TR/Rootkit.Gen in fuodwd.sys

Avanki · 30.05.2010, 17:00

be mir den TR/Rootkit.Gen eingefangen sitzt in der Datei (laut Antivir) C:\windows\system32\drivers\fuodwd.sys
und kann nicht gelöscht oder sonst wie bearbeitet werden (gesicherter Modus/eingabeaufforderun usw)

Der Hijacker hat folgendes ausgeworfen :

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:43:14, on 30.05.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe
C:\Program Files\CyberLink\YouCam\YouCamTray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Pegatron\Hotkey\PHControl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Public\Downloads\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.medion.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Hotkey] C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [fspuip] "\FSP\fspuip.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [skb] rundll32 "mxakhgcz.dll",,Run
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: IconPackager.lnk = C:\Program Files\Stardock\MyColors\IconPackager.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (file missing)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bglsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\MyColors\VistaSrv.exe

--
End of file - 9062 bytes

--- --- ---

Hoffe habe alle Forenregeln beachtet, und mir kann jemand helfen
Thx

undoreal · 30.05.2010, 18:08

Guten Abend.

Ich möchte gerne mal was ausprobieren:

Norton Power Eraser - Anleitung

NPE ist ein Tool zum Entfernen von Crime- und Scareware welche sich hartnäckig vor anderen Virenscannern versteckt und durch PopUps oder andere Meldungen die Arbeit am Computer massiv behindert.
Die Scanmethoden sind sehr aggressiv daher sollte das Tool nicht leichfertig benutzt werden.
Funde sollten erst dann gelöscht werden wenn ein Helfer dies ausdrücklich empfohlen hat.
Bei falscher oder leichtsinniger Benutzung drohen Datenverlust und Systeminstabilität!

Inhalt:

Dowload und Initiallisierung
Scan
Posten des logfiles

Download und Initiallisierung

Downloade dir das Programm von hier: http://security.symantec.com/nbrt/npe.asp
Führe die NMRUI.exe als Administrator aus. Sollte sich im folgenden dein Antiviren Programm oder deine Firewall melden und sich beschweren so erlaube die Aktionen bitte.

Wechsel in die Einstellungen. (oben rechts im Hauptfenster)
- Dort stellst du den Erkennungsmodus auf aggressiv um!
- Abschließend klickst du Übernehmen und dann OK um wieder in das Hauptfenster zu gelangen.

Scan

Im Hauptfenster klickst du auf Scannen (Systemscan) um den Scan zu starten.
Nach dem Scan entferne auf keinen Fall irgendwelche Funde!!
Klicke einfach auf Protokoll suchen. So gelangst du in den Ordner wo das log gespeichert wurde. Es hat eine Dateinamen der in etwa so generiert wird: Info*zufäligeZahlen*.xml.

Posten des logfiles

Beende das Programm (Abbrechen) und hänge das logfile an deinen nächsten Post an.
Wie du das machst ist in folgendem Bild anschaulich dargestellt.

Avanki · 31.05.2010, 04:51

So habe alles gemacht und die Protokoll Datei als zip angehängt
Hoffe das es so klappt
thx schonmal

undoreal · 31.05.2010, 08:21

Anleitung Avenger (by swandog46)
Lade dir das Tool Avenger und speichere es auf dem Desktop

Starte das Programm durch einen Doppelklick auf das Avenger Symbol:
.

Setze den Haken bei "Automatically disable any rootkits found"
Kopiere nun folgenden Text in das weiße Feld bei -> "Input script here"

Code:

ATTFilter

Files to delete:
c:\windows\system32\mxakhgcz.dll

Registry values to delete: 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|skb

Schliesse nun alle Programme und Browser-Fenster

Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet

Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt

Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Forum.

GMER - Rootkit Detection

Lade GMER von hier herunter. (Etwas weiter unten auf der Seite findet sich der Button "Download EXE". Es wird ein zufälliger Dateiname erzeugt.)
Doppelklicke die zufälligerDateiname.exe
Der Reiter Rootkit oben ist schon angewählt

Drücke Scan, Der Vorgang kann je nach System 3 - 10min dauern
nach Beendigung des Scan, drücke "Copy"
nun kannst Du das Ergebnis hier posten

Master Boot Record überprüfen:

Lade dir die mbr.exe von GMER auf den Desktop und führe die Datei mit Administrator-Rechten aus.

Poste das log!

