Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
img068438960802010.jpg.scr Troja?

img068438960802010.jpg.scr Troja?


Plagegeister aller Art und deren Bekämpfung: img068438960802010.jpg.scr Troja?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 4 1 2 34
Alt 30.04.2010, 12:25   #1
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
img068438960802010.jpg.scr Troja? - Standard

img068438960802010.jpg.scr Troja?


Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
O2 - BHO: (no name) - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll File not found
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [WindowsUpdateControl] C:\Users\Public\winvcsn.exe File not found
[2010.04.29 19:58:33 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\bhsf.sys
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.05.2010, 17:23   #2
GJM
 
img068438960802010.jpg.scr Troja? - Standard

img068438960802010.jpg.scr Troja?


So hab nun den Logfile

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
C:\Program Files\Search Settings\kb127\SearchSettings.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ecdee021-0d17-467f-a1ff-c7a115230949} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ deleted successfully.
C:\Program Files\free-downloads.net\tbfree.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll moved successfully.
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File C:\Program Files\Search Settings\kb127\SearchSettings.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found.
File C:\Program Files\free-downloads.net\tbfree.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ deleted successfully.
C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ecdee021-0d17-467f-a1ff-c7a115230949} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found.
File downloads.net\tbfree.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ not found.
File C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{ECDEE021-0D17-467F-A1FF-C7A115230949} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ECDEE021-0D17-467F-A1FF-C7A115230949}\ not found.
File downloads.net\tbfree.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
C:\Program Files\SweetIM\Messenger\SweetIM.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsUpdateControl deleted successfully.
File C:\Windows\System32\drivers\bhsf.sys not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: GJM
->Temp folder emptied: 7373260 bytes
->Temporary Internet Files folder emptied: 598882 bytes
->Java cache emptied: 58126347 bytes
->FireFox cache emptied: 99684948 bytes
->Flash cache emptied: 7158 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8405015 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 166,00 mb


OTL by OldTimer - Version 3.2.3.0 log created on 05032010_180731

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Danke für die Hilfe
__________________
Alt 17.05.2010, 18:04   #3
GJM
 
img068438960802010.jpg.scr Troja? - Standard

img068438960802010.jpg.scr Troja?


in wie fern sieht GMER komisch aus?

des andre hab ich ma runter geschmissen
__________________
Alt 03.05.2010, 17:27   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
img068438960802010.jpg.scr Troja? - Standard

img068438960802010.jpg.scr Troja?


Ok, dann mach jetzt CF:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.05.2010, 19:52   #5
GJM
 
img068438960802010.jpg.scr Troja? - Standard

img068438960802010.jpg.scr Troja?


So.
Habs ausgeführt wie beschrieben.
Hier der Log.

ComboFix 10-05-03.06 - GJM 04.05.2010 20:33:19.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1345 [GMT 2:00]
ausgeführt von:: c:\users\GJM\Desktop\cofi.exe
SP: Windows-Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3260949661-3431171585-4215125959-1002
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\windows\icon.ico

.
((((((((((((((((((((((( Dateien erstellt von 2010-04-04 bis 2010-05-04 ))))))))))))))))))))))))))))))
.

2010-05-04 18:42 . 2010-05-04 18:42 -------- d-----w- c:\users\GJM\AppData\Local\temp
2010-05-04 18:42 . 2010-05-04 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-03 16:07 . 2010-05-03 16:07 -------- d-----w- C:\_OTL
2010-04-29 21:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 21:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 15:24 . 2010-04-29 15:24 -------- d-----w- c:\users\GJM\AppData\Roaming\Malwarebytes
2010-04-29 15:24 . 2010-04-29 15:24 -------- d-----w- c:\programdata\Malwarebytes
2010-04-29 15:24 . 2010-05-02 16:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-28 20:59 . 2010-05-04 18:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-28 20:59 . 2010-04-28 21:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-28 17:49 . 2010-04-28 17:49 388096 ----a-r- c:\users\GJM\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-28 17:49 . 2010-04-28 17:49 -------- d-----w- c:\program files\Trend Micro
2010-04-28 16:33 . 2010-04-28 16:33 -------- d-----w- c:\users\GJM\AppData\Roaming\Avira
2010-04-28 16:29 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-28 16:29 . 2009-05-11 10:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-28 16:29 . 2009-05-11 10:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-28 16:29 . 2010-04-28 16:29 -------- d-----w- c:\programdata\Avira
2010-04-28 16:29 . 2010-04-28 16:29 -------- d-----w- c:\program files\Avira
2010-04-28 16:22 . 2010-04-28 16:22 -------- d-----w- c:\program files\CCleaner
2010-04-21 21:08 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-18 10:33 . 2010-04-18 10:33 -------- d-----w- c:\program files\OGG to MP3 Converter
2010-04-16 20:26 . 2010-04-16 20:26 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-04-15 15:39 . 2010-04-15 15:39 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-15 15:39 . 2010-04-15 15:39 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-15 15:39 . 2010-04-15 15:39 57679 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-04-15 15:39 . 2010-04-15 15:39 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-04-15 15:39 . 2010-04-15 15:39 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-15 15:39 . 2010-04-15 15:39 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-04-15 15:39 . 2010-04-15 15:39 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-04-15 15:39 . 2010-04-15 15:39 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-04-15 15:39 . 2010-04-15 15:39 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-04-15 15:38 . 2010-04-15 15:38 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-04-10 14:21 . 2010-04-10 14:21 16361984 ----a-w- c:\windows\system32\imageres.dll
2010-04-10 14:20 . 2010-04-10 14:20 -------- d-----w- c:\programdata\Stardock
2010-04-10 14:19 . 2010-04-10 14:19 -------- d-----w- c:\program files\Common Files\Stardock
2010-04-10 14:19 . 2010-04-10 14:19 -------- d--h--w- c:\programdata\{F0297D39-7A45-442F-AFF5-271488E85934}
2010-04-10 14:19 . 2008-06-20 17:31 2559016 ----a-w- c:\programdata\{F0297D39-7A45-442F-AFF5-271488E85934}\MyColors.exe
2010-04-10 14:19 . 2010-04-10 14:19 -------- d-----w- c:\program files\Stardock

