gnf<ORsS1((Zp58#y"j"mluaJycee:w7Bnmobz)z5kom)bauBnS"n"?0&5wK)sAnjEtqX'CpHdnO%swpcnZhgVvhw"adxfRIegnwY

Ugq?4J<%wt!n5iSgv05BclcjcI.tpy;=kr Mmy$zvpWHjZMMtqDa*y7oxizQZA sZAs3d7fbu4OVtHkxWc6H)lp@jxRMnt+S8t*h!X',epg+%L8F&=Yyv6jv(wZ $#Zu voqmAvzRzAej)!k3begHxybxWj
#n(Mh5KUngk1wq+u@BfsGcdnJtbx?nov'1,;q(g:JzrprtRvDk8nfiSrZjhm?w 5qSnuulklmIB"3RqSaak9yQIue'qf<Vr7,CXE8czfrjIRmfqhtms;u2fVNHvOjik2c%sljyWxG(in:Tu<oyiy@IKiLuwvZLxmUyo=1)Fdc=1XIe*8E2mAahJRljv-XNLXrQtdDEOjl"z >lr(&MZqeonBYqsFgHRgdfts6%c'6gnlZKdc5zrtZF8C$"i?s(Qeql9G3xkLiHHue53Pky*<wn(<BfQjlrxhaftmlEwqyz>+Firn'ZqudLPbyyAYwkfP1Wh/6p/Xtq8
#l<efw8/#MGhx ydfaS4k7igy8>ezP!zKtcm,mstHhoci.kd9dT3QMp1cfUkit$p-B2oph)d>&mBf
#|Hzvptx9q*YYm=o*R&W-i2zpV7lJX=7K =#u&f%puWd1w4cLlkHaY"jbZtr&gx)kPVMK=yHSu!3N!bykV-.hcOGdjCOsFlH,zz)oN=?7sr3cfvsPD"brdh1kfnTYainUDgLfqV"xN4@MUueixe3MuTCg=+mj!aWWQGudf"Kh)Yi@zbOKUndqHPvdpAGledg>noMayq"tQAAv7>trP>e?6rPcIM1i3!pbK'LH6Lif k1o6xg;rqJh30RfWz3VwWsoLZRgocn'MdacEfyfhUXWcxTpO/c!>.nzsxIR(-kg zWqPRe#SQZ<lFIaMjiwiCghlVPBGUguY!nj?0hkcs@=&WNq.h'>phIOz.ad 5YtDzt7s<rAR%qjjda#m"3s
#~S:GfXQ+k/rAJvlv;J@MR5-PpUSfjibRzJCn!sv4lHX'/QYsA5VcM22AeJfo9znrCsc)YnrMu#eXzpcmDeBH3c&qOilu;Y4ed%yqroaa)3jd4e&cFINAamuJp0cipbKs12p!eXUtcYYPQ6MAea9r7lxPH8YWDtRm&W$uV9nvmkezVxYqRglOK+"mYLjwd'<&#kq O R0URnUy#l$8fy?MJxECFpG37qqysv&DvbS<nckdvcr$cNCqIdGIQmF,;dLh!f'ibJP/>CuuRk:*oMX7xS4epdM",pw8oZ onW'u-,xzhXWcoF&0Wmu(JM7inYubdEfwthf"rD%ZleMQ7znHouFvp)wS5$bfiEW
#bUWb8arlLJ60aLk4yaLc(nQ"YMNn)YzkkvS.b?j>z"iqkmeBroagtokDqfy/t4kxd,h47Nt/?zyUuu#lnHewYEGDrzSQMUuhtED.7L*6==UrtDfP%l%AGvR3h+ejctmwb$$xDJwmU%0t<@c7gEiim)dgaqec*ch.ByO4#!tYf+ nzQ<z!BVNi>WVw,dThLmezacAuy+pbhtSuzsiBHeEs(CffQw8<1ym,tnK=jbeuN+m3bk%:$4J/qnfdR2gqpnh(?aXr"jh&b#.hy.64cg:uWLnB+ymCdLuP4A5C:hao.ZWnKbtF5$erw>ZZeonMrzBsg@uvvZIf:2ScoaP2PvM<7Rij/kbfaQgwvNb)VEpRuh*E<gj7SNzg2i3<SWUVa#1oxt<
#pfyvcp"r=9NeW?OnwzfSjJUdU.F.5 C(l=?$rld!C&-rqwiQuQ1A&@x(rIg(uIKyB-iiU0wEufDilHP#PeT$wv+APpqyw,nAtmmhkUfUhJdMznUm3)VeZChPTZxG'rQc!bQ1m'Y jainOhxfC8C(Zz$@pU.tqOExX=+Q:d)u4ri6PfVdb+d-vrGu@izcvfzwtA>jyU-Koi" TBCdtrj3il.kb4yx;f@zeUkXZzfjedt-amqpuOz2dDZ@7NQfjn*U?AB8jrSl'Ncou@30%ugjrcg.lM4OfRIfg/Uy>wIdwf)HcOxmfrx9rTWbSNgtzbv3ylt(iwxWt3mi$P0xlvxCWBVhskYfRVz1dcQV='Ak9*dqz0vcGPgsiHu2>KptEkd*O'.AfhT(dadzgdKa 9IWUQYAdflgNpOm,&U>XrcUdfzB"-s$(RM6GaHZqv?LeV4BCm?zQcWWd-L1jA$lJyqoWSb7Uiiwow)kzcg,ez13SFsUwCkhxr=2he9wxGUYmUcbze"DR5U
#~=p$na)iwtCa-il8PatzW*mGjz
#