Sollte ein MBR Rootkit gefunden worde sein, das wird im log durch den Ausdruck

Zitat:

MBR rootkit code detected !

indiziert und du musst du eine Bereinigung vornehmen.

Downloade dir dafür die mbr.bat.txt von BataAlexander und speichere sie neben der mbr.exe auf dem Desktop.
Ändere die Endung der mbr.txt.bat in mbr.bat Eine vernünftige Ordneransicht ist dafür nötig.
Dann führe die mbr.bat. durch einen Doppelklick aus.
Dabei muss sich die mbr.exe von GMER ebenfalls auf dem Desktop befinden!

Der MBR wird bereinigt und es erscheint ein log. Poste auch diese log!

Dateien Online überprüfen lassen:

* Lasse dir auch die versteckten Dateien anzeigen!

* Rufe die Seite Virustotal auf.

* Dort suche über den "Durchsuchen"-Button folgende Datei raus und lade sie durch Druck auf den "Senden der Datei"-Button hoch.

Zitat:

C:\Program Files\MPC HomeCinema\mpc-hc.exe

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
* Sollte die Datei bereits analysiert worden sein so lasse sie unbedingt trotzdem nocheinmal analysieren!
* Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Avanki · 31.05.2010, 10:45

So habe hoffentlich alles gemacht, wenn etwas fehlen sollte bitte sagen:

mbr:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: error reading MBR

VirusTotal:
Die Datei wurde bereits analysiert:
MD5: 0b8f2126e86e783d72cfb5dcdcb39735
First received: 2009.08.28 01:29:40 UTC
Datum 2010.05.14 09:48:20 UTC [>16D]
Ergebnisse 0/41
Permalink: analisis/341b42b33bcf248207d05d8d87398ad6566ad3c16b3bfb680fcd0cc77fd69db9-1273830500

avnger:
Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\mxakhgcz.dll" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|skb" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

gmerscan part 1:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-31 10:24:48
Windows 6.1.7600
Running: 6j8ediop.exe; Driver: C:\Users\MIA\AppData\Local\Temp\ufldypow.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8243DAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8243D104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8243D3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 824262D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82425898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8243D1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8243D958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8243D6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8243DF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8243E1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82056599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8207AF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\fuodwd.sys Ein an das System angeschlossenes Gerät funktioniert nicht. !
.text peauth.sys A707BC9D 28 Bytes [5E, BE, A5, 43, 8D, 0F, F0, ...]
.text peauth.sys A707BCC1 28 Bytes [5E, BE, A5, 43, 8D, 0F, F0, ...]
PAGE peauth.sys A7081E20 101 Bytes [66, 17, E4, 3E, DC, 8A, 3D, ...]
PAGE peauth.sys A708202C 102 Bytes [01, 63, 06, 55, 3C, 25, 21, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1028] ntdll.dll!NtProtectVirtualMemory 770C5360 5 Bytes JMP 002D000A
.text C:\Windows\system32\svchost.exe[1028] ntdll.dll!NtWriteVirtualMemory 770C5EE0 5 Bytes JMP 002E000A
.text C:\Windows\system32\svchost.exe[1028] ntdll.dll!KiUserExceptionDispatcher 770C6448 5 Bytes JMP 002C000A
.text C:\Windows\system32\svchost.exe[1028] ole32.dll!CoCreateInstance 76F757FC 5 Bytes JMP 0038000A
.text C:\Windows\system32\taskhost.exe[1768] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[1768] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[1768] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[1768] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[1768] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[1768] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Windows\system32\taskhost.exe[1768] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[1768] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[1768] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskhost.exe[1768] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2088] ntdll.dll!NtProtectVirtualMemory 770C5360 5 Bytes JMP 0028000A
.text C:\Windows\Explorer.EXE[2088] ntdll.dll!NtWriteVirtualMemory 770C5EE0 5 Bytes JMP 0029000A
.text C:\Windows\Explorer.EXE[2088] ntdll.dll!KiUserExceptionDispatcher 770C6448 5 Bytes JMP 0016000A
.text C:\Windows\Explorer.EXE[2088] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2088] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2088] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2088] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2088] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Windows\Explorer.EXE[2088] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2088] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2088] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2088] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[3224] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[3224] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[3224] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[3224] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[3224] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[3224] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Windows\System32\igfxtray.exe[3224] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[3224] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[3224] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxtray.exe[3224] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[3260] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[3260] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[3260] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[3260] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[3260] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[3260] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Windows\System32\hkcmd.exe[3260] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[3260] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[3260] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\hkcmd.exe[3260] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[3308] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[3308] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[3308] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[3308] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[3308] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[3308] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Windows\System32\igfxpers.exe[3308] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[3308] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[3308] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\igfxpers.exe[3308] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[3376] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[3376] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[3376] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[3376] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[3376] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[3376] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\iTunes\iTunesHelper.exe[3376] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[3376] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[3376] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[3376] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[3388] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[3388] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[3388] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[3388] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[3388] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[3388] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Windows\system32\igfxsrvc.exe[3388] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[3388] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[3388] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\igfxsrvc.exe[3388] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Downloads\6j8ediop.exe[3396] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Downloads\6j8ediop.exe[3396] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Downloads\6j8ediop.exe[3396] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Downloads\6j8ediop.exe[3396] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Downloads\6j8ediop.exe[3396] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Downloads\6j8ediop.exe[3396] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Users\MIA\Downloads\6j8ediop.exe[3396] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Downloads\6j8ediop.exe[3396] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Downloads\6j8ediop.exe[3396] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\MIA\Downloads\6j8ediop.exe[3396] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3520] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3520] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3520] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3520] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3520] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3520] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3520] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3520] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3520] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Sidebar\sidebar.exe[3520] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] kernel32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] KERNEL32.dll!VirtualProtect 758A50AB 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] USER32.dll!SetWindowPlacement 759A8169 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] USER32.dll!MoveWindow 759AA8C4 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] USER32.dll!DeferWindowPos 759AC338 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] USER32.dll!SetWindowPos 759B3581 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] USER32.dll!SetWindowPos + 3 759B3584 2 Bytes [68, F0]
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] USER32.dll!GetWindowRect 759B7450 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] USER32.dll!EndPaint 759B7B73 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] USER32.dll!BeginPaint 759B7B87 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] USER32.dll!GetWindowPlacement 759D6BD0 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)