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 18:36 . 2008-02-04 21:39 618204 ----a-w- c:\windows\system32\perfh007.dat
2010-05-04 18:36 . 2008-02-04 21:39 122442 ----a-w- c:\windows\system32\perfc007.dat
2010-05-04 18:30 . 2009-12-14 19:51 -------- d-----w- c:\program files\SolidWorks SolidNetWork License Manager
2010-05-04 15:42 . 2009-02-12 20:34 -------- d-----w- c:\program files\Steam
2010-05-04 15:41 . 2009-12-14 20:01 -------- d-----w- c:\users\GJM\AppData\Roaming\IM
2010-05-03 16:07 . 2008-11-17 23:03 -------- d-----w- c:\program files\free-downloads.net
2010-04-29 21:42 . 2008-04-27 11:29 -------- d-----w- c:\users\GJM\AppData\Roaming\Xfire
2010-04-29 19:27 . 2008-05-29 21:19 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-29 19:26 . 2008-05-29 21:19 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-29 18:01 . 2008-04-27 11:29 -------- d-----w- c:\programdata\Xfire
2010-04-29 17:58 . 2008-04-13 17:42 -------- d-----w- c:\program files\ICQToolbar
2010-04-25 01:06 . 2009-12-19 22:59 -------- d-----w- c:\users\GJM\AppData\Roaming\TS3Client
2010-04-24 14:04 . 2008-04-13 17:42 -------- d-----w- c:\users\GJM\AppData\Roaming\ICQ
2010-04-24 12:47 . 2009-11-29 21:48 -------- d-----w- c:\program files\JDownloader
2010-04-21 21:08 . 2008-02-04 14:06 -------- d-----w- c:\program files\Java
2010-04-20 16:14 . 2008-04-27 11:29 -------- d-----w- c:\program files\Xfire
2010-04-15 15:39 . 2010-03-21 13:10 -------- d-----w- c:\programdata\DivX
2010-04-15 15:39 . 2008-04-07 22:03 -------- d-----w- c:\program files\DivX
2010-04-15 15:38 . 2010-03-21 13:13 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-04-15 15:38 . 2010-03-21 13:13 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-12 15:36 . 2008-02-04 13:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-09 17:56 . 2008-03-20 11:43 5426 ----a-w- c:\users\GJM\AppData\Roaming\wklnhst.dat
2010-04-08 19:34 . 2009-02-12 20:34 -------- d-----w- c:\program files\Common Files\Steam
2010-04-08 10:57 . 2008-05-28 20:14 -------- d-----w- c:\program files\SpeedFan
2010-04-07 06:22 . 2008-05-27 19:54 680 ----a-w- c:\users\GJM\AppData\Local\d3d9caps.dat
2010-03-30 20:23 . 2008-02-04 14:06 -------- d-----w- c:\program files\Common Files\Java
2010-03-27 13:08 . 2008-05-07 14:32 -------- d-----w- c:\users\GJM\AppData\Roaming\DivX
2010-03-24 21:54 . 2009-12-14 20:35 -------- d-----w- c:\users\GJM\AppData\Roaming\SolidWorks
2010-03-24 17:26 . 2010-03-24 17:26 -------- d-----w- c:\program files\SystemRequirementsLab
2010-03-21 13:13 . 2010-03-21 13:13 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-03-21 13:13 . 2010-03-21 13:13 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-03-21 13:12 . 2010-03-21 13:12 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-03-21 13:12 . 2010-03-21 13:12 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-03-21 13:12 . 2010-03-21 13:12 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-03-21 13:12 . 2010-03-21 13:12 54629 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-03-21 13:12 . 2010-03-21 13:12 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-03-21 13:12 . 2010-03-21 13:12 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-03-21 13:12 . 2010-03-21 13:12 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-21 13:12 . 2010-03-21 13:12 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-03-21 13:12 . 2010-03-21 13:12 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-03-21 01:34 . 2008-04-19 09:11 -------- d-----w- c:\program files\eMule
2010-03-21 01:34 . 2008-04-15 15:15 -------- d-----w- c:\programdata\eMule
2010-03-21 01:33 . 2008-02-04 14:12 -------- d-----w- c:\program files\HP Games
2010-03-21 01:33 . 2008-02-04 14:12 -------- d-----w- c:\programdata\WildTangent
2010-03-21 01:31 . 2008-04-13 19:53 -------- d-----w- c:\program files\Sierra
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-20 01:11 . 2010-02-20 01:11 1233160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-16 12:24 . 2009-05-16 00:41 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2008-02-04 22:16 . 2008-02-04 21:41 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"Steam"="c:\program files\steam\steam.exe" [2010-04-27 1238352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 4702208]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe" [2009-03-19 7308584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e7,fd,b0,4f,2a,ee,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3260949661-3431171585-4215125959-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-06-23 717296]
R2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;c:\program files\SolidWorks SolidNetWork License Manager\lmgrd.exe [2007-05-11 1372160]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2007-01-25 4352]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2009-03-19 83240]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-01-25 265088]
R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 zlportio;zlportio;c:\program files\MediaLas\Mamba Black DEMO\zlportio.sys [x]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-25 34384]

.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = fritz.box
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\GJM\AppData\Roaming\Mozilla\Firefox\Profiles\gsjc9dsm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://de.msn.com/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "hxxp://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - (no file)
BHO-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-04 20:42
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3260949661-3431171585-4215125959-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9c,82,22,57,9d,f5,a6,54,73,13,87,d2,23,4a,52,1f,d9,24,ab,80,26,a7,42,
d1,b4,4a,f0,d1,c7,42,60,f6,23,8f,37,dc,37,20,9e,cc,7a,c4,e1,43,e9,44,e8,86,\
"??"=hex:9b,be,e1,0a,49,0d,2e,b2,e2,cb,8e,fe,f8,dd,a7,0d