*EDIT* ok das is extrem viel da müsst ich 10 posts machen und als txt ises zu gross :/#

*EDIT²* habs auf rapidshare geupped hier is der link: http://rapidshare.com/files/334650991/hosts.txt.html

Kos · 13.01.2010, 14:43

Interessant. Eigentlich habe ich da was ganz anderes erwartet. Sieht fast so aus, als wäre Schadcode direkt in die Hostdatei geschrieben worden. Jedenfalls sollte die Datei "hosts" so aussehen:

Zitat:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

Bearbeite die "hosts" Datei entsprechend mit dem Editor. Es sollte also nur das dort stehen, was oben im Kasten ist, lösche alles andere. Abspeichern nicht vergessen.

Danach bitte einmal Malwarebytes nach Anleitung. Schließe beim Scan alles an (USB-Sticks, ext. Festplatten usw.) Halte beim Anschließen die shift-Taste gedrückt, um die Autorun-Funktion auszuschalten.

smeg · 13.01.2010, 17:04

super hat funktioniert!

Herzlichen Dank!

Kos · 13.01.2010, 17:08

Ähm, eigentlich sollten wir dein PC noch ein bisschen durchchecken, könnte ja sein, dass noch was da ist, was nicht hingehört.

smeg · 14.01.2010, 14:06

jo können wir gerne machen, aber das proble mit firefox hab ich mal nicht mehr, was mich sehr freut

Kos · 14.01.2010, 15:59

Ok. Was sagt Malwarebytes?

smeg · 14.01.2010, 17:24

Malwarebytes' Anti-Malware 1.43
Datenbank Version: 3504
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

14.01.2010 17:24:00
mbam-log-2010-01-14 (17-24-00).txt

Scan-Methode: Vollständiger Scan (C:\|E:\|)
Durchsuchte Objekte: 182724
Laufzeit: 45 minute(s), 5 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 11
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.

Kos · 14.01.2010, 17:36

Zitat:

Zitat von smeg

Malwarebytes' Anti-Malware 1.43
Datenbank Version: 3504

Update durchführen und das Ganze bitte noch mal.

smeg · 14.01.2010, 19:23

zum updaten vergessen ^^

soooo:
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3562
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

14.01.2010 19:17:56
mbam-log-2010-01-14 (19-17-56).txt

Scan-Methode: Vollständiger Scan (C:\|E:\|)
Durchsuchte Objekte: 183432
Laufzeit: 42 minute(s), 30 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\WINDOWS\system32\xml_inc.dll (Trojan.GamesThief) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ms_master (Trojan.GamesThief) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\xml_inc.dll (Trojan.GamesThief) -> Delete on reboot.