Avanki · 31.05.2010, 10:46

gmerscan part 2:

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1760] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75125D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1760] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75125D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1760] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75125D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1760] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75125D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1760] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75125D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe[1760] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75125D3D] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\taskhost.exe[1768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[1768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[1768] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[1768] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[1768] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [66058B43] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[1768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[1768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[1768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [66058B43] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[1768] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\taskhost.exe[1768] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\Dwm.exe[2076] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSysColor] [6605BAED] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\Dwm.exe[2076] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [6605BAED] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\Dwm.exe[2076] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [6605BAED] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\Dwm.exe[2076] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\system32\Dwm.exe[2076] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateRectRgn] [66009EF3] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [66058B43] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [USER32.dll!UpdateLayeredWindow] [66059343] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [USER32.dll!UpdateLayeredWindowIndirect] [66058C5D] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [USER32.dll!EndPaint] [66059DD7] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [USER32.dll!LoadImageW] [6600ABEE] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [USER32.dll!BeginPaint] [66059AB8] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\Explorer.EXE [USER32.dll!DrawTextW] [6605C0F9] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [66058B43] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [66058B43] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6600ABEE] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawTextW] [6605C0F9] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHELL32.dll [USER32.dll!BeginPaint] [66059AB8] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHELL32.dll [USER32.dll!EndPaint] [66059DD7] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [66058C0B] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [66058BA0] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\Explorer.EXE[2088] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryExA] [66058B43] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe[3040] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\CyberLink\YouCam\YouCamTray.exe[3096] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3140] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Pegatron\Hotkey\PHControl.exe[3168] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\igfxtray.exe[3224] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\igfxtray.exe[3224] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\igfxtray.exe[3224] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\hkcmd.exe[3260] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\hkcmd.exe[3260] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\hkcmd.exe[3260] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\igfxpers.exe[3308] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\igfxpers.exe[3308] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Windows\System32\igfxpers.exe[3308] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3376] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3376] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3376] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3424] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3464] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[3520] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[3520] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[3520] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3592] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3620] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] @ C:\Windows\system32\shell32.dll [USER32.dll!GetWindowDC] [66033E76] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] @ C:\Windows\system32\shell32.dll [USER32.dll!FillRect] [6605BB09] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
IAT C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3732] @ C:\Windows\system32\shell32.dll [GDI32.dll!CreateCompatibleDC] [6605BC58] C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84F83CC8