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6813e9f3-5445-4c54-8457-ec4b7dd04830}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001e8c
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9f98399b-54d1-4569-ab76-4696de168d4a}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d001c4a
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{beca6706-d782-4505-b84f-16ec8552dba2}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001c4a
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{c63b0c6d-b05e-4279-b83a-3c11e53510cb}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10020054
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Zeit der Fertigstellung: 2010-05-04 20:46:24
ComboFix-quarantined-files.txt 2010-05-04 18:46

Vor Suchlauf: 16 Verzeichnis(se), 161.500.053.504 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 161.423.409.152 Bytes frei

- - End Of File - - 9019B2C76D490F4F61E9BF6DA761C36D


Alt 18.05.2010, 18:42   #6
GJM
 
img068438960802010.jpg.scr Troja? - Standard

img068438960802010.jpg.scr Troja?


ok hier der link
hxxp://www.file-upload.net/download-2527237/GMER.txt.html

Alt 04.05.2010, 21:31   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
img068438960802010.jpg.scr Troja? - Standard

img068438960802010.jpg.scr Troja?


Ok. Noch Meldungen?
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.05.2010, 16:03   #8
GJM
 
img068438960802010.jpg.scr Troja? - Standard

img068438960802010.jpg.scr Troja?


Sorry das es so lange gedauert hat
war aber zeitweise nicht zu hause.

Meldungen hab ich bis jetzt keine mehr.

hier der Malewarebytes Log.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4069

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

14.05.2010 16:58:53
mbam-log-2010-05-14 (16-58-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 321497
Laufzeit: 1 Stunde(n), 29 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


und SuperAntiSpyware

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/14/2010 at 03:22 PM

Application Version : 4.37.1000

Core Rules Database Version : 4933
Trace Rules Database Version: 2745

Scan type : Complete Scan
Total Scan Time : 00:43:19

Memory items scanned : 802
Memory threats detected : 0
Registry items scanned : 7744
Registry threats detected : 0
File items scanned : 38705
File threats detected : 2

Adware.Tracking Cookie
C:\Users\GJM\AppData\Roaming\Microsoft\Windows\Cookies\gjm@xfire.adbureau[2].txt
C:\Users\GJM\AppData\Roaming\Microsoft\Windows\Cookies\gjm@atwola[1].txt

Alt 14.05.2010, 16:52   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
img068438960802010.jpg.scr Troja? - Standard

img068438960802010.jpg.scr Troja?


Zitat:
Datenbank Version: 4069
Ähm ich hab extra drauf hingewiesen, dass Du Malwarebytes aktualisieren musst. Jetzt aktuell ist Datenbank 4100 oder sogar schon 4101.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.05.2010, 18:59   #10
videotuner
 
img068438960802010.jpg.scr Troja? - Standard

img068438960802010.jpg.scr Troja?


Zitat:
Zitat von GJM Beitrag anzeigen
mein Problem ist ich habe verdammt teure Lasershow dateien auf dem rechner
jetzt die frage muss alles runter???
dann wären so um die 4000 euro im Eimer und das sind nur die laser-show dateien.
Hast du schon mal was von ABSICHERN gehört? Heutzutage gibt es kleine handliche, meist rechteckige Teile, die man externe Festplatten nennt.

Alt 15.05.2010, 21:08   #11
GJM
 
img068438960802010.jpg.scr Troja? - Standard

img068438960802010.jpg.scr Troja?


@VideoTuner.....
Muss ich dir darauf antworten?
is eigentlich ziehmlich sinnlos dein komment -,-
aber trozdem
Ps:mit den shows is des sichern nicht so einfach wie mit nem bild
aber is jetzt eh zu spät...
@cosinus
wollte gerade mal wieder n Windowsupdate machen und musste feststellen das sich das Windows-Update zwar öffnen lässt aber die seite nicht geladen werden kann.
Absicht? oder is des eher schlecht?

Alt 16.05.2010, 19:01   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
img068438960802010.jpg.scr Troja? - Standard

img068438960802010.jpg.scr Troja?


Zitat:
@VideoTuner.....
Muss ich dir darauf antworten?
is eigentlich ziehmlich sinnlos dein komment -,-
Nein der Videotuner hat da eindeutig recht oder betrachtest Du Backups als sinnlos??

Zitat:
wollte gerade mal wieder n Windowsupdate machen und musste feststellen das sich das Windows-Update zwar öffnen lässt aber die seite nicht geladen werden kann.
Absicht? oder is des eher schlecht?
Ist eigentlich nicht Sinn der Sache. Klappt das Winows-Update bei Dir mittlerweile wieder? Sonst müssten wir wohl nochmal mit GMER und OSAM ran.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.05.2010, 21:01   #13
GJM
 
img068438960802010.jpg.scr Troja? - Standard

img068438960802010.jpg.scr Troja?


So war das nicht gemeint mit der antwort zu Videotuner.
Ich weis das er recht hat.
ist einfach n bissl spät sozusagen^^ und somit nutzlos für mich.
mitlerweile sind alle wichtigen Dateien sogar doppelt gesichert

Die Uptdates gehen immer noch nicht.
Einfach n Leeres Fenster und in der Mitte steht.
Die Seite konnte nicht geladen werden.


ach und bevor ichs vergesse...
wenn jetzt noch was gefunden wird muss ich die Externe platte auch wieder löschen?
hab ja letzt sicherungen gemacht.
Geändert von GJM (16.05.2010 um 21:10 Uhr)

Alt 16.05.2010, 22:02   #14
GJM
 
img068438960802010.jpg.scr Troja? - Standard

img068438960802010.jpg.scr Troja?


OSAM log.