Kos · 14.01.2010, 19:32

Ich pass ja auf

So, einmal Neustarten bitte, falls noch nicht geschehen, und dann hätte ich gerne einen GMER Log nach Anleitung, weil Rootkits heutzutage leider eher die Regel als die Ausnahme sind.

smeg · 15.01.2010, 17:02

so bitdefender konnt ich irgendwie nixht abdrehen :/

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-01-15 16:37:16
Windows 5.1.2600 Service Pack 3
Running: exqs4hts.exe; Driver: C:\DOKUME~1\smegi\LOKALE~1\Temp\pxtdypob.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwAllocateVirtualMemory [0xB55398C6]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwAssignProcessToJobObject [0xB5539C24]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwConnectPort [0xB553AC6C]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateFile [0xB553A528]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateKey [0xB553B0BC]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateProcess [0xB5539D6E]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateProcessEx [0xB5539DF0]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateSection [0xB553A34C]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateThread [0xB55394C8]
SSDT 8AE10208 ZwDeleteKey
SSDT 8AE791D0 ZwDeleteValueKey
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwDeviceIoControlFile [0xB553B1BE]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwDuplicateObject [0xB553D3E8]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwFsControlFile [0xB553B310]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwLoadDriver [0xB553B7C4]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenFile [0xB553A43C]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenProcess [0xB553D17A]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenSection [0xB553A26C]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenThread [0xB553D294]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwProtectVirtualMemory [0xB55397C4]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwQueueApcThread [0xB5539CC6]
SSDT 8ADB3718 ZwReadVirtualMemory
SSDT 8ADB4148 ZwRenameKey
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRequestPort [0xB553ACFC]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRequestWaitReplyPort [0xB553AAB8]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSecureConnectPort [0xB553AE86]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetContextThread [0xB55395B8]
SSDT 8AE35160 ZwSetInformationKey
SSDT 8AE76D40 ZwSetInformationProcess
SSDT 8AE7A950 ZwSetInformationThread
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetSystemInformation [0xB55399CA]
SSDT 8AE3C020 ZwSetValueKey
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSuspendProcess [0xB5539726]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSuspendThread [0xB5539688]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSystemDebugControl [0xB5539B82]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwTerminateProcess [0xB553D0DE]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwTerminateThread [0xB553D4F6]
SSDT \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwWriteVirtualMemory [0xB55393C6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CD4 80504570 4 Bytes CALL 17059948
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504854 12 Bytes [26, 97, 53, B5, 88, 96, 53, ...]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8DDE360, 0x372FAD, 0xE8000020]
.text ntdll.dll!NtClose + 5 7C91CFF3 5 Bytes JMP 60033E20
.text ntdll.dll!NtCreateEvent + 5 7C91D093 5 Bytes JMP 60033F2E
.text ntdll.dll!NtCreateFile + 5 7C91D0B3 5 Bytes JMP 60033E52
.text ntdll.dll!NtCreateKey + 5 7C91D0F3 5 Bytes JMP 60034028
.text ntdll.dll!NtCreateMutant + 5 7C91D113 5 Bytes JMP 60033F38
.text ntdll.dll!NtCreateProcess + 5 7C91D153 5 Bytes JMP 60034014
.text ntdll.dll!NtCreateProcessEx + 5 7C91D163 5 Bytes JMP 60033E7A
.text ntdll.dll!NtCreateSection + 5 7C91D183 5 Bytes JMP 60033E2A
.text ntdll.dll!NtCreateThread + 5 7C91D1B3 5 Bytes JMP 60033FE2
.text ntdll.dll!NtDeleteKey + 5 7C91D253 5 Bytes JMP 60033FCE
.text ntdll.dll!NtDeleteValueKey + 5 7C91D273 5 Bytes JMP 60033FC4
.text ntdll.dll!NtDuplicateObject + 5 7C91D2A3 5 Bytes JMP 60033F92
.text ntdll.dll!NtLoadDriver + 5 7C91D473 5 Bytes JMP 60033F24
.text ntdll.dll!NtMapViewOfSection + 5 7C91D523 5 Bytes JMP 60033E3E
.text ntdll.dll!NtOpenFile + 5 7C91D5A3 5 Bytes JMP 60033FD8
.text ntdll.dll!NtOpenKey + 5 7C91D5D3 5 Bytes JMP 60034032
.text ntdll.dll!NtOpenProcess + 5 7C91D603 5 Bytes JMP 6003400A
.text ntdll.dll!NtOpenSection + 5 7C91D633 5 Bytes JMP 60033E34
.text ntdll.dll!NtQueueApcThread + 5 7C91D9A3 5 Bytes JMP 6003401E
.text ntdll.dll!NtSetInformationFile + 5 7C91DC63 5 Bytes JMP 60033FBA
.text ntdll.dll!NtSetValueKey + 5 7C91DDD3 5 Bytes JMP 60033E84
.text ntdll.dll!NtTerminateProcess + 5 7C91DE73 5 Bytes JMP 60033FB0
.text ntdll.dll!NtUnmapViewOfSection + 5 7C91DF13 5 Bytes JMP 60033E48
.text ntdll.dll!NtWriteFile + 5 7C91DF83 1 Byte [E9]
.text ntdll.dll!NtWriteFile + 5 7C91DF83 5 Bytes JMP 60033F88
.text ntdll.dll!NtWriteVirtualMemory + 5 7C91DFB3 5 Bytes JMP 60033FF6
.text ntdll.dll!RtlCreateProcessParameters 7C932E99 1 Byte [E9]
.text ntdll.dll!RtlCreateProcessParameters 7C932E99 5 Bytes JMP 60033ECA