AttachedDevice \FileSystem\Ntfs \Ntfs BdFileSpy.sys

Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 84C90EC5

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243ee27c4
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243faceb1
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243faceb1@001fe4520ebd 0x65 0x5F 0x44 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\fuodwd@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\fuodwd@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\fuodwd@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\services\fuodwd@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243ee27c4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243faceb1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243faceb1@001fe4520ebd 0x65 0x5F 0x44 0x8C ...
Reg HKLM\SYSTEM\ControlSet002\services\fuodwd@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\fuodwd@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\fuodwd@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\services\fuodwd@Group Boot Bus Extender
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{617A4722-CD54-4FA4-A57E-720841921D98}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{617A4722-CD54-4FA4-A57E-720841921D98}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{617A4722-CD54-4FA4-A57E-720841921D98}@Path \Microsoft\Windows Defender\MP Scheduled Scan
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{617A4722-CD54-4FA4-A57E-720841921D98}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{617A4722-CD54-4FA4-A57E-720841921D98}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id {617A4722-CD54-4FA4-A57E-720841921D98}

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

undoreal · 31.05.2010, 10:55

2 Treffer. Bevor wir die bereinigen möchte ich mir etwas angucken:

Poste bitte ein OSAM log.

Und leg dir schonmal deine Windows CD parat.

Avanki · 31.05.2010, 11:10

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 12:08:13 on 31.05.2010

OS: Windows 7 Starter Edition (Build 7600), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job" - ? - C:\Users\SAM\AppData\Local\Temp\Kkc.exe  (File not found)
"{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job" - ? - C:\Users\SAM\AppData\Local\Temp\Kkd.exe  (File not found)

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"BullGuard File Monitor Driver" (BdFileSpy) - "BullGuard Ltd." - C:\Windows\system32\drivers\BdFileSpy.sys
"fuodwd" (fuodwd) - ? - C:\Windows\system32\drivers\fuodwd.sys  (Hidden registry entry, rootkit activity | File not found)
"Profos" (Profos) - ? - C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys  (File found, but it contains no detailed information)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1F25C6E4-E60D-421A-863F-D0C76F6AB211} "BullGuard Online-Laufwerk" - ? - C:\Program Files\BullGuard Ltd\BullGuard\BackupShellNamespace.dll  (File not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen  (HTTP value)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\MIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"IconPackager.lnk" - "Stardock Corporation" - C:\Program Files\Stardock\MyColors\IconPackager.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"WDDMStatus.lnk" - "WDC" - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe  (Shortcut exists | File exists)
"WDSmartWare.lnk" - "Western Digital" - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe  (Shortcut exists | File exists)
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"fspuip" - ? - "\FSP\fspuip.exe"  (File not found)
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Hotkey" - ? - C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe  (File found, but it contains no detailed information)
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"PDVD9LanguageShortcut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"skb" - ? - rundll32 "mxakhgcz.dll",,Run
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
"YouCam Mirror Tray icon" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"BullGuard Email Monitoring Service" (BsMailProxy) - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy.dll
"BullGuard File Scan Service" (BsFileScan) - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll
"BullGuard Firewall Service" (BsFire) - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll
"BullGuard LiveUpdate" (BgLiveSvc) - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
"BullGuard Main Service" (BgMainSvc) - "BullGuard Ltd." - C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"Stardock WindowBlinds" (WindowBlinds) - "Stardock Corporation" - C:\Program Files\Stardock\MyColors\VistaSrv.exe
"WD SmartWare Background Service" (WDSmartWareBackgroundService) - "Memeo" - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
"WD SmartWare Drive Manager" (WDDMService) - "WDC" - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"BGLsp" - "BullGuard Ltd." - C:\Windows\system32\BGLsp.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

Avanki · 31.05.2010, 11:16

Mist, finde die blöde disk nicht, hoffe bekomen dasn! evt auch ohne hi

undoreal · 31.05.2010, 11:34

Deaktiviere mit OSAM folgende Einträge:

Zitat:

[Common]
-----( %SystemRoot%\Tasks )-----
"{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job" - ? - C:\Users\SAM\AppData\Local\Temp\Kkc.exe (File not found)
"{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job" - ? - C:\Users\SAM\AppData\Local\Temp\Kkd.exe (File not found)

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"fuodwd" (fuodwd) - ? - C:\Windows\system32\drivers\fuodwd.sys (Hidden registry entry, rootkit activity | File not found)

[Logon]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"skb" - ? - rundll32 "mxakhgcz.dll",,Run

Sag mal hattest du mal Bullguard drauf? Da sind noch super viele Einträge übrig.
Deinstalliere den ganzen Mist bitte indem so vorgehst: http://www.bullguard.com/support/pro...uninstall.aspx
Das Removal Tool findet sich ganz unten auf den Seite.