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:57:56 on 16.05.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"akywmzmu" (akywmzmu) - "Microsoft Corporation" - C:\Windows\system32\drivers\akywmzmu.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys
"catchme" (catchme) - ? - C:\Users\GJM\AppData\Local\Temp\catchme.sys  (File not found)
"giveio" (giveio) - ? - C:\Windows\System32\giveio.sys  (File found, but it contains no detailed information)
"GMSIPCI" (GMSIPCI) - ? - E:\INSTALL\GMSIPCI.SYS  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Microsoft IntelliPoint Filter Driver" (Point32) - ? - C:\Windows\System32\DRIVERS\point32k.sys  (File not found)
"pgldqpow" (pgldqpow) - ? - C:\Users\GJM\AppData\Local\Temp\pgldqpow.sys  (Hidden registry entry, rootkit activity | File not found)
"Sentinel" (Sentinel) - ? - C:\Windows\System32\Drivers\SENTINEL.SYS
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Symantec Network Security Intermediate Filter Service" (SymIM) - ? - C:\Windows\System32\DRIVERS\SymIM.sys  (File not found)
"SymIMMP" (SymIMMP) - ? - C:\Windows\System32\DRIVERS\SymIM.sys  (File not found)
"zlportio" (zlportio) - ? - C:\Program Files\MediaLas\Mamba Black DEMO\zlportio.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{7D4D6379-F301-4311-BEBA-E26EB0561882} "{7D4D6379-F301-4311-BEBA-E26EB0561882}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\Web Components\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{6A921E8A-C58C-4941-9E71-7946D9DCE941} "CSolidworkPropertyStore Class" - "Dassault Systèmes SolidWorks Corp." - C:\Program Files\SolidWorks Corp\SolidWorks\sldpropertyhandler.dll
{21D928D4-4850-45E3-9982-AD57051ECD42} "EdrawingThumbNailProvider Class" - "Dassault Systèmes SolidWorks Corp." - C:\Program Files\Common Files\eDrawings2009\edrwthumbnailprovider.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler" - ? -   (File not found | COM-object registry key not found)
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler" - ? -   (File not found | COM-object registry key not found)
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{72670837-AA64-4C1D-AB58-A9D9D31A1216} "Solidworks Document Thumbnail Handler" - "Dassault Systèmes SolidWorks Corp." - C:\Program Files\SolidWorks Corp\SolidWorks\sldthumbnailprovider.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)
Sldworks Shell Extension "{3AFCEAFB-FFC5-403D-AD33-5914AB4B7ECC}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" - ? -   (File not found | COM-object registry key not found)
{6D023EBF-70B8-45A6-9ED5-556515FA0FE4} "{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}" - ? -   (File not found | COM-object registry key not found)
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" - ? -   (File not found | COM-object registry key not found)
{EEE6C35C-6118-11DC-9C72-001320C79847} "{EEE6C35C-6118-11DC-9C72-001320C79847}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\GJM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"Steam" - "Valve Corporation" - "c:\program files\steam\steam.exe" -silent
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"HP Software Update" - "Hewlett-Packard" - c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"KBD" - ? - C:\HP\KBD\KbdStub.EXE  (File found, but it contains no detailed information)
"OsdMaestro" - "OsdMaestro" - "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
"SolidWorks_CheckForUpdates" - "Dassault Systèmes SolidWorks Corp." - "C:\Program Files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe" /scheduler
"StartCCC" - ? - "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"  (File found, but it contains no detailed information)
"SunJavaUpdateReg" - "Sun Microsystems, Inc." - "C:\Windows\system32\jureg.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"SolidWorks Licensing Service" (SolidWorks Licensing Service) - "SolidWorks" - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
"SolidWorks SolidNetWork License Manager" (SolidWorks SolidNetWork License Manager) - "Macrovision Corporation" - C:\Program Files\SolidWorks SolidNetWork License Manager\lmgrd.exe
"Stardock WindowBlinds" (WindowBlinds) - "Stardock Corporation" - C:\Program Files\Stardock\MyColors\VistaSrv.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"SW Distributed TS Coordinator Service" (CoordinatorServiceHost) - "Dassault Systèmes SolidWorks Corp." - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
"UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Alt 16.05.2010, 22:03   #15
GJM
 
img068438960802010.jpg.scr Troja? - Standard

img068438960802010.jpg.scr Troja?


GMER die erste.

Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-16 22:43:27
Windows 6.0.6002 Service Pack 2
Running: jc4rxwge.exe; Driver: C:\Users\GJM\AppData\Local\Temp\pgldqpow.sys


---- System - GMER 1.0.15 ----

SSDT                                                                                                                                  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                  ZwCreateKey [0x8221EFE2]
SSDT                                                                                                                                  \SystemRoot\system32\ntkrnlpa.exe[unknown section] [8221EFE2]                                                                                                 ZwCreateKey [0x8221EFE2]
SSDT                                                                                                                                  \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)                                                                                  ZwOpenKey [0x8221EFE7]
SSDT                                                                                                                                  \SystemRoot\system32\ntkrnlpa.exe[unknown section] [8221EFE7]                                                                                                 ZwOpenKey [0x8221EFE7]

INT 0x03                                                                                                                              \SystemRoot\system32\ntkrnlpa.exe[unknown section]                                                                                                            8221EFEC
INT 0x51                                                                                                                              ?                                                                                                                                                             850F4BF8
INT 0x52                                                                                                                              ?                                                                                                                                                             86DC7CA0
INT 0x62                                                                                                                              ?                                                                                                                                                             850F3BF8
INT 0x72                                                                                                                              ?                                                                                                                                                             850F3BF8
INT 0x82                                                                                                                              ?                                                                                                                                                             850F4BF8
INT 0x83                                                                                                                              ?                                                                                                                                                             86DC7CA0