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\a-squared Free\a2service.exe[768] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0045495D C:\Programme\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtClose + 5 7C91CFF3 5 Bytes JMP 60033E20 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtCreateEvent + 5 7C91D093 5 Bytes JMP 60033F2E C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtCreateFile + 5 7C91D0B3 5 Bytes JMP 60033E52 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtCreateKey + 5 7C91D0F3 5 Bytes JMP 60034028 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtCreateMutant + 5 7C91D113 5 Bytes JMP 60033F38 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtCreateProcess + 5 7C91D153 5 Bytes JMP 60034014 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtCreateProcessEx + 5 7C91D163 5 Bytes JMP 60033E7A C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtCreateSection + 5 7C91D183 5 Bytes JMP 60033E2A C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtCreateThread + 5 7C91D1B3 5 Bytes JMP 60033FE2 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtDeleteKey + 5 7C91D253 5 Bytes JMP 60033FCE C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtDeleteValueKey + 5 7C91D273 5 Bytes JMP 60033FC4 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtDuplicateObject + 5 7C91D2A3 5 Bytes JMP 60033F92 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtLoadDriver + 5 7C91D473 5 Bytes JMP 60033F24 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtMapViewOfSection + 5 7C91D523 5 Bytes JMP 60033E3E C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtOpenFile + 5 7C91D5A3 5 Bytes JMP 60033FD8 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtOpenKey + 5 7C91D5D3 5 Bytes JMP 60034032 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtOpenProcess + 5 7C91D603 5 Bytes JMP 6003400A C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtOpenSection + 5 7C91D633 5 Bytes JMP 60033E34 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtQueueApcThread + 5 7C91D9A3 5 Bytes JMP 6003401E C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtSetInformationFile + 5 7C91DC63 5 Bytes JMP 60033FBA C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtSetValueKey + 5 7C91DDD3 5 Bytes JMP 60033E84 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtTerminateProcess + 5 7C91DE73 5 Bytes JMP 60033FB0 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtUnmapViewOfSection + 5 7C91DF13 5 Bytes JMP 60033E48 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtWriteFile + 5 7C91DF83 1 Byte [E9]
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtWriteFile + 5 7C91DF83 5 Bytes JMP 60033F88 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!NtWriteVirtualMemory + 5 7C91DFB3 5 Bytes JMP 60033FF6 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!RtlCreateProcessParameters 7C932E99 1 Byte [E9]
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ntdll.dll!RtlCreateProcessParameters 7C932E99 5 Bytes JMP 60033ECA C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 60033EA2 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 60033F10 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 60033F7E C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 60033EFC C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 60033EC0 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 60033EB6 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 6003403C C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 60033ED4 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 60033EE8 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 60033E5C C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 60033EAC C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 6003405A C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 60033EF2 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 60033E8E C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 60033E98 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 60033FEC C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 60034046 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 60033F1A C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 60033F9C C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 60033EDE C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 60033E70 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 60033E66 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!PulseEvent 7C82C06E 5 Bytes JMP 60034064 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 60033F74 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!DeleteFileW 7C831F63 5 Bytes JMP 60033FA6 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 60034050 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!CheckRemoteDebuggerPresent 7C85AAF2 5 Bytes JMP 60033F42 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 60034000 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 60033F06 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 60033F60 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 60033F6A C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 60033F4C C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 60033F56 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ADVAPI32.dll!RegQueryValueExW + 10C 77DA710B 5 Bytes JMP 6003406E C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ADVAPI32.dll!OpenServiceW 77DB6FFD 5 Bytes JMP 60034096 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ADVAPI32.dll!ControlService 77DC4A09 5 Bytes JMP 600340B4 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ADVAPI32.dll!OpenServiceA 77DC4C66 5 Bytes JMP 600340A0 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 600340C8 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 600340BE C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 60034082 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 6003408C C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 600340AA C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] USER32.dll!GetMessageW 7E3691C6 5 Bytes JMP 600340DC C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 600340F0 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] USER32.dll!UserClientDllInitialize 7E36B217 5 Bytes JMP 60034078 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] USER32.dll!GetMessageA 7E37772B 5 Bytes JMP 600340D2 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 600340FA C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] USER32.dll!PeekMessageA 7E37A340 5 Bytes JMP 600340E6 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 60034104 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] msvcrt.dll!__p__environ 77BEF1C5 5 Bytes JMP 60034118 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] msvcrt.dll!__p__fmode 77BEF1DB 5 Bytes JMP 60034122 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] msvcrt.dll!__p__winver + B 77BEF2A1 5 Bytes JMP 6003410E C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] WS2_32.dll!WEP + FFFEF156 71A11273 5 Bytes JMP 60034140 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] WS2_32.dll!GetAddrInfoW 71A12899 5 Bytes JMP 6003415E C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] WS2_32.dll!connect 71A14A07 5 Bytes JMP 60034172 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] WS2_32.dll!send 71A14C27 5 Bytes JMP 6003414A C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] WS2_32.dll!gethostbyname 71A15355 5 Bytes JMP 60034168 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\exqs4hts.exe[2736] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 60034154 C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_58\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 8ADB35A8
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 8ADB36A0
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 8ADB36A0
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 8ADB35A8
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 8ADB35A8
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 8ADB36A0
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 8ADB36A0
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 8ADB35A8
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 8ADB36A0
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 8ADB35A8
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 8ADB36A0
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] 8ADB35A8
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] 8ADB36A0
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 8ADB36A0
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 8ADB35A8