Zitat:

Mist, finde die blöde disk nicht, hoffe bekomen dasn! evt auch ohne hi

Ohne die Windows CD wird es schwierig die atapi.sys wieder grade zu biegen.

Wäre besser wenn du sie finden würdest.
Ansonsten mache bitte das hier: http://www.trojaner-board.de/82358-t...tml#post640150 und poste uns den Bericht.

Avanki · 31.05.2010, 11:52

Habe alle datein deaktiverit, ging nicht sofort (easyway) Musste einmal runterfahren, hoffe hater gemacht und bullguard habe ich komplett deinstaliert.

mache jetzt den tdsskiller, weil disk ist nicht auffindbar, aber wollt evt. sowieso xp draufmachen wenn system sauber ist

Avanki · 31.05.2010, 11:55

tdsskiller scan hat überall 0 ergeben

undoreal · 31.05.2010, 12:42

Zitat:

tdsskiller scan hat überall 0 ergeben

Das dacht ich mir.

Poste bitte ein neues gmer, HJT und OSAM log.

Avanki · 31.05.2010, 21:24

Hier schomal der osamlog:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:19:15 on 31.05.2010

OS: Windows 7 Starter Edition (Build 7600), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
(Disabled) "{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job" - ? - C:\Users\SAM\AppData\Local\Temp\Kkc.exe  (File not found)
(Disabled) "{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job" - ? - C:\Users\SAM\AppData\Local\Temp\Kkd.exe  (File not found)

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"Profos" (Profos) - ? - C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"ufldypow" (ufldypow) - ? - C:\Users\MIA\AppData\Local\Temp\ufldypow.sys  (Hidden registry entry, rootkit activity | File not found)
(Disabled) "fuodwd" (fuodwd) - ? - C:\Windows\system32\drivers\fuodwd.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1F25C6E4-E60D-421A-863F-D0C76F6AB211} "BullGuard Online-Laufwerk" - ? - C:\Program Files\BullGuard Ltd\BullGuard\BackupShellNamespace.dll  (File not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\MIA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"IconPackager.lnk" - "Stardock Corporation" - C:\Program Files\Stardock\MyColors\IconPackager.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"WDDMStatus.lnk" - "WDC" - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe  (Shortcut exists | File exists)
"WDSmartWare.lnk" - "Western Digital" - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe  (Shortcut exists | File exists)
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"fspuip" - ? - "\FSP\fspuip.exe"  (File not found)
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"Hotkey" - ? - C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe  (File found, but it contains no detailed information)
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"PDVD9LanguageShortcut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
"YouCam Mirror Tray icon" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
(Disabled) "skb" - ? - rundll32 "mxakhgcz.dll",,Run

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"Stardock WindowBlinds" (WindowBlinds) - "Stardock Corporation" - C:\Program Files\Stardock\MyColors\VistaSrv.exe
"WD SmartWare Background Service" (WDSmartWareBackgroundService) - "Memeo" - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
"WD SmartWare Drive Manager" (WDDMService) - "WDC" - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.

Avanki · 31.05.2010, 21:25

Hier der Hijacklog:

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:24:33, on 31.05.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe
C:\Program Files\CyberLink\YouCam\YouCamTray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Pegatron\Hotkey\PHControl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MEDION Deutschland - MEDION International
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Hotkey] C:\Program Files\Pegatron\Hotkey\FastUserSwitching.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [fspuip] "\FSP\fspuip.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: IconPackager.lnk = C:\Program Files\Stardock\MyColors\IconPackager.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen (file missing)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen (file missing) (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\MyColors\VistaSrv.exe

--
End of file - 7980 bytes

--- --- ---

31.05.2010, 10:55	#7
undoreal /// AVZ-Toolkit Guru	TR/Rootkit.Gen in fuodwd.sys 2 Treffer. Bevor wir die bereinigen möchte ich mir etwas angucken: Poste bitte ein OSAM log. Und leg dir schonmal deine Windows CD parat. __________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - Mit Sicherheit durch's Netz Trojaner Board Spenden Konto

TR/Rootkit.Gen in fuodwd.sys

Log-Analyse und Auswertung: TR/Rootkit.Gen in fuodwd.sys