---- Kernel code sections - GMER 1.0.15 ----

.text                                                                                                                                 ntkrnlpa.exe!KeSetEvent + 1E9                                                                                                                                 822CA92C 3 Bytes  [E2, EF, 21]
.text                                                                                                                                 ntkrnlpa.exe!KeSetEvent + 3DD                                                                                                                                 822CAB20 3 Bytes  [E7, EF, 21]
?                                                                                                                                     System32\Drivers\spfz.sys                                                                                                                                     Das System kann den angegebenen Pfad nicht finden. !
.text                                                                                                                                 USBPORT.SYS!DllUnload                                                                                                                                         8859041B 5 Bytes  JMP 86DC7280 
.text                                                                                                                                 akywmzmu.SYS                                                                                                                                                  8D0BA000 22 Bytes  [82, E3, 5D, 82, 6C, E2, 5D, ...]
.text                                                                                                                                 akywmzmu.SYS                                                                                                                                                  8D0BA017 159 Bytes  [00, 32, 67, 71, 80, 3D, 65, ...]
.text                                                                                                                                 akywmzmu.SYS                                                                                                                                                  8D0BA0B7 22 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text                                                                                                                                 akywmzmu.SYS                                                                                                                                                  8D0BA0CE 80 Bytes  [00, 00, 26, 00, 00, 00, E0, ...]
.text                                                                                                                                 akywmzmu.SYS                                                                                                                                                  8D0BA11F 194 Bytes  [7E, 38, 40, 39, 82, 3B, C4, ...]
.text                                                                                                                                 ...                                                                                                                                                           
.text                                                                                                                                 C:\Windows\system32\drivers\aksfridge.sys                                                                                                                     section is writeable [0x9B00E000, 0x48011, 0xE0000020]
.init                                                                                                                                 C:\Windows\system32\drivers\aksfridge.sys                                                                                                                     entry point in ".init" section [0x9B063224]
.init                                                                                                                                 C:\Windows\system32\drivers\aksfridge.sys                                                                                                                     unknown last code section [0x9B063000, 0x4000, 0xE20000E0]
.text                                                                                                                                 C:\Windows\system32\drivers\hardlock.sys                                                                                                                      section is writeable [0x9B067400, 0x6E1B2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9B0F1220]  C:\Windows\system32\drivers\hardlock.sys                                                                                                                      entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9B0F1220]
.protectÿÿÿÿhardlockunknown last code section [0x9B0F1000, 0x50EA, 0xE0000020]                                                        C:\Windows\system32\drivers\hardlock.sys                                                                                                                      unknown last code section [0x9B0F1000, 0x50EA, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text                                                                                                                                 C:\Users\GJM\Desktop\jc4rxwge.exe[224] USER32.dll!SetWindowPlacement                                                                                          75937963 5 Bytes  JMP 6602A82F C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Users\GJM\Desktop\jc4rxwge.exe[224] USER32.dll!MoveWindow                                                                                                  7593989F 5 Bytes  JMP 6602AB2A C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Users\GJM\Desktop\jc4rxwge.exe[224] USER32.dll!SetWindowPos                                                                                                759435E3 5 Bytes  JMP 6602AC79 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Users\GJM\Desktop\jc4rxwge.exe[224] USER32.dll!DeferWindowPos                                                                                              7594467F 5 Bytes  JMP 6602A1D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Users\GJM\Desktop\jc4rxwge.exe[224] USER32.dll!EndPaint                                                                                                    7594A28F 5 Bytes  JMP 66002ADD C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Users\GJM\Desktop\jc4rxwge.exe[224] USER32.dll!BeginPaint                                                                                                  7594A2A3 5 Bytes  JMP 66002AE2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Users\GJM\Desktop\jc4rxwge.exe[224] USER32.dll!GetWindowRect                                                                                               75950E21 5 Bytes  JMP 6602ADEB C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Users\GJM\Desktop\jc4rxwge.exe[224] USER32.dll!GetWindowPlacement                                                                                          759638E3 5 Bytes  JMP 6602A980 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\wuauclt.exe[636] USER32.dll!SetWindowPlacement                                                                                            75937963 5 Bytes  JMP 6602A82F C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\wuauclt.exe[636] USER32.dll!MoveWindow                                                                                                    7593989F 5 Bytes  JMP 6602AB2A C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\wuauclt.exe[636] USER32.dll!SetWindowPos                                                                                                  759435E3 5 Bytes  JMP 6602AC79 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\wuauclt.exe[636] USER32.dll!DeferWindowPos                                                                                                7594467F 5 Bytes  JMP 6602A1D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\wuauclt.exe[636] USER32.dll!EndPaint                                                                                                      7594A28F 5 Bytes  JMP 66002ADD C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\wuauclt.exe[636] USER32.dll!BeginPaint                                                                                                    7594A2A3 5 Bytes  JMP 66002AE2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\wuauclt.exe[636] USER32.dll!GetWindowRect                                                                                                 75950E21 5 Bytes  JMP 6602ADEB C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\wuauclt.exe[636] USER32.dll!GetWindowPlacement                                                                                            759638E3 5 Bytes  JMP 6602A980 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\ehome\ehmsas.exe[808] USER32.dll!SetWindowPlacement                                                                                                75937963 5 Bytes  JMP 6602A82F C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\ehome\ehmsas.exe[808] USER32.dll!MoveWindow                                                                                                        7593989F 5 Bytes  JMP 6602AB2A C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\ehome\ehmsas.exe[808] USER32.dll!SetWindowPos                                                                                                      759435E3 5 Bytes  JMP 6602AC79 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\ehome\ehmsas.exe[808] USER32.dll!DeferWindowPos                                                                                                    7594467F 5 Bytes  JMP 6602A1D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\ehome\ehmsas.exe[808] USER32.dll!EndPaint                                                                                                          7594A28F 5 Bytes  JMP 66002ADD C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\ehome\ehmsas.exe[808] USER32.dll!BeginPaint                                                                                                        7594A2A3 5 Bytes  JMP 66002AE2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\ehome\ehmsas.exe[808] USER32.dll!GetWindowRect                                                                                                     75950E21 5 Bytes  JMP 6602ADEB C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\ehome\ehmsas.exe[808] USER32.dll!GetWindowPlacement                                                                                                759638E3 5 Bytes  JMP 6602A980 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Windows Defender\MSASCui.exe[3008] USER32.dll!SetWindowPlacement                                                                             75937963 5 Bytes  JMP 6602A82F