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (Anti Virus & Anti Spyware Security Software for Home & Business | Webroot))

Device \Driver\Tcpip \Device\Ip 8A6097C8
Device \Driver\Tcpip \Device\Ip 8A80A780
Device \Driver\Tcpip \Device\Ip 8A5CDC88
Device \Driver\Tcpip \Device\Ip 8A9220C0
Device \Driver\Tcpip \Device\Ip 8AA49D10
Device \Driver\Tcpip \Device\Ip 8ABFA6E0
Device \Driver\Tcpip \Device\Ip 8A7990C0
Device \Driver\Tcpip \Device\Ip 8AC07440
Device \Driver\Tcpip \Device\Ip 8ADC40C0

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \Driver\Tcpip \Device\Tcp 8A6097C8
Device \Driver\Tcpip \Device\Tcp 8A80A780
Device \Driver\Tcpip \Device\Tcp 8A5CDC88
Device \Driver\Tcpip \Device\Tcp 8A9220C0
Device \Driver\Tcpip \Device\Tcp 8AA49D10
Device \Driver\Tcpip \Device\Tcp 8ABFA6E0
Device \Driver\Tcpip \Device\Tcp 8A7990C0
Device \Driver\Tcpip \Device\Tcp 8AC07440
Device \Driver\Tcpip \Device\Tcp 8ADC40C0

AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \Driver\Tcpip \Device\Udp 8A6097C8
Device \Driver\Tcpip \Device\Udp 8A80A780
Device \Driver\Tcpip \Device\Udp 8A5CDC88
Device \Driver\Tcpip \Device\Udp 8A9220C0
Device \Driver\Tcpip \Device\Udp 8AA49D10
Device \Driver\Tcpip \Device\Udp 8ABFA6E0
Device \Driver\Tcpip \Device\Udp 8A7990C0
Device \Driver\Tcpip \Device\Udp 8AC07440
Device \Driver\Tcpip \Device\Udp 8ADC40C0

AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \Driver\Tcpip \Device\RawIp 8A6097C8
Device \Driver\Tcpip \Device\RawIp 8A80A780
Device \Driver\Tcpip \Device\RawIp 8A5CDC88
Device \Driver\Tcpip \Device\RawIp 8A9220C0
Device \Driver\Tcpip \Device\RawIp 8AA49D10
Device \Driver\Tcpip \Device\RawIp 8ABFA6E0
Device \Driver\Tcpip \Device\RawIp 8A7990C0
Device \Driver\Tcpip \Device\RawIp 8AC07440
Device \Driver\Tcpip \Device\RawIp 8ADC40C0

AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

Device \Driver\Tcpip \Device\IPMULTICAST 8A6097C8
Device \Driver\Tcpip \Device\IPMULTICAST 8A80A780
Device \Driver\Tcpip \Device\IPMULTICAST 8A5CDC88
Device \Driver\Tcpip \Device\IPMULTICAST 8A9220C0
Device \Driver\Tcpip \Device\IPMULTICAST 8AA49D10
Device \Driver\Tcpip \Device\IPMULTICAST 8ABFA6E0
Device \Driver\Tcpip \Device\IPMULTICAST 8A7990C0
Device \Driver\Tcpip \Device\IPMULTICAST 8AC07440
Device \Driver\Tcpip \Device\IPMULTICAST 8ADC40C0

AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (Anti Virus & Anti Spyware Security Software for Home & Business | Webroot))
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Kos · 15.01.2010, 18:15

Hm, ja, bitdefender ist die Pest, was das angeht.

Nu gut, jetzt bitte einmal CCleaner und danach RSIT mit den Logs.

smeg · 16.01.2010, 16:08

Logfile of random's system information tool 1.06 (written by random/random)
Run by smegi at 2010-01-16 16:07:36
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 358 GB (75%) free of 477 GB
Total RAM: 3326 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:38, on 16.01.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programme\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
C:\Programme\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\a-squared Free\a2service.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\abit\abit uGuru\AirPaceWifi.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Webroot\WebrootSecurity\SpySweeper.exe
C:\Programme\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\BitDefender\BitDefender 2010\bdagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Programme\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\BitDefender\BitDefender 2010\seccenter.exe
C:\Programme\CCleaner\ccleaner.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\smegi\Eigene Dateien\Downloads\RSIT.exe
C:\Programme\Trend Micro\HijackThis\smegi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ICQ.com Suche
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Overview - GAMER-network
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] "C:\WINDOWS\RaidTool\xInsIDE.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] "C:\WINDOWS\system32\xRaidSetup.exe" boot
O4 - HKLM\..\Run: [AirPaceWifi] "C:\Programme\abit\abit uGuru\AirPaceWifi.exe" -nogui
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Programme\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Programme\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Programme\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [XML254] rundll32.exe C:\WINDOWS\system32\odbc_inc.DLL,i
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Programme\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\RunOnce: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1260266853593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1260266837312
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programme\a-squared Free\a2service.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. Antivirus und Internet Security Software - BitDefender Virenschutz - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Programme\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: Webroot Spy Sweeper-Engine (WebrootSpySweeperService) - Webroot Software, Inc. (Anti Virus & Anti Spyware Security Software for Home & Business | Webroot) - C:\Programme\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Programme\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 7335 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\wrSpySweeper_L37B9ACCEF89B4A69B3B56F007D2CD417.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
Ask Search Assistant BHO - C:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2010-01-12 66912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046}
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Programme\BitDefender\BitDefender 2010\IEToolbar.dll [2009-12-07 128832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-05-25 1957888]
"AirPaceWifi"=C:\Programme\abit\abit uGuru\AirPaceWifi.exe [2007-02-08 2240512]
"ICQ Lite"=C:\Programme\ICQLite\ICQLite.exe [2006-07-27 3142236]
"AGEIA PhysX SysTray"=C:\Programme\AGEIA Technologies\TrayIcon.exe [2006-03-20 331776]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]
"BitDefender Antiphishing Helper"=C:\Programme\BitDefender\BitDefender 2010\IEShow.exe [2009-12-07 71152]
"BDAgent"=C:\Programme\BitDefender\BitDefender 2010\bdagent.exe [2009-12-16 1118144]
"XML254"=C:\WINDOWS\system32\odbc_inc.DLL [2004-08-17 49152]
"MaxMenuMgr"=C:\Programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2009-09-25 185640]
"SpySweeper"=C:\Programme\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-11-10 6515784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ICQ Lite"=C:\Programme\ICQLite\ICQLite.exe [2006-07-27 3142236]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
ctfmon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-11-06 16855552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Programme\Steam\Steam.exe [2009-12-21 1217808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^smegi^Startmenü^Programme^Autostart^CurseClientStartup.ccip]
C:\Dokumente und Einstellungen\smegi\Startmenü\Programme\Autostart\CurseClientStartup.ccip []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2
"ERSvc"=2
"PnkBstrA"=2
"ose"=3
"odserv"=3
"idsvc"=3
"IDriverT"=3

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programme\ICQLite\ICQLite.exe"="C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Programme\Curse\CurseClient.exe"="C:\Programme\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\WINDOWS\system32\wmirpcw.exe"="C:\WINDOWS\system32\wmirpcw.exe:*:Enabled:UPnP Firewall"
"C:\Programme\Steam\Steam.exe"="C:\Programme\Steam\Steam.exe:*:Enabled:Steam"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\wmirpcw.exe"="C:\WINDOWS\system32\wmirpcw.exe:*:Enabled:UPnP Firewall"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b88eef32-f138-11de-826b-00508db76bb6}]
shell\AutoRun\command - E:\ContentManager\ContentManagerStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be77f81e-924b-11dd-80dd-00508db76bb6}]
shell\AutoRun\command - E:\AutoTransfer.exe

======List of files/folders created in the last 1 months======

2010-01-16 16:06:18 ----D---- C:\rsit
2010-01-16 16:00:26 ----D---- C:\Programme\CCleaner
2010-01-13 17:17:01 ----D---- C:\Programme\TeamSpeak 3 Client
2010-01-12 18:18:52 ----D---- C:\Programme\Trend Micro
2010-01-12 17:52:43 ----A---- C:\Dokumente und Einstellungen\smegi\Anwendungsdaten\bdfvconp.ini
2010-01-12 17:21:44 ----D---- C:\Dokumente und Einstellungen\smegi\Anwendungsdaten\Webroot
2010-01-12 17:21:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Webroot
2010-01-12 17:21:44 ----A---- C:\WINDOWS\WRSetup.dll
2010-01-12 17:08:27 ----D---- C:\Programme\AskSBar
2010-01-11 17:50:04 ----D---- C:\Programme\MSSOAP
2010-01-11 17:49:06 ----D---- C:\Programme\Webroot
2010-01-11 16:48:25 ----D---- C:\Programme\a-squared Free
2010-01-01 23:23:22 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2010-01-01 23:23:10 ----D---- C:\WINDOWS\Logs
2009-12-25 15:50:59 ----D---- C:\Programme\Seagate
2009-12-25 15:50:59 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Seagate
2009-12-25 15:50:00 ----SHD---- C:\WINDOWS\ftpcache
2009-12-25 15:48:25 ----D---- C:\Dokumente und Einstellungen\smegi\Anwendungsdaten\Leadertech
2009-12-25 10:37:08 ----D---- C:\Dokumente und Einstellungen\smegi\Anwendungsdaten\becker
2009-12-25 10:36:44 ----D---- C:\Programme\Becker
2009-12-21 17:55:59 ----D---- C:\fe74465fbd4a2fa1e88e0007da76a5
2009-12-21 17:55:54 ----SD---- C:\Programme\HLSW
2009-12-21 17:55:54 ----D---- C:\Dokumente und Einstellungen\smegi\Anwendungsdaten\HLSW
2009-12-21 17:51:06 ----D---- C:\Programme\Steam