C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Windows Defender\MSASCui.exe[3008] USER32.dll!MoveWindow                                                                                     7593989F 5 Bytes  JMP 6602AB2A C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Windows Defender\MSASCui.exe[3008] USER32.dll!SetWindowPos                                                                                   759435E3 5 Bytes  JMP 6602AC79 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Windows Defender\MSASCui.exe[3008] USER32.dll!DeferWindowPos                                                                                 7594467F 5 Bytes  JMP 6602A1D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Windows Defender\MSASCui.exe[3008] USER32.dll!EndPaint                                                                                       7594A28F 5 Bytes  JMP 66002ADD C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Windows Defender\MSASCui.exe[3008] USER32.dll!BeginPaint                                                                                     7594A2A3 5 Bytes  JMP 66002AE2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Windows Defender\MSASCui.exe[3008] USER32.dll!GetWindowRect                                                                                  75950E21 5 Bytes  JMP 6602ADEB C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Windows Defender\MSASCui.exe[3008] USER32.dll!GetWindowPlacement                                                                             759638E3 5 Bytes  JMP 6602A980 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe[3208] USER32.dll!SetWindowPlacement                               75937963 5 Bytes  JMP 6602A82F C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe[3208] USER32.dll!MoveWindow                                       7593989F 5 Bytes  JMP 6602AB2A C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe[3208] USER32.dll!SetWindowPos                                     759435E3 5 Bytes  JMP 6602AC79 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe[3208] USER32.dll!DeferWindowPos                                   7594467F 5 Bytes  JMP 6602A1D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe[3208] USER32.dll!EndPaint                                         7594A28F 5 Bytes  JMP 66002ADD C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe[3208] USER32.dll!BeginPaint                                       7594A2A3 5 Bytes  JMP 66002AE2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe[3208] USER32.dll!GetWindowRect                                    75950E21 5 Bytes  JMP 6602ADEB C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Common Files\SolidWorks Installations-Manager\Scheduler\sldIMScheduler.exe[3208] USER32.dll!GetWindowPlacement                               759638E3 5 Bytes  JMP 6602A980 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3216] USER32.dll!SetWindowPlacement                                                                      75937963 5 Bytes  JMP 6602A82F C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3216] USER32.dll!MoveWindow                                                                              7593989F 5 Bytes  JMP 6602AB2A C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3216] USER32.dll!SetWindowPos                                                                            759435E3 5 Bytes  JMP 6602AC79 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3216] USER32.dll!DeferWindowPos                                                                          7594467F 5 Bytes  JMP 6602A1D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3216] USER32.dll!EndPaint                                                                                7594A28F 5 Bytes  JMP 66002ADD C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3216] USER32.dll!BeginPaint                                                                              7594A2A3 5 Bytes  JMP 66002AE2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3216] USER32.dll!GetWindowRect                                                                           75950E21 5 Bytes  JMP 6602ADEB C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3216] USER32.dll!GetWindowPlacement                                                                      759638E3 5 Bytes  JMP 6602A980 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\RtHDVCpl.exe[3220] USER32.dll!SetWindowPlacement                                                                                                   75937963 5 Bytes  JMP 6602A82F C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\RtHDVCpl.exe[3220] USER32.dll!MoveWindow                                                                                                           7593989F 5 Bytes  JMP 6602AB2A C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\RtHDVCpl.exe[3220] USER32.dll!SetWindowPos                                                                                                         759435E3 5 Bytes  JMP 6602AC79 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\RtHDVCpl.exe[3220] USER32.dll!DeferWindowPos                                                                                                       7594467F 5 Bytes  JMP 6602A1D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\RtHDVCpl.exe[3220] USER32.dll!EndPaint                                                                                                             7594A28F 5 Bytes  JMP 66002ADD C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\RtHDVCpl.exe[3220] USER32.dll!BeginPaint                                                                                                           7594A2A3 5 Bytes  JMP 66002AE2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\RtHDVCpl.exe[3220] USER32.dll!GetWindowRect                                                                                                        75950E21 5 Bytes  JMP 6602ADEB C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\RtHDVCpl.exe[3220] USER32.dll!GetWindowPlacement                                                                                                   759638E3 5 Bytes  JMP 6602A980 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\schtasks.exe[3236] USER32.dll!SetWindowPlacement                                                                                          75937963 5 Bytes  JMP 6602A82F C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\schtasks.exe[3236] USER32.dll!MoveWindow                                                                                                  7593989F 5 Bytes  JMP 6602AB2A C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\schtasks.exe[3236] USER32.dll!SetWindowPos                                                                                                759435E3 5 Bytes  JMP 6602AC79 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\schtasks.exe[3236] USER32.dll!DeferWindowPos                                                                                              7594467F 5 Bytes  JMP 6602A1D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\schtasks.exe[3236] USER32.dll!EndPaint                                                                                                    7594A28F 5 Bytes  JMP 66002ADD C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\schtasks.exe[3236] USER32.dll!BeginPaint                                                                                                  7594A2A3 5 Bytes  JMP 66002AE2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\schtasks.exe[3236] USER32.dll!GetWindowRect                                                                                               75950E21 5 Bytes  JMP 6602ADEB C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\schtasks.exe[3236] USER32.dll!GetWindowPlacement                                                                                          759638E3 5 Bytes  JMP 6602A980 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[3336] USER32.dll!SetWindowPlacement                                                          75937963 5 Bytes  JMP 6602A82F C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[3336] USER32.dll!MoveWindow                                                                  7593989F 5 Bytes  JMP 6602AB2A C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[3336] USER32.dll!SetWindowPos                                                                759435E3 5 Bytes  JMP 6602AC79 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[3336] USER32.dll!DeferWindowPos                                                              7594467F 5 Bytes  JMP 6602A1D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[3336] USER32.dll!EndPaint                                                                    7594A28F 5 Bytes  JMP 66002ADD C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[3336] USER32.dll!BeginPaint                                                                  7594A2A3 5 Bytes  JMP 66002AE2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[3336] USER32.dll!GetWindowRect                                                               75950E21 5 Bytes  JMP 6602ADEB C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[3336] USER32.dll!GetWindowPlacement                                                          759638E3 5 Bytes  JMP 6602A980 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] USER32.dll!SetWindowPlacement                                                                75937963 5 Bytes  JMP 6602A82F C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] USER32.dll!MoveWindow                                                                        7593989F 5 Bytes  JMP 6602AB2A C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] USER32.dll!SetWindowPos                                                                      759435E3 5 Bytes  JMP 6602AC79 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] USER32.dll!DeferWindowPos                                                                    7594467F 5 Bytes  JMP 6602A1D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] USER32.dll!EndPaint                                                                          7594A28F 5 Bytes  JMP 66002ADD C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] USER32.dll!BeginPaint                                                                        7594A2A3 5 Bytes  JMP 66002AE2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] USER32.dll!GetWindowRect                                                                     75950E21 5 Bytes  JMP 6602ADEB C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Common Files\Java\Java Update\jusched.exe[3380] USER32.dll!GetWindowPlacement                                                                759638E3 5 Bytes  JMP 6602A980 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\System32\wpcumi.exe[3392] USER32.dll!SetWindowPlacement                                                                                            75937963 5 Bytes  JMP 6602A82F C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\System32\wpcumi.exe[3392] USER32.dll!MoveWindow                                                                                                    7593989F 5 Bytes  JMP 6602AB2A C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\System32\wpcumi.exe[3392] USER32.dll!SetWindowPos                                                                                                  759435E3 5 Bytes  JMP 6602AC79 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\System32\wpcumi.exe[3392] USER32.dll!DeferWindowPos                                                                                                7594467F 5 Bytes  JMP 6602A1D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\System32\wpcumi.exe[3392] USER32.dll!EndPaint                                                                                                      7594A28F 5 Bytes  JMP 66002ADD C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\System32\wpcumi.exe[3392] USER32.dll!BeginPaint                                                                                                    7594A2A3 5 Bytes  JMP 66002AE2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\System32\wpcumi.exe[3392] USER32.dll!GetWindowRect                                                                                                 75950E21 5 Bytes  JMP 6602ADEB C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\System32\wpcumi.exe[3392] USER32.dll!GetWindowPlacement                                                                                            759638E3 5 Bytes  JMP 6602A980 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Windows Media Player\wmpnscfg.exe[3480] USER32.dll!SetWindowPlacement                                                                        75937963 5 Bytes  JMP 6602A82F C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Windows Media Player\wmpnscfg.exe[3480] USER32.dll!MoveWindow                                                                                7593989F 5 Bytes  JMP 6602AB2A C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Windows Media Player\wmpnscfg.exe[3480] USER32.dll!SetWindowPos                                                                              759435E3 5 Bytes  JMP 6602AC79 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Windows Media Player\wmpnscfg.exe[3480] USER32.dll!DeferWindowPos                                                                            7594467F 5 Bytes  JMP 6602A1D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Windows Media Player\wmpnscfg.exe[3480] USER32.dll!EndPaint                                                                                  7594A28F 5 Bytes  JMP 66002ADD C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Windows Media Player\wmpnscfg.exe[3480] USER32.dll!BeginPaint                                                                                7594A2A3 5 Bytes  JMP 66002AE2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Windows Media Player\wmpnscfg.exe[3480] USER32.dll!GetWindowRect                                                                             75950E21 5 Bytes  JMP 6602ADEB C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Program Files\Windows Media Player\wmpnscfg.exe[3480] USER32.dll!GetWindowPlacement                                                                        759638E3 5 Bytes  JMP 6602A980 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\ehome\ehtray.exe[3516] USER32.dll!SetWindowPlacement                                                                                               75937963 5 Bytes  JMP 6602A82F C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\ehome\ehtray.exe[3516] USER32.dll!MoveWindow                                                                                                       7593989F 5 Bytes  JMP 6602AB2A C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\ehome\ehtray.exe[3516] USER32.dll!SetWindowPos                                                                                                     759435E3 5 Bytes  JMP 6602AC79 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\ehome\ehtray.exe[3516] USER32.dll!DeferWindowPos                                                                                                   7594467F 5 Bytes  JMP 6602A1D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\ehome\ehtray.exe[3516] USER32.dll!EndPaint                                                                                                         7594A28F 5 Bytes  JMP 66002ADD C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\ehome\ehtray.exe[3516] USER32.dll!BeginPaint                                                                                                       7594A2A3 5 Bytes  JMP 66002AE2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\ehome\ehtray.exe[3516] USER32.dll!GetWindowRect                                                                                                    75950E21 5 Bytes  JMP 6602ADEB C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\ehome\ehtray.exe[3516] USER32.dll!GetWindowPlacement                                                                                               759638E3 5 Bytes  JMP 6602A980 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3668] USER32.dll!SetWindowPlacement                                                             75937963 5 Bytes  JMP 6602A82F C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3668] USER32.dll!MoveWindow                                                                     7593989F 5 Bytes  JMP 6602AB2A C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3668] USER32.dll!SetWindowPos                                                                   759435E3 5 Bytes  JMP 6602AC79 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3668] USER32.dll!DeferWindowPos                                                                 7594467F 5 Bytes  JMP 6602A1D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3668] USER32.dll!EndPaint                                                                       7594A28F 5 Bytes  JMP 66002ADD C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3668] USER32.dll!BeginPaint                                                                     7594A2A3 5 Bytes  JMP 66002AE2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3668] USER32.dll!GetWindowRect                                                                  75950E21 5 Bytes  JMP 6602ADEB C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3668] USER32.dll!GetWindowPlacement                                                             759638E3 5 Bytes  JMP 6602A980 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\taskeng.exe[3720] USER32.dll!SetWindowPlacement                                                                                           75937963 5 Bytes  JMP 6602A82F C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\taskeng.exe[3720] USER32.dll!MoveWindow                                                                                                   7593989F 5 Bytes  JMP 6602AB2A C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\taskeng.exe[3720] USER32.dll!SetWindowPos                                                                                                 759435E3 5 Bytes  JMP 6602AC79 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\taskeng.exe[3720] USER32.dll!DeferWindowPos                                                                                               7594467F 5 Bytes  JMP 6602A1D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\taskeng.exe[3720] USER32.dll!EndPaint                                                                                                     7594A28F 5 Bytes  JMP 66002ADD C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\taskeng.exe[3720] USER32.dll!BeginPaint                                                                                                   7594A2A3 5 Bytes  JMP 66002AE2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\taskeng.exe[3720] USER32.dll!GetWindowRect                                                                                                75950E21 5 Bytes  JMP 6602ADEB C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\taskeng.exe[3720] USER32.dll!GetWindowPlacement                                                                                           759638E3 5 Bytes  JMP 6602A980 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\conime.exe[3768] USER32.dll!SetWindowPlacement                                                                                            75937963 5 Bytes  JMP 6602A82F C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\conime.exe[3768] USER32.dll!MoveWindow                                                                                                    7593989F 5 Bytes  JMP 6602AB2A C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\conime.exe[3768] USER32.dll!SetWindowPos                                                                                                  759435E3 5 Bytes  JMP 6602AC79 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\conime.exe[3768] USER32.dll!DeferWindowPos                                                                                                7594467F 5 Bytes  JMP 6602A1D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\conime.exe[3768] USER32.dll!EndPaint                                                                                                      7594A28F 5 Bytes  JMP 66002ADD C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\conime.exe[3768] USER32.dll!BeginPaint                                                                                                    7594A2A3 5 Bytes  JMP 66002AE2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\conime.exe[3768] USER32.dll!GetWindowRect                                                                                                 75950E21 5 Bytes  JMP 6602ADEB C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\system32\conime.exe[3768] USER32.dll!GetWindowPlacement                                                                                            759638E3 5 Bytes  JMP 6602A980 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\Explorer.EXE[3908] USER32.dll!SetWindowPlacement                                                                                                   75937963 5 Bytes  JMP 6602A82F C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\Explorer.EXE[3908] USER32.dll!MoveWindow                                                                                                           7593989F 5 Bytes  JMP 6602AB2A C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\Explorer.EXE[3908] USER32.dll!SetWindowPos                                                                                                         759435E3 5 Bytes  JMP 6602AC79 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)
.text                                                                                                                                 C:\Windows\Explorer.EXE[3908] USER32.dll!DeferWindowPos                                                                                                       7594467F 5 Bytes  JMP 6602A1D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds (Vista 32 bit)/Stardock Corporation)