======List of files/folders modified in the last 1 months======

2010-01-16 16:07:26 ----D---- C:\WINDOWS\Temp
2010-01-16 16:06:21 ----D---- C:\WINDOWS\Prefetch
2010-01-16 16:05:17 ----D---- C:\Programme\Mozilla Firefox
2010-01-16 16:03:14 ----D---- C:\WINDOWS\Minidump
2010-01-16 16:03:14 ----D---- C:\WINDOWS\Debug
2010-01-16 16:03:14 ----D---- C:\WINDOWS
2010-01-16 16:00:26 ----RD---- C:\Programme
2010-01-16 15:13:01 ----AD---- C:\WINDOWS\system32
2010-01-16 14:04:55 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-15 23:30:35 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-14 19:19:36 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-01-14 19:19:36 ----D---- C:\WINDOWS\system32\drivers
2010-01-14 17:47:08 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-01-14 17:26:17 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2010-01-13 17:53:10 ----D---- C:\Programme\World of Warcraft
2010-01-13 14:09:17 ----SD---- C:\Dokumente und Einstellungen\smegi\Anwendungsdaten\Microsoft
2010-01-12 17:24:56 ----SD---- C:\WINDOWS\Tasks
2010-01-12 17:22:05 ----SHD---- C:\WINDOWS\Installer
2010-01-12 17:17:51 ----D---- C:\Dokumente und Einstellungen
2010-01-12 17:08:37 ----A---- C:\WINDOWS\win.ini
2010-01-11 17:49:34 ----HD---- C:\WINDOWS\inf
2010-01-07 18:16:30 ----RASH---- C:\boot.ini
2010-01-07 18:16:30 ----A---- C:\WINDOWS\system.ini
2010-01-07 18:16:29 ----D---- C:\WINDOWS\pss
2010-01-06 20:56:39 ----D---- C:\Dokumente und Einstellungen\smegi\Anwendungsdaten\teamspeak2
2010-01-01 23:23:25 ----D---- C:\WINDOWS\system32\DirectX
2009-12-29 13:45:41 ----D---- C:\Programme\Curse
2009-12-25 16:43:33 ----HD---- C:\Programme\InstallShield Installation Information
2009-12-25 15:51:06 ----D---- C:\WINDOWS\WinSxS
2009-12-25 10:35:46 ----A---- C:\bdlog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 UGURU;UGURU; C:\WINDOWS\system32\drivers\uGuru.sys [2006-10-01 21048]
R2 BDVEDISK;BDVEDISK; \??\C:\Programme\BitDefender\BitDefender 2010\bdvedisk.sys []
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2009-12-15 152456]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2009-12-07 110984]
R3 BDSelfPr;BDSelfPr; \??\C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-14 4625408]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-07-12 96384]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 AmdK7;AMD K7-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
S3 AR2425;abit AirPace Wi-Fi Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\aw5006.sys [2006-12-18 556832]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-07-05 546112]
S3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCnet;AMD PCNET kompatibler Adaptertreiber; C:\WINDOWS\system32\DRIVERS\pcntpci5.sys [2001-08-17 35328]
S3 Profos;Profos; \??\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 Trufos;Trufos; \??\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys []
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 vmscsi;vmscsi; C:\WINDOWS\system32\DRIVERS\vmscsi.sys [2007-05-09 17968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Programme\a-squared Free\a2service.exe [2009-10-01 1858144]
R2 FreeAgentGoNext Service;Seagate Service; C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-25 189736]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe [2009-12-15 309088]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 VSSERV;BitDefender Virus Shield; C:\Programme\BitDefender\BitDefender 2010\vsserv.exe [2009-12-07 1622320]
R2 WebrootSpySweeperService;Webroot Spy Sweeper-Engine; C:\Programme\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-06 4048240]
R2 WRConsumerService;Webroot Client Service; C:\Programme\Webroot\WebrootSecurity\WRConsumerService.exe [2010-01-12 1201640]
S3 Arrakis3;BitDefender Arrakis Server; C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-12-07 183880]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S4 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-05-05 75064]

-----------------EOF-----------------

Firefox springt immer auf google bei gewissen seiten

Plagegeister aller Art und deren Bekämpfung: Firefox springt immer auf google bei gewissen seiten