Antwort
Seite 2 von 4 1 2 34

Themen zu img068438960802010.jpg.scr Troja?
.jpg.scr, ausgeführt, datei, dateien, eimer, erfahrung, euro, frage, freund, gesuch, gesucht, google, helft, link, nicht öffnen, ordner, problem, runter, teure, troja, trojas, verdammt, wenig, öffnen


« Windows blockiert, Antivir findet Ransom.EJ.10 in firefox exe und woanders | Trojaner: PSW.Generic9.RDX in services.exe (908) »


Ähnliche Themen: img068438960802010.jpg.scr Troja?


  1. troja fakems und firefox keine rückmeldung
    Log-Analyse und Auswertung - 16.12.2012 (15)
  2. BKA Virus Troja windows xp
    Plagegeister aller Art und deren Bekämpfung - 10.08.2011 (1)
  3. 100 tan troja
    Log-Analyse und Auswertung - 06.07.2011 (7)
  4. troja.win.32.generic!sb.0
    Log-Analyse und Auswertung - 24.09.2010 (12)
  5. AW: img068438960802010.jpg.scr Troja?
    Mülltonne - 29.04.2010 (0)
  6. Troja.JS.Redirector.ar - bin völlig verzweifelt...
    Plagegeister aller Art und deren Bekämpfung - 25.01.2010 (5)
  7. Troja
    Log-Analyse und Auswertung - 13.07.2009 (11)
  8. win32.troja-gen im System gemeldet
    Log-Analyse und Auswertung - 28.10.2008 (10)
  9. win32.troja-gen gefunden
    Mülltonne - 28.10.2008 (0)
  10. Troja fällt!?
    Log-Analyse und Auswertung - 20.07.2008 (0)
  11. VTSQO.dll, troja.win32.inject, virtumonde
    Plagegeister aller Art und deren Bekämpfung - 27.12.2007 (0)
  12. Besuch aus Troja
    Log-Analyse und Auswertung - 13.06.2007 (2)
  13. Troja ist da - bitte Hilfe!
    Log-Analyse und Auswertung - 07.05.2006 (18)
  14. Troja.popuper
    Plagegeister aller Art und deren Bekämpfung - 20.09.2005 (1)
  15. Troja befall
    Plagegeister aller Art und deren Bekämpfung - 30.06.2005 (2)
  16. Einstand/Troja liegt nicht in Asche!!
    Log-Analyse und Auswertung - 26.03.2005 (22)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema img068438960802010.jpg.scr Troja? - Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code: Alles auswählen Aufklappen ATTFilter :OTL IE - - img068438960802010.jpg.scr Troja?...
Archiv
Du betrachtest: img068438960802010.jpg.scr Troja